Commit graph

6841 commits

Author SHA1 Message Date
Mikael Kanstrup
8518326b22 Add some missing driver flags strings
New WPA_DRIVER_FLAGS have been added but corresponding lookup
strings for driver_flags command were never added. Add the
missing strings.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2018-05-31 13:03:54 +03:00
Markus Theil
b375b04b67 WNM: Fix time_zone advertisement without time_zone configuration
If time_advertisement=2 is included in hostapd configuration, but
time_zone is unset, the previous implementation tried to write the Time
Zone element into management frames. This resulted in segmentation fault
when trying to dereference a NULL pointer. Fix that by skipping addition
of this element when time_zone parameter is not set.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2018-05-31 12:53:43 +03:00
Peter Oh
0928b62944 nl80211: Allow mesh interface to send channel switch request
Add mesh type to nl80211 channel switch request, so mesh is able to send
the request to kernel drivers.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2018-05-31 12:16:03 +03:00
Jouni Malinen
f5a602168f HS 2.0: Allow OSEN connection to be used in an RSN BSS
This allows a single BSS/SSID to be used for both data connection and
OSU. In wpa_supplicant configuration, the current proto=OSEN
key_mgmt=OSEN combination is now allowing both the old separate OSEN
BSS/IE and the new RSN-OSEN to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-29 23:34:22 +03:00
Jouni Malinen
8d660a4bac HS 2.0: Allow OSEN connection to be enabled in an RSN BSS
This allows a single BSS/SSID to be used for both data connection and
OSU. Instead of hostapd configuration osen=1, wpa_key_mgmt=OSEN (or more
likely, wpa_key_mgmt=WPA-EAP OSEN) is used to enable this new option.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-29 23:34:22 +03:00
xiaofeis
0fe3ede0a4 macsec_qca: Fix byte order of TX SCI port
Before calling HW macsec driver API, be_to_host16() should be used to
reverse the SCI port byte order. This was broken as part of the mka API
changes.

Fixes: 8ebfc7c2ba ("mka: Pass full structures down to macsec drivers' transmit SC ops")
Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-05-28 22:17:58 +03:00
Dan Harkins
22ac3dfebf EAP-pwd: Mask timing of PWE derivation
Run through the hunting-and-pecking loop 40 times to mask the time
necessary to find PWE. The odds of PWE not being found in 40 loops is
roughly 1 in 1 trillion.

Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-28 22:15:15 +03:00
Dan Harkins
b8acd50114 EAP-pwd peer: Add SHA512 hash based salt mechanism
Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-28 22:09:20 +03:00
Dan Harkins
fb3675848c EAP-pwd peer: Add SHA256 hash based salt mechanism
Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-28 22:09:20 +03:00
Dan Harkins
7ef8adc7d8 EAP-pwd peer: Add SHA-1 hash based salt mechanism
Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-28 22:09:20 +03:00
Jouni Malinen
7280723fbf EAP-pwd peer: Check for unexpected state for ID exchange
Aborty processing if ID exchange processing is entered twice
unexpectedly. This avoids memory leaks in the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-28 22:09:20 +03:00
Dan Harkins
44136f6ca2 EAP-pwd peer: Add support for salted password databases
These changes add support for salted password databases to EAP-pwd per
RFC 8146. This commits introduces the framework for enabling this and
the actual salting mechanisms are introduced in the following commits.

Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-28 22:09:20 +03:00
Dan Harkins
0744e303cf EAP-pwd peer: Move PWE derivation to commit exchange
There is no need to do this during the ID exchange, so move PWE
deriation into the following commit exchange in preparation for adding
support for salted passwords.

Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-28 22:09:20 +03:00
Dan Harkins
d52ead3db7 EAP-pwd server: Add support for salted password databases
These changes add support for salted password databases to EAP-pwd per
RFC 8146. This commits introduces the framework for enabling this and
the salting mechanisms based on SHA-1, SHA256, and SHA512 hash
algorithms.

Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-28 22:08:51 +03:00
Dan Harkins
a8712ce5b3 EAP-pwd: Pre-processing method definitions from RFC 8146
Add new password pre-processing method definitions in preparation for
salted passwords with EAP-pwd.

Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-28 17:15:07 +03:00
Dan Harkins
2a5c291881 EAP-pwd: Move EC group initialization to earlier step
This is needed for adding support for salted passwords.

Signed-off-by: Dan Harkins <dharkins@lounge.org>
2018-05-28 17:15:07 +03:00
Sachin Ahuja
b829e4b694 Add a QCA vendor command attribute to enable/disable GTX
This commit adds a new vendor command attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_GTX in
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to enable/disable green
Tx power saving feature.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-24 18:47:48 +03:00
Lior David
91db940ff0 fst: Fix compile error in fst_ctrl_aux.h with C++ compilers
Move enum fst_reason to be a top level type, since it is used as
argument in the function fst_reason_name() and having it as nested
type caused a compile error when fst_ctrl_aux.h was included from
a C++ source file.

Signed-off-by: Lior David <liord@codeaurora.org>
2018-05-21 17:47:03 +03:00
Jouni Malinen
9be19d0b9c SAE: Add support for using the optional Password Identifier
This extends the SAE implementation in both infrastructure and mesh BSS
cases to allow an optional Password Identifier to be used. This uses the
mechanism added in P802.11REVmd/D1.0. The Password Identifier is
configured in a wpa_supplicant network profile as a new string parameter
sae_password_id. In hostapd configuration, the existing sae_password
parameter has been extended to allow the password identifier (and also a
peer MAC address) to be set. In addition, multiple sae_password entries
can now be provided to hostapd to allow multiple per-peer and
per-identifier passwords to be set.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-19 17:30:29 +03:00
Naveen Rawat
4e47eec5a9 Add QCA NAN vendor attributes to provide IPv6 information
Add NAN attributes to communicate IPv6 address, port, and protocol
between wifihal and host driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-17 22:10:15 +03:00
Jouni Malinen
9973129646 wolfSSL: Fix crypto_bignum_rshift() wrapper
The n argument to this function is number of bits, not bytes, to shift.
As such, need to use mp_rshb() instead of mp_rshd(). This fixes EAP-pwd
with P-521 curve.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-17 22:02:02 +03:00
Sean Parkinson
4b2e03c42a wolfSSL: DH initialization to call TEST_FAIL() for error tests
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-17 20:08:22 +03:00
Sean Parkinson
2b01270c8a wolfSSL: Fix ECDH set peer to use the index when importing point
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-17 20:08:15 +03:00
Sathishkumar Muruganandam
bda9c08596 hostapd: Fix CHAN_SWITCH command for VHT20 and VHT40
Previously, hostapd CHAN_SWITCH command did not effect VHT configuration
for the following:

When VHT is currently disabled (ieee80211ac=0),

1. hostapd_cli -p /var/run/hostapd chan_switch 10 5180 \
                sec_channel_offset=1 center_freq1=5190 bandwidth=40 ht

====> Comes up in HT40

2. hostapd_cli -p /var/run/hostapd chan_switch 10 5765 \
                sec_channel_offset=-1 center_freq1=5775 bandwidth=40 vht

====> Comes up in HT40

3. hostapd_cli -p /var/run/hostapd chan_switch 10 5200 center_freq1=5200 \
                                                  bandwidth=20 vht

====> Comes up in HT20

When VHT is currently enabled (ieee80211ac=1),

1. hostapd_cli -p /var/run/hostapd chan_switch 10 5180 \
                sec_channel_offset=1 center_freq1=5190 bandwidth=40 ht

====> Comes up in VHT40

2. hostapd_cli -p /var/run/hostapd chan_switch 10 5200 center_freq1=5200 \
                                                  bandwidth=20 ht

====> Comes up in VHT20

This is since VHT config from chan_switch is processed only for
bandwidths 80 and above (80P80, 160) and for VHT20, VHT40 cases, only
NLA chan type and chan width are updated.

There is no NL attribute for determining if it is HT or VHT for
bandwidths 20 & 40 and currently they are updated as HT20, HT40 (+ or -
depending on offset). Same is notified back via
NL80211_CMD_CH_SWITCH_NOTIFY.

Instead of adding new NL attribute for tracking HT/VHT enabled config,
we are adding new hostapd VHT config parameter to save the chan_switch
config and use only for chan_switch case of VHT20 and VHT40.

Tested with all combinations of chan_switch (noHT->20->40->80->) HT/VHT
and confirmed to be working.

Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2018-05-16 01:16:54 +03:00
Karthikeyan Periyasamy
c4dd3afa3c ACS: Avoid invalid interference factor when survey channel time is zero
When the channel time is zero the interference factor calculation falls
under divide by zero operation which results in invalid (NaN =
not-a-number) interference factor value. This leads to wrong ideal
channel selection in ACS during the scenario described below.

Scenario:

In VHT80 mode, the channel 36 (first channel) gets the channel time as
zero which causes the interfactor factor to be an invalid number (NaN).
Any operations (like addition, mulitplication, divide, etc.) with NaN
value results in a NaN value, so that average factor for the primary
channel 36 got the invalid value (NaN). Since channel 36 is the first
channel, ideal factor is assigned as NaN in the first iteration. The
following iteration condition check (factor < ideal_factor) with a NaN
value fail for all other primary channels. This results in channel 36
being chosen as the ideal channel in ACS which holds a NaN value.

Logs:

ACS: Survey analysis for channel 36 (5180 MHz)
ACS: 1: min_nf=-103 interference_factor=nan nf=0 time=0 busy=0 rx=0
ACS: 2: min_nf=-103 interference_factor=0.615385 nf=-102 time=13 busy=8 rx=0
ACS: 3: min_nf=-103 interference_factor=2.45455 nf=0 time=22 busy=16 rx=0
ACS: 4: min_nf=-103 interference_factor=0.785714 nf=-103 time=42 busy=33 rx=0
ACS: 5: min_nf=-103 interference_factor=nan nf=0 time=0 busy=0 rx=0
ACS:  * interference factor average: nan
...
ACS:  * channel 36: total interference = nan
..
ACS:  * channel 149: total interference = 5.93174e-21
..
ACS: Ideal channel is 36 (5180 MHz) with total interference factor of nan

Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org>
2018-05-16 01:16:54 +03:00
Jeff Johnson
6965705bf5 Fix style issues in qca-vendor.h
Over time a number of style issues have crept into qca-vendor.h,
so fix most of them. There are some identifiers and comments which
exceed 80 columns, but these are left as-is for readability.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Kiran Kumar Lokere
7d66e7c408 Define new QCA feature flag for self managed regulatory support
This can be used to determine which mechanism to use for configuring
country code from trusted sources.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Kiran Kumar Lokere
38f60142d2 Define test config vendor attribute for Tx beamformee configuration
Add a new wifi test config QCA vendor attribute to configure Tx
beamformee in the driver. This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Jouni Malinen
46053a4c93 wext: Avoid gcc warnings on restricted pointer aliasing
The first two parameters to readlink() are marked restricted and at
least gcc 8.2 warns about used the same pointer for then, so avoid this
by using separate buffers for the pathname and response buffer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Jouni Malinen
d267bdf9bd Silence new gcc warnings on switch statement fallthroughs
Reword the comments to make gcc 8.1 recognize these as designed cases
and not trigger implicit-fallthrough warnings.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-15 20:55:17 +03:00
Edayilliam Jayadev
98b806b03d Add QCA vendor attribute for spectral hardware generation
Add spectral hardware generation attribute to
QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CAP_INFO vendor command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-04 20:44:05 +03:00
Sean Parkinson
ab35793ec1 wolfSSL: Fix EAP-FAST key derivation
Implement tls_connection_get_eap_fast_key() using cryptographic
primitives as wolfSSL implements different spec.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
71faf06cb6 wolfSSL: Do not free cert store after setting it
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
b7f5b0ec65 wolfSSL: Fix OCSP ifdefs
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
ca620a3642 wolfSSL: Fix altSubjectName handling
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
7be462084e wolfSSL: Use defines from wolfssl/options.h
Depend on proper wolfSSL configuration instead of trying to define these
build configuration values externally.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
385dd7189a wolfSSL: Use wolfSSL memory allocation in dh5_init()
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
6590d84664 wolfSSL: Load certificates using 'chain' APIs
This allows the full chain to be loaded.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
fc5e88e3ea wolfSSL: Changes for memory allocation failure testing
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
06657d3166 wolfSSL: Fix crypto_hash_init() memory clearing
Explicitly clear the allocated memory to avoid uninitialized data in
struct crypto_hash.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
d396057109 wolfSSL: Fix crypto_ec_point_y_sqr()
Use the correct intermediate result from mp_sqrmod() in the following
mp_mulmod() call (t is not initialized here; it is used only after this
step).

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
e3501ac18f wolfSSL: Fix crypto_ec_point_solve_y_coord()
Provide full uncompressed DER data length to wc_ecc_import_point_der()
even though a compressed form is used here. In addition, use
ECC_POINT_COMP_* defined values to make this more readable.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:51 +03:00
Sean Parkinson
187ad3a303 wolfSSL: Add crypto_ecdh_*()
Implement the wrapper functions for ECDH operations.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 13:32:49 +03:00
Sean Parkinson
3d2f638d61 wolfSSL: Use new digest namespace
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 12:04:46 +03:00
Sean Parkinson
847665ebec wolfSSL: Fix conditional EAP-FAST compilation issue
Variable name was partially renamed during earlier cleanup.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-05-02 00:37:57 +03:00
Jouni Malinen
d501c27cfe EAP-TLS server: Disable TLS v1.3 by default
The current EAP peer implementation is not yet ready for the TLS v1.3
changes with EAP-TTLS, EAP-PEAP, and EAP-FAST, so disable TLS v1.3 for
this EAP method for now.

While the current EAP-TLS implementation is more or less complete for
TLS v1.3, there has been no interoperability testing with other
implementations, so disable for by default for now until there has been
chance to confirm that no significant interoperability issues show up
with TLS version update. tls_flags=[ENABLE-TLSv1.3] configuration
parameter can be used to enable TLS v1.3 (assuming the TLS library
supports it; e.g., when using OpenSSL 1.1.1).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 22:13:38 +03:00
Jouni Malinen
e8a7af9a38 EAP-TLS peer: Disable TLS v1.3 by default
The current EAP peer implementation is not yet ready for the TLS v1.3
changes with EAP-TTLS, EAP-PEAP, and EAP-FAST, so disable TLS v1.3 for
this EAP method for now.

While the current EAP-TLS implementation is more or less complete for
TLS v1.3, there has been no interoperability testing with other
implementations, so disable for by default for now until there has been
chance to confirm that no significant interoperability issues show up
with TLS version update. phase1="tls_disable_tlsv1_3=0" configuration
parameter can be used to enable TLS v1.3 (assuming the TLS library
supports it; e.g., when using OpenSSL 1.1.1).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 22:13:38 +03:00
Jouni Malinen
bbbc7e8016 EAP-TLS: Extend TLS version config to allow TLS v1.3 to be disabled
This may be needed to avoid interoperability issues with the new
protocol version and significant changes for EAP use cases in both key
derivation and handshake termination.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 22:13:38 +03:00
Jouni Malinen
53b34578f3 OpenSSL: Move server vs. client information into connection data
This makes this more easily available throughout the handshake
processing, if needed, compared to having to pass through the function
argument through the full path from
tls_connection{,_server}_handshake().

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 21:45:29 +03:00
Jouni Malinen
0de820b333 EAP-TLS peer: MSK/EMSK derivation with TLS v1.3
Use new MSK/EMSK derivation mechanism if TLS v1.3 or newer is used per
draft-mattsson-eap-tls13-02.txt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 17:53:07 +03:00
Jouni Malinen
1854981c78 EAP-TLS peer: Allow NewSessionTicket after Client Finished with TLS v1.3
The EAP session cannot be marked fully completed on sending Client
Finished with TLS v1.3 since the server may still send NewSessionTicket
before EAP-Success.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 17:51:34 +03:00
Jouni Malinen
6dd98483eb EAP-TLS peer: Support fragmentation of last message
With TLS v1.3, the Finished message from the client can require
fragmentation. Postpone key derivation and marking of the EAP session
fully completed until all the fragments of that last message are sent to
avoid losing all the subsequent fragments.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 17:49:19 +03:00
Jouni Malinen
a80423b521 EAP-TLS server: MSK/EMSK derivation with TLS v1.3
Use new MSK/EMSK derivation mechanism if TLS v1.3 or newer is used per
draft-mattsson-eap-tls13-02.txt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 17:47:22 +03:00
Jouni Malinen
bac1bdba3e EAP-TLS peer: Determine whether TLS v1.3 or newer is used
This is needed to be able to handle different key derivation and message
handshakes in EAP implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 17:45:37 +03:00
Jouni Malinen
fe7b06c5e1 EAP-TLS server: Determine whether TLS v1.3 or newer is used
This is needed to be able to handle different key derivation and message
handshakes in EAP implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 17:44:22 +03:00
Jouni Malinen
c26ac18958 Mark eap_server_tls_derive_key() label argument const
This value is going to be used only with a helper function that takes it
in as a const value, so use the same style here to simplify callers in
upcoming TLS v1.3 changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 17:43:24 +03:00
Jouni Malinen
34c6949fb7 EAP-TLS server: Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 17:40:58 +03:00
Jouni Malinen
4a576c4736 OpenSSL: Terminate TLS handshake if ClientHello cannot be generated
OpenSSL 1.1.1 added cases where ClientHello generation may fail due to
"no ciphers available". There is no point in sending out the resulting
TLS Alert message to the server since the server does not know what to
do with it before ClientHello. Instead, simply terminate the TLS
handshake locally and report EAP failure to avoid getting stuck waiting
for a timeout.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 13:23:25 +03:00
Jouni Malinen
2439714f90 DPP: Fix testing code for invalid keys with OpenSSL 1.1.1
OpenSSL started reporting failures from
EC_POINT_set_affine_coordinates_GFp() similarly to BoringSSL, so use the
same workaround to enable this protocol testing case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-05-01 12:02:57 +03:00
Jouni Malinen
04ee197f87 HS 2.0: Maintain a database of pending T&C acceptance sessions
The new SQLite table pending_tc is used to maintain a list of sessions
that need to accept Terms and Conditions. This information can be used
on an external Terms and Conditions server to map the incoming MAC
address information into user identity.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-30 20:12:36 +03:00
Karthikeyan Periyasamy
6b21df0bb7 Add QCA vendor command/attr to filter frames from other BSSs
Add commands to allow an AP to configure filtering rules to capture
frames from stations that are active on the operating channel, but
not associated to this AP. Operations include add/delete the filter
and get the statistics information of the unassociated stations.

Signed-off-by: Karthikeyan Periyasamy <periyasa@codeaurora.org>
2018-04-26 17:56:22 +03:00
Jouni Malinen
4526038092 HS 2.0: Terms and Conditions testing feature in authentication server
Allow hostapd RADIUS authentication server with SQLite EAP user DB to be
used for testing Terms and Conditions functionality. This could be used
for the HO AAA part of functionality (merging HO AAA and SP AAA into a
single component to avoid separate RADIUS proxy in testing setup).

A T&C server with HTTPS processing is needed to allow this to be used
for full over-the-air testing. This commit adds sufficient functionality
to allow hwsim test cases to cover the RADIUS server part.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-26 17:56:22 +03:00
Jouni Malinen
f456940ef3 HS 2.0: CoA-Request processing for Terms and Conditions filtering
Extend RADIUS DAS to support CoA-Request packets for the case where the
HS 2.0 Terms And Conditions filtering VSA is used to remove filtering.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-25 12:57:46 +03:00
mazumdar
d239ab3962 DFS: Mark channels required DFS based on reg-domain info from the driver
Mark a channel as required DFS based on regulatory information received
from the driver/kernel rather than deciding based on hardcoded
boundaries on the frequency. Previously few channels were being marked
as requiring DFS even though they were non-DFS in a particular country.

If the driver does not provide channel list information, fall back to
the previously used frequency-based determination.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
7fc6a024f9 HS 2.0: Process received Terms and Conditions Acceptance notification
Extend wpa_supplicant WNM-Notification RX handling to parse and process
received Terms and Conditions Acceptance notifications. If PMF is
enabled for the association, this frame results in control interface
indication (HS20-T-C-ACCEPTANCE <URL>) to get upper layers to guide the
user through the required acceptance steps.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
8760b9848c HS 2.0: Send Terms and Conditions Acceptance notification
This extends hostapd Access-Accept processing to check if the RADIUS
server indicated that Terms and Conditions Acceptance is required. The
new hs20_t_c_server_url parameter is used to specify the server URL
template that the STA is requested to visit.

This commit does not enable any kind of filtering, i.e., only the part
of forwarding a request from Access-Accept to the STA using
WNM-Notification is covered.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
6cb8f4f382 HS 2.0: Terms and Conditions attributes in Access-Request messages
This extends hostapd with two new configuration parameters
(hs20_t_c_filename and hs20_t_c_timestamp) that can be used to specify
that the Terms and Conditions attributes are to be added into all
Access-Request messages for Hotspot 2.0 STAs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Bhagavathi Perumal S
1952b626ba hostapd: Add ctrl iface indications for WDS STA interface
This allows user to get event indication when a new interface is
added/removed for 4addr WDS STA and also WDS STA ifname is informed
through the STA command.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
2598e69303 FILS: Enable SHA256 KDF even without PMF/SAE in the build
While it is unlikely that FILS would be used without PMF or SAE in the
build, it is possible to generate such a build and as such, it would be
good for the KDF selection to work properly. Add CONFIG_FILS as an
independent condition for the SHA256-based KDF. Previously, this
combination would have resulted in failure to derive keys and terminated
key management exchange.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
1baa130bd0 nl80211: Print NL80211_CMD_SET_POWER_SAVE errors in debug log
This makes it easier to understand what happened with PS configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Tova Mussai
c4315e6620 AP: Handle AP initalization failure in async flow
When AP initialization is completed in a callback (e.g., OBSS scan),
wpa_supplicant_deinit_ap() is not called in case of failure. Fix this by
calling setup_complete_cb in case of failure, too, which in turn calls
wpa_supplicant_deinit_ap() if needed.

Signed-off-by: Tova Mussai <tova.mussai@intel.com>
2018-04-20 00:48:49 +03:00
Ahmad Masri
86c998d37a FT: Add FT auth algorithm to connect params when roaming
Add WPA FT auth to connect params in case of a re-connection to ESS
supporting FT when FT was used in the first connect.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:35:41 +03:00
Ahmad Masri
3dc3afe298 FT: Add MDE to assoc request IEs in connect params
Add MDE (mobility domain element) to Association Request frame IEs in
the driver assoc params. wpa_supplicant will add MDE only if the network
profile allows FT, the selected AP supports FT, and the mobility domain
ID matches.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:32:49 +03:00
Jouni Malinen
67cca34645 HS 2.0: Copy Roaming Consortium OI from (Re)AssocReq to Access-Request
This extends hostapd processing of (Re)Association Request frames to
store a local copy of the Consortium OI within the Roaming Consortium
Selection element, if present, and then add that in HS 2.0 Roaming
Consortium attribute into RADIUS Access-Request messages.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:47 +03:00
Jouni Malinen
0e450db285 HS 2.0: Allow configuration of operator icons
This extends hostapd Hotspot 2.0 implementation to allow operator icons
to be made available. The existing hs20_icon parameter is used to define
the icons and the new operator_icon parameter (zero or more entries) is
used to specify which of the available icons are operator icons. The
operator icons are advertised in the Operator Icon Metadata ANQP-element
while the icon data can be fetched using the same mechanism (icon
request/binary file) that was added for the OSU Providers icons.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:47 +03:00
Jouni Malinen
6a8a04d742 HS 2.0: Add fetching of Operator Icon Metadata ANQP-element
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:42 +03:00
Ben Greear
f875da0448 nl80211: Add MLME auth work-around for -EEXIST errno
The Linux 4.9 kernel, at least, can return EEXIST when trying to auth a
station that already exists.

We have seen this bug in multiple places, but it is difficult to
reproduce. Here is a link to someone else that appears to have hit this
issue: https://github.com/greearb/ath10k-ct/issues/18

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-04-15 21:58:53 +03:00
Jouni Malinen
5ecdf06c8c DPP: Fix build with LibreSSL v2.5
The ECDSA_SIG_{set,get}0() wrappers are needed with LibreSSL v2.5 (but
not v2.7.2).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-15 00:01:35 +03:00
Jouni Malinen
4b603f01de DPP: Fix X509_ALGOR_get0() use with LibreSSL
At least LibreSSL v2.7.2 indicates support for OpenSSL API 1.1.0, but it
does not apparently use const ASN1_OBJECT * with X509_ALGOR_get0(). Use
the older non-const version here with LibreSSL to fix compilation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-15 00:01:35 +03:00
Jouni Malinen
dee566d98e OpenSSL: Skip SSL_OP_NO_TLSv1_3 if not defined to fix LibreSSL build
LibreSSL v2.7 claims an OPENSSL_VERSION_NUMBER value that would indicate
that SSL_OP_NO_TLSv1_3 is available, but that does not seem to be the
case with LibreSSL. As such, skip this step based on whether
SSL_OP_NO_TLSv1_3 is defined to avoid build issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-15 00:01:35 +03:00
Bernard Spil
ba3658cfff Fix build with LibreSSL 2.7
LibreSSL 2.7 adds (most of) the OpenSSL 1.1 API.

Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
2018-04-15 00:01:33 +03:00
Daniel Golle
d6d7debb5d Fix wpa_supplicant build with CONFIG_NO_WPA
pmksa_cache stubs have not been updated when function prototypes have
been modified in commit 852b2f2738 (SAE: Only allow SAE AKMP for PMKSA
caching attempts). Add new function parameter int akmp to stubs of
pmksa_cache_get() and pmksa_cache_set_current() as well to fix build.

Fixes: 852b2f2738 ("SAE: Only allow SAE AKMP for PMKSA caching attempts")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-13 11:43:57 +03:00
Jouni Malinen
852b2f2738 SAE: Only allow SAE AKMP for PMKSA caching attempts
Explicitly check the PMKSA cache entry to have matching SAE AKMP for the
case where determining whether to use PMKSA caching instead of new SAE
authentication. Previously, only the network context was checked, but a
single network configuration profile could be used with both WPA2-PSK
and SAE, so should check the AKMP as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-09 19:34:44 +03:00
Jouni Malinen
8e402d1657 WPA: Fix a typo in a debug message
"PT derivation" was supposed to be saying "PTK derivation".

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-08 19:44:53 +03:00
Jouni Malinen
1bd131105b Clear pmk_len more consistently for extra protection
This gives more protection against unexpected behavior if RSN supplicant
code ends up trying to use sm->pmk[] with a stale value. Couple of the
code paths did not clear sm->pmk_len explicitly in cases where the old
PMK is being removed, so cover those cases as well to make sure these
will result in PMK-to-PTK derivation failures rather than use of
incorrect PMK value if such a code path could be reached somehow.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-08 19:44:05 +03:00
Kiran Kumar Lokere
26e0ada47f Define new test config attribute for HE LTF configuration
Add a new wifi test config attribute to configure HE LTF in the
driver. This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-06 23:41:06 +03:00
Jouni Malinen
4d6eb9f2e2 Fix hostapd wmm_enabled setup on config reload path
If there is no explicit wmm_enabled parameter in the configuration
(i.e., conf->wmm_enabled == -1), the configuration reload path needs to
initialize conf->wmm_enabled based on iconf->ieee80211n in
hostapd_reload_bss() similarly to what is done in the initial startup
case in hostapd_setup_bss().

This fixes issues with RSN capabilities being set incorrectly when WMM
is supposed to get enabled and unexpectedly enabling WMM when it is not
supposed to be enabled (HT disabled). Either of these issues could show
up when asking hostapd to reload the configuration file (and when that
file does not set wmm_enabled explicitly).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-06 23:29:11 +03:00
Michael Braun
a6509e850e FT: Add session_timeout to push/resp
This ensures a session timeout configured on R0KH either using
RADIUS-based ACL or 802.1X authentication is copied over to the new
R1KH.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:57:53 +03:00
Michael Braun
3cb286ca49 FT: Add set/get session_timeout callback functions
These are needed to allow wpa_auth_ft.c to control session_timeout
values for STAs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:48:15 +03:00
Michael Braun
13f118dc59 Convert STA session_timeout to os_reltime
This is needed to allow the remaining session time to be computed for FT
(when sending PMK-R1 to another AP).

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:48:11 +03:00
Michael Braun
069b4e3048 FT: Include identity and radius_cui in pull/resp frames
This allows APs using FT to get the EAP session information from R0KH to
R1KHs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:09:16 +03:00
Michael Braun
9fbe292ff3 FT: Move wpa_ft_rrb_build_r0() special case to caller
Handle the special case of no PMK-R0 entry in the caller instead of
having to have wpa_ft_rrb_build_r0() aware of the possibility of pmk_r0
being NULL.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:09:16 +03:00
Michael Braun
8c345234fd FT: Add set/get identity/radius_cui callback functions
These are needed to allow wpa_auth_ft.c to control identity/radius_cui
values for STAs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:01:16 +03:00
Michael Braun
17a8a9893f Fix potential memory leak with identity/radius_cui
ieee802_11_set_radius_info() might be called with a STA entry that has
already stored identity and/or radius_cui information, so make sure the
old values get freed before being replaced by the new ones.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:01:16 +03:00
Michael Braun
17010c38d0 FT: Add IEEE VLAN support (including tagged VLANs)
This uses set_vlan()/get_vlan() callbacks to fetch and configure the
VLAN of STA. Transmission of VLAN information between APs uses new TLVs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-06 19:01:13 +03:00
Michael Braun
47a039b01b FT: Add set_vlan()/get_vlan() callback functions
These are needed to allow wpa_auth_ft.c to control VLAN assignment for
STAs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-05 22:39:21 +03:00
Michael Braun
3a3e28320b FT: Add expiration to PMK-R0 and PMK-R1 cache
IEEE Std 802.11-2016, 12.7.1.7.1 indicates that the lifetime of the
PMK-R0 (and PMK-R1) is bound to the lifetime of PSK or MSK from which
the key was derived. This is currently stored in r0_key_lifetime, but
cache entries are not actually removed.

This commit uses the r0_key_lifetime configuration parameter when
wpa_auth_derive_ptk_ft() is called. This may need to be extended to use
the MSK lifetime, if provided by an external authentication server, with
some future changes. For PSK, there is no such lifetime, but it also
matters less as FT-PSK can be achieved without inter-AP communication.

The expiration timeout is then passed from R0KH to R1KH. The R1KH verifies
that the given timeout for sanity, it may not exceed the locally configured
r1_max_key_lifetime.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-05 13:58:20 +03:00
Michael Braun
09211c9894 FT: Use dl_list for PMK-R0/R1 cache
This makes it easier to remove expired entries from the list.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-05 13:56:04 +03:00
Michael Braun
89dea17e13 FT: Add helper function for FILS key storing
FILS calls wpa_ft_store_pmk_r0() from wpa_auth.c. This is moved into a
new function wpa_ft_store_pmk_fils() in preparation of additional
information being needed.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-05 13:47:43 +03:00
Michael Braun
83fe4bd3bf FT: Convert r0_key_lifetime to seconds
Add a new configuration option ft_r0_key_lifetime that deprecates
r0_key_lifetime. Though, the old configuration is still accepted for
backwards compatibility.

This simplifies testing. All other items are in seconds as well. In
addition, this makes dot11FTR0KeyLifetime comment match with what got
standardized in the end in IEEE Std 802.11r-2008.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2018-04-05 13:47:23 +03:00
Ben Greear
c6b5b9a33b hostapd: Add more authentication error case debugging
This can help one understand better why stations are failing
to authenticate.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-04-02 16:53:10 +03:00
Ben Greear
e2fc13d0ab hostapd: Add logging around Michael MIC related failures
This can help one understand better why stations are failing
to authentication/associate.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-04-02 16:51:29 +03:00
Ben Greear
e7525a2954 hostapd: Add send_auth_reply() caller info in debug logging
This can help one understand better what happens during the
authentication exchange.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-04-02 16:47:26 +03:00
Davide Caratti
d89edb6112 wpa_supplicant: Don't reply to EAPOL if pkt_type is PACKET_OTHERHOST
When wpa_supplicant is running on a Linux interface that is configured in
promiscuous mode, and it is not a member of a bridge, incoming EAPOL
packets are processed regardless of the Destination Address in the frame.
As a consequence, there are situations where wpa_supplicant replies to
EAPOL packets that are not destined for it.

This behavior seems undesired (see IEEE Std 802.1X-2010, 11.4.a), and can
be avoided by attaching a BPF filter that lets the kernel discard packets
having pkt_type equal to PACKET_OTHERHOST.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2018-04-02 12:21:27 +03:00
Mathy Vanhoef
9f917339cc tests: Fix clearing of IGTK PN in handshake retransmit test functions
When locating the position of the IGTK PN in the key data, we also need
to skip the KDE header, in addition to the keyid field. This fixes
hostapd RESEND_M3 and RESEND_GROUP_M1 behavior when PMF is negotiated
for the association. Previously, the IGTK KDE ended up getting
practically hidden since zeroing of the PN ended up clearing the KDE OUI
and Type fields.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-04-01 21:47:16 +03:00
Ahmed ElArabawy
45f7574d31 Propagate the EAP method error code
In the current implementation, upon an EAP method failure, followed by
an EAP failure, the EAP Status is propagated up in wpa_supplicant with a
general failure parameter string "failure". This parameter is used for a
notification on the dbus.

This commit reports the EAP method failure error code in a separate
callback.

The solution in this commit is generic to all EAP methods, and can be
used by any method that need to pass its error code. However, this
commit only implements the reporting for EAP-SIM and EAP-AKA methods
where the Notification Code (in AT_NOTIFICATION) is used as the method
specific error code value.

Signed-off-by: Ahmed ElArabawy <arabawy@google.com>
2018-03-31 11:57:33 +03:00
Beniamino Galvani
77a020a118 wpa_supplicant: Fix auth failure when the MAC is updated externally
When connecting to a WPA-EAP network and the MAC address is changed
just before the association (for example by NetworkManager, which sets
a random MAC during scans), the authentication sometimes fails in the
following way ('####' logs added by me):

wpa_supplicant logs:
 wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1)
 RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 wlan0: RSN: no matching PMKID found
 EAPOL: Successfully fetched key (len=32)
 WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 66 20 cf ab 8c dc
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71
 RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK
 nl80211: Delete PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1
 RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270
 nl80211: Add PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!

hostapd logs:
 WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
 WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART
 wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 02 00 00 00 00 00
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)

That's because wpa_supplicant computed the PMKID using the wrong (old)
MAC address used during the scan. wpa_supplicant updates own_addr when
the interface goes up, as the MAC can only change while the interface
is down. However, drivers don't report all interface state changes:
for example the nl80211 driver may ignore a down-up cycle if the down
message is processed later, when the interface is already up. In such
cases, wpa_supplicant (and in particular, the EAP state machine) would
continue to use the old MAC.

Add a new driver event that notifies of MAC address changes while the
interface is active.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2018-03-30 12:16:42 +03:00
Alejandro Pérez Méndez
2ff9696d3b Add definitions for RADIUS attributes standardised in RFC 7055
hostap code is used by the Moonshot software (an implementation of the
GSS EAP mechanism - RFC 7055), and those definitions are required but
missing.

Signed-off-by: Alejandro Perez <alex.perez-mendez@jisc.ac.uk>
2018-03-30 11:04:29 +03:00
Dmitry Lebed
c17915462a nl80211: Add DFS offload support using upstream nl80211 definitions
Add generic DFS offload support using the nl80211 feature that was
recently added to the mac80211-next tree. This uses the already
available DFS offload infrastructure that was previously used with
vendor specific definitions and just sets necessary flags (DFS_OFFLOAD
ext_feature) and forawrds CAC_STARTED event for processing.

Signed-off-by: Dmitry Lebed <lebed.dmitry@gmail.com>
2018-03-30 10:56:05 +03:00
Jouni Malinen
1841086adf Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-03-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-03-30 10:54:57 +03:00
Kabilan Kannan
7cfe2f0011 Add SAR V2 power selection capability (QCA vendor attributes)
Add changes to select SAR V2 power limits using the existing QCA vendor
command.

Signed-off-by: Kabilan Kannan <kabilank@codeaurora.org>
2018-03-30 10:49:11 +03:00
Jouni Malinen
7e1d3ee963 Add hostapd.conf venue_url to set Venue URL ANQP-element
The new venue_url parameter can now be used to set the Venue URL ANQP
information instead of having to construct the data and use
anqp_elem=277:<hexdump> to set the raw value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-26 16:10:47 +03:00
Jouni Malinen
d555c39c41 FILS: Fix CONFIG_FILS=y build without CONFIG_IEEE80211R=y
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-26 12:33:52 +03:00
Jouni Malinen
2f37387812 FILS: Add more complete support for FT-FILS use cases
This extends the original IEEE Std 802.11ai-2016 functionality with the
changes added in REVmd to describe how additional keys are derived to
protect the FT protocol using keys derived through FILS authentication.

This allows key_mgmt=FT-FILS-SHA256 to be used with FT protocol since
the FTE MIC can now be calculated following the changes in REVmd. The
FT-FILS-SHA384 case is still unsupported (it needs support for variable
length MIC field in FTE).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-26 12:31:04 +03:00
Jouni Malinen
4ddca8142e FT: Derive PMK-R1 locally if requested PMKR0Name is found
Derive PMK-R1 locally if the derived PMKR1Name is not found from the
local cache, but the request is for a key that was originally generated
locally (R0KH-ID matches) and the PMKR0Name is found in the local cache.
This was apparently not hit in the previously used FT sequences, but
this is useful to have available if a PMK-R1 entry is dropped from the
local cache before PMK-R0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-24 18:53:14 +02:00
Jouni Malinen
1dc0945cc9 FT: Do not send PMK-R1 pull request to own R0KH address
If the requested key is not available locally, there is no point in
trying to send a pull request back to self for the key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-24 18:53:14 +02:00
Jouni Malinen
1778f1e9a4 SAE: Fix PTK derivation to use KDF-SHA256
The previous implementation ended up defaulting to using PRF-SHA1 for
deriving PTK from PMK when SAE was used. This is not correct since the
SAE AKM is defined to be using SHA-256 -based KDF instead. Fix that.

Note: This change is not backwards compatible. Both the AP and station
side implementations will need to be updated at the same time to
maintain functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-23 18:44:48 +02:00
Jouni Malinen
9d94e4bb6b SAE: Fix PMKID in EAPOL-Key msg 1/4
Previously, the association that used SAE authentication ended up
recalculating the PMKID for EAPOL-Key msg 1/4 using incorrect
PMK-to-PMKID derivation instead of using the previously derived PMKID
from SAE. The correct PMKID was used only when going through PMKSA
caching exchange with a previously derived PMKSA from SAE.

Fix this by storing the SAE PMKID into the state machine entry for the
initial SAE authentication case when there is no explicit PMKSA entry
attached to the station.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-23 18:44:48 +02:00
Jouni Malinen
a03f9d17ea SAE: Fix FT-SAE key derivation for a case where PMKID in msg 1/4 matches
Previously, matching PMKSA cache entry ended up clearing XXKey. However,
that XXKey is needed in the specific case where FT-SAE goes through the
initial mobility domain association with SAE authentication. FT-SAE
worked previously since the hostapd side generation of the particular
PMKID value in msg 1/4 was broken, but once that PMKID is fixed,
wpa_supplicant will need this fix to allow FT-SAE to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-23 18:44:48 +02:00
Jouni Malinen
10949e2480 Do not disable 40 MHz based on co-ex report with matching primary channel
When processing 20/40 BSS Coexistence Management frames that do not
explicitly require 40 MHz to be disabled, check whether the reported
channels in 20/40 BSS Intolerant Channel Report element match the
current primary channel. If so, allow 40 MHz operation to continue. This
makes the during-operation updates for 20/40 Operation Permitted more
consistent with the scans during initial BSS startup.

The received 20/40 BSS Intolerant Channel Report channels are to be used
in the OT set in the during-operation determination and the P == OT_i
exception was ignored in the previous implementation which could result
in the AP first starting with 40 MHz and then dropping to 20 MHz on
first received 20/40 BSS Coexistence Management frame even though there
was no change in the neighboring BSSs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-21 16:58:05 +02:00
Jouni Malinen
8cbd9c3ed4 Support multiple 20/40 BSS Intolerant Channel Report elements
This extends 20/40 BSS Coexistence Management frame processing to
iterate over all the included 20/40 BSS Intolerant Channel Report
elements instead of using only the first one.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-21 16:53:50 +02:00
Jouni Malinen
8127a0ac02 Ignore intra-BSS 20/40 BSS Coexistence Management from not-associated STA
The 20 MHz BSS Width Request field is set to 1 only for intra-BSS
reports. As such, ignore the frame if such a claim is made by a
transmitter that is not currently associated with the AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-21 16:35:15 +02:00
Jouni Malinen
8aa599d45a Add more debug prints for 20/40 BSS Coexistence Management frame Rx
This makes it easier to understand what kind of information a STA is
reporting about 20/40 MHz coexistence requirements.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-21 16:32:35 +02:00
Rajkumar Manoharan
d58c3bd8b7 hostapd: Ignore LOW_ACK event for co-operative steering clients
Ignore hostapd_event_sta_low_ack for a station which has agreed to
steering by checking the agreed_to_steer flag. This flag will be set
whenever a station accepts the BSS transition request from the AP.
Without this ignoring of the LOW_ACK event, the steering in-progress
might be affected due to disassociation. In this way AP will allow some
time (two seconds) for the station to move away and reset the flag after
the timeout.

Co-Developed-by: Tamizh Chelvam <tamizhr@codeaurora.org>
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-19 20:16:32 +02:00
Tamizh chelvam
ec2b5173ce Make STA opmode change event available to upper layers
Add an event callback for EVENT_STATION_OPMODE_CHANGED to allow
user/application to get the notification whenever there is a change in a
station's HT/VHT op mode.

The new events:
STA-OPMODE-MAX-BW-CHANGED <addr> <20(no-HT)|20|40|80|80+80|160>
STA-OPMODE-SMPS-MODE-CHANGED <addr> <automatic|off|dynamic|static>
STA-OPMODE-N_SS-CHANGED <addr> <N_SS>

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-19 20:07:22 +02:00
Tamizh chelvam
e8ada1600f nl80211: Add support for STA opmode change events
The nl80211 driver can report STA_OPMODE notification event as soon as
it receives an HT/VHT Action frame about modification of station's SMPS
mode/bandwidth/RX NSS. Add support to parse such events.

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-19 19:57:25 +02:00
Bhagavathi Perumal S
72123a84cb hostapd: Add last_ack_rssi into ctrl iface cmd STA
This allows external application to get last ACK signal strength of the
last transmitted frame if the driver makes this information
(NL80211_STA_INFO_ACK_SIGNAL) available.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
2018-03-19 19:23:26 +02:00
Ashok Ponnaiah
f5701cc66e OWE: Clean up pointer check in a testing code path
Check wpa_auth_write_assoc_resp_owe() return value to keep static
analyzers happier. The code path where this could happen is not really
reachable due to the separate hapd->conf->own_ie_override check and
wpa_auth_write_assoc_resp_owe() returning NULL only in an error case in
the override path. Furthermore, clean up the pointer return value to use
a proper pointer (NULL vs. 0).

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-03-19 19:08:34 +02:00
Jouni Malinen
ebe61e564c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-02-13.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-03-19 19:08:15 +02:00
Purushottam Kushwaha
8179ae3a2a DPP: Support retrieving of configurator's private key
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.

Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.

Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>

The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-16 20:55:32 +02:00
Jouni Malinen
4bc801ab42 SAE: Fix EAPOL-Key integrity and key-wrap algorithm selection
The SAE AKM 00-0F-AC:8 is supposed to use EAPOL-Key Key Descriptor
Version 0 (AKM-defined) with AES-128-CMAC and NIST AES Key Wrap.
However, the previous implementation ended up using Key Descriptor
Version 2 (HMAC-SHA-1-128 and NIST AES Key Wrap). Fix this by using the
appropriate Key Descriptor Version and integrity algorithm. Use helper
functions to keep the selection clearer and more consistent between
wpa_supplicant and hostapd uses.

Note: This change is not backwards compatible. Both the AP and station
side implementations will need to be updated at the same time to
maintain functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-16 13:36:42 +02:00
Srinivas Dasari
d74963d411 DPP: Extend dpp_test 89 functionality to transmit side
This extends dpp_test functionality to allow DPP exchanges to be stopped
after authentication is completed on the Initiator, i.e., after sending
out the Authentication Confirm message. Previously, dpp_test=89 was used
only on the Responder side to stop after receiving the Authentication
Confirm message. The main use case for this extended functionality is to
be able to stop the protocol exchange on a device that acts as
authentication Initiator and Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-13 01:03:37 +02:00
Purushottam Kushwaha
f8bfc9cbde Use correct WPA_ALG_* values to compare for enum wpa_alg
enum wpa_alg was being compared with WPA_CIPHER_* values. That does not
work here and strict compilers will report this as an error. Fix the
comparision to use proper WPA_ALG_* values. This fixes testing
capability for resetting IPN for BIP.

Fixes: 16579769ff ("Add testing functionality for resetting PN/IPN for configured keys")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-13 00:32:43 +02:00
Jouni Malinen
cce16e43f8 mka: Mark ieee802_1x_kay_create_mka() ckn and cak arguments const
These structures are not modified or freed (i.e., only data from them is
copied), so mark the arguments const to document this a bit more clearly
now that there was a memory leak in one of the callers to this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-03-11 17:04:34 +02:00
Mike Siedzik
3a52f6b387 mka: Do not print contents of SAK to debug log
Log newly generated SAKs as well as unwrapped SAKs with wpa_hexdump_key()
rather than wpa_hexdump(). By default, the wpa_hexdump_key() function
will not display sensitive key data.

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2018-03-11 16:52:56 +02:00
Mike Siedzik
77977b3d5d mka: Detect duplicate MAC addresses during key server election
In the unlikely event the local KaY and the elected peer have the same
actor priority as well as the same MAC address, log a warning message
and do not elect a key server. Resolution is for network administrator
to reconfigure MAC address.

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2018-03-11 16:49:00 +02:00
Mike Siedzik
5762855abd mka: Loss of live peers to result in connect PENDING not AUTHENTICATED
When the number of live peers becomes 0 the KaY was setting
kay->authenticated true and telling the CP to connect AUTHENTICATED.
Per IEEE Std 802.1X-2010 Clause 12.2, MKA.authenticated means "the Key
Server has proved mutual authentication but has determined that
Controlled Port communication should proceed without the use of MACsec",
which means port traffic will be passed in the clear.

When the number of live peers becomes 0 the KaY must instead set
kay->authenticated false and tell the CP to connect PENDING. Per Clause
12.3 connect PENDING will "prevent connectivity by clearing the
controlledPortEnabled parameter."

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2018-03-11 16:43:12 +02:00
Mike Siedzik
8fb546d8e6 mka: Ignore MACsec SAK Use Old Key parameter if we don't have our old key
Upon receipt of the "MACsec MKPDU SAK Use parameter set" the KaY verifies
that both the latest key and the old key are valid. If the local system
reboots or is reinitialized, the KaY won't have a copy of its old key.
Therefore if the KaY does not have a copy of its old key it should not
reject MKPDUs that contain old key data in the MACsec SAK Use parameter.

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2018-03-11 16:30:29 +02:00
Mike Siedzik
b54b53e644 mka: When matching CKNs ensure that lengths are identical
KaY looks up participants using CAK Name (CKN). Per IEEE Std 802.1X-2010
Clause 9.3.1 CAK identification, the CKN is an integral number of
octets, between 1 and 32 (inclusive). This fix will ensure that the KaY
does not inadvertently match CKNs such as 'myCakNamedFoo' and
'myCakNamedFooBar'.

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2018-03-11 13:33:39 +02:00
Sean Parkinson
fec03f9838 Add support for wolfSSL cryptographic library
Allow hostapd/wpa_supplicant to be compiled with the wolfSSL
cryptography and TLS library.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2018-03-03 11:52:40 +02:00
Tamizh chelvam
92eb00aec2 Extend ACL check for Probe Request frames
Extend ACL check to deny Probe Request frames for the client which does
not pass ACL check. Skip this check for the case where RADIUS ACL is
used to avoid excessive load on the RADIUS authentication server due to
Probe Request frames. This patch add wpa_msg event for auth and assoc
rejection due to acl reject.

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-03 00:42:16 +02:00
Kiran Kumar Lokere
01542e6517 Add new WiFi test config attributes to configure BA params
Define a new WiFi test configuration attributes in QCA vendor
command to configure BA session parameters and to add or
delete a BA session and to configure no ack policy.
This is used for configuring the testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-03 00:12:39 +02:00
Kiran Kumar Lokere
ba60804419 Add new WiFi test config attribute to allow WEP/TKIP in HE
Define a new WiFi test configuration attribute in QCA vendor
command to allow or not to allow WEP/TKIP in HT/VHT/HE mode.
This is used for configuring the testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-03 00:09:19 +02:00
Jeffin Mammen
c05f96a386 FILS: Check kde more consistently to avoid static analyzer warnings
For FILS, __wpa_send_eapol() is called only with the kde != NULL, but a
static analyzer might not understand that. Add an explicit check kde !=
NULL similarly to the other cases going through the kde parameter to
silence such bogus warnings.

Signed-off-by: Jeffin Mammen <jmammen@codeaurora.org>
2018-03-02 21:27:30 +02:00
Jouni Malinen
087474512f SAE: Debug print group support in the crypto library
This makes it easier to understand why "SAE: Failed to select group"
debug entry shows up in cases the selected crypto library does not
support a specific group.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-02 21:27:30 +02:00
Jouni Malinen
f5e0a3324b SAE: Fix potential infinite loop in mismatching PMK case on AP
Commit e61fea6b46 ('SAE: Fix PMKSA caching
behavior in AP mode') modified the PSK fetching loop to not override PMK
in case of SAE with PMKSA caching. However, that commit missed the error
path cases where there is need to break from the loop with exact
negative of the check in the beginning of the loop. This could result in
hitting an infinite loop in hostapd if a station derived a different PMK
value from otherwise successfully completed SAE authentication or if a
STA used a different PMK with a PMKSA caching attempt after a previously
completed successful authentication.

Fix this by adding the matching break condition on SAE AKM within the
loops.

Fixes: e61fea6b46 ("SAE: Fix PMKSA caching behavior in AP mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-02 21:27:18 +02:00
Jouni Malinen
c54cc8bb1d BoringSSL: Set appropriate sigalgs for Suite B RSA 3K cases
This commit takes care of the sigalg configuration using the relatively
recent SSL_CTX_set_verify_algorithm_prefs() addition from April 2017 to
address the functionality that was already there with OpenSSL using
SSL_set1_sigalgs_list().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-19 17:38:37 +02:00
Jouni Malinen
aa6de8e6b6 BoringSSL: Map OpenSSL SUITEB192 cipher into appropriate sigalgs
BoringSSL removed the special OpenSSL cipher suite value "SUITEB192", so
need to map that to the explicit ciphersuite
(ECDHE-ECDSA-AES256-GCM-SHA384), curve (P-384), and sigalg
(SSL_SIGN_ECDSA_SECP384R1_SHA384) to allow 192-bit level Suite B with
ECDSA to be used.

This commit takes care of the sigalg configuration using the relatively
recent SSL_CTX_set_verify_algorithm_prefs() addition from April 2017.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-19 16:27:05 +02:00
Jouni Malinen
7a47f34b1a BoringSSL: Map OpenSSL SUITEB192 cipher into appropriate parameters
BoringSSL removed the special OpenSSL cipher suite value "SUITEB192", so
need to map that to the explicit ciphersuite
(ECDHE-ECDSA-AES256-GCM-SHA384), curve (P-384), and sigalg
(SSL_SIGN_ECDSA_SECP384R1_SHA384) to allow 192-bit level Suite B with
ECDSA to be used.

This commit takes care of the ciphersuite and curve configuration.
sigalg change is in a separate commit since it requires a newer
BoringSSL API function that may not be available in all builds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-19 16:26:48 +02:00
Jouni Malinen
3552502344 OpenSSL: Replace SSL_set1_curves_list() with SSL_set1_curves()
In practice, this does the same thing (i.e., allows only the P-384 curve
to be used), but using an older API function that happens to be
available in some BoringSSL builds while the newer one is not.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-19 16:02:31 +02:00
Ben Greear
4ab0f11b80 Allow HT40 on 5 GHz channels 165 and 169
India supports 5 GHz channels 169 and 173 now. Enable HT40 across
channels 165 and 169. Leave channel 173 to remain HT20 only.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-02-17 18:52:01 +02:00
Emmanuel Grumbach
299d21e8e2 nl80211: Use the new NL80211_MFP_OPTIONAL option
Now we can configure the network block so that it allows MFP setting for
the NL80211_CMD_CONNECT command. If the kernel finds an AP that requires
MFP, it'll be able to connect to it.

Note that since NL80211_MFP_OPTIONAL isn't supported for
NL80211_CMD_ASSOCIATE, we need to take the MFP configuration outside
nl80211_connect_common(). In addition, check that
NL80211_EXT_FEATURE_MFP_OPTIONAL is supported, to be backward compatible
with older kernels.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2018-02-17 18:50:28 +02:00
Avraham Stern
a8c45d47d3 nl80211: Handle port authorized event
Indicate that the connection is authorized when receiving a port
authorized event from the driver.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-02-17 18:44:08 +02:00
Avraham Stern
0a20bd7d91 driver: Add port authorized event
Add an event that indicates that the 4 way handshake was completed by
the driver.

This event is useful for networks that require 802.1X authentication.
The driver can use this event that a new connection is already
authorized (e.g. when the driver used PMKSA caching) and 802.1X
authentication is not required.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-02-17 18:39:41 +02:00
Avraham Stern
05fc7c68f6 nl80211: Add API to set the PMK to the driver
Add support for setting the PMK to the driver. This is used for
drivers that support 4-way handshake offload.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-02-17 18:36:16 +02:00
Eliad Peller
0ff08f9636 nl80211: Check 4-way handshake offload support
Set the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag if the driver indicates
both 4-way handshake PSK and 802.1X support. Currently wpa_supplicant
doesn't distinguish between 4-way handshake for 802.1X and PSK, but
nl80211 API has different capabilities for each one.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-02-17 18:31:05 +02:00
Eliad Peller
730c5a1d09 nl80211: Support passing PSK on connect
If the driver advertises WPA_DRIVER_FLAGS_4WAY_HANDSHAKE support, pass
the PSK on connect.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2018-02-17 18:31:05 +02:00
Jouni Malinen
9ec0dfa31f Define host_to_le64() for Windows builds
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-17 18:04:54 +02:00
Vamsi Krishna
a4016163e8 Extend APF interface for read/write and enable/disable ops
Enhance QCA vendor specific APF interface to support write/read program
and/or data and to enable/disable APF feature.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-15 00:26:06 +02:00
Jouni Malinen
b2e4074ca3 OpenSSL: Fix EAP-FAST with OpenSSL 1.1.1-pre1
TLS v1.3 needs to be explicitly disabled to allow cipher suite selection
for EAP-FAST to work with OpenSSL builds that include TLS v1.3 support.
Without this, OpenSSL refuses to generate ClientHello due to the cipher
suite list including only ciphers allowed with older versions than TLS
v1.3.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-14 12:40:33 +02:00
Ashok Ponnaiah
a22e235fd0 OWE: Add testing RSNE for OWE assoc response with driver SME/MLME
Allow RSNE to be overwritten for testing purposes also in the
driver-based SME/MLME case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-12 21:31:04 +02:00
Jouni Malinen
0887215d94 nl80211: Do not try to add too large NL80211_ATTR_PMK for set/del PMKSA
The current cfg80211 limit for the maximum NL80211_ATTR_PMK length is
48, so anything larger than that will result in the operation completely
failing. Since the PMKSA entries can be used without the PMK for most
purposes (the main use case for PMK currently is offloaded FILS
authentication), try to go ahead by configuring only the PMKID for the
case where 64-octet PMK is needed (which is currently limited to only
DPP with NIST P-521 and brainpoolP512r1 curves). This can fix DPP
connections with drivers that expect to get the PMKID through this
interface while still leaving the actual 4-way handshake for user space.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-10 12:16:53 +02:00
Jouni Malinen
e7f6e6ee1b nl80211: Print NL80211_CMD_{SET,DEL}_PMKSA failures in debug log
This makes it easier to notice if the driver operation to manage PMKSA
cache information fails unexpectedly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-10 12:10:07 +02:00
Jouni Malinen
659ac96d7f ieee802_11_mgmt: Handle frame info more consistently
Check for the fi parameter to be non-NULL before trying to fetch the
ssi_signal information similarly to how the fi->freq was already
handled. While the meta information is supposed to be available, it
looks like there is at least one corner case where fi == NULL could be
used (Authentication frame reprocessing after RADIUS-based ACL).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-07 12:34:41 +02:00
Ashok Ponnaiah
458d8984de SAE: Reject request with mismatching PMKID (no PMKSA cache entry)
Reject SAE association request when PMKID is included in the RSNE, but
the corresponding PMKSA is not available in the AP.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-02-07 12:24:36 +02:00
Kiran Kumar Lokere
5ac4346426 Define new QCA vendor sub command for wifi test configuration
Define a new QCA vendor sub command for configuring the device with wifi
test configuration. Add new test config attributes for this sub command
that are used to configure the device for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-07 12:11:47 +02:00
Ashok Ponnaiah
79ce2d519b OWE: Rename function to match use (driver-SME/MLME)
This function is used to process a (Re)Association Request frame, so
rename it appropriately to mention assoc_req instead of auth_req.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-02-06 20:27:41 +02:00
Ashok Ponnaiah
759da93a89 OWE: Check for ECDH availability before use (driver-SME/MLME)
Verify that the STA has ECDH data available before trying to use this
data to add the OWE DH Params element.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-02-06 20:25:41 +02:00
Ashok Ponnaiah
af65ef28f4 OWE: Add RSNE when not using PMKSA caching (driver-SME/MLME)
RSNE needs to be added both with and without use of PMKSA caching.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-02-06 20:22:53 +02:00
Ashok Ponnaiah
5850cba384 OWE: Support DH groups 20 and 21 with driver-SME/MLME
This was already the case with the hostapd-based SME/MLME
implementation, but the OWE DH Param element construction for the
driver-based SME/MLME needed a matching change to set the group
properly.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-02-06 20:20:22 +02:00
Michal Kazior
f9854c183d hostapd: Fix wpa_psk_file support for FT-PSK
For FT-PSK sm->xxkey was populated with only the first password on the
linked list (i.e., last matching password in the wpa_psk_file) in
INITPSK. This caused only that password to be recognized and accepted.
All other passwords were not verified properly and subsequently
prevented clients from connecting.

Hostapd would report:

 Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
 Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
 Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: invalid MIC in msg 2/4 of 4-Way Handshake
 Jan 30 12:55:45 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout

Signed-off-by: Michal Kazior <michal@plumewifi.com>
2018-02-04 12:39:23 +02:00
Simon Dinkin
d1e3d40d04 common: Fix the description of wpa_ctrl_request() function
The blocking timeout of this function was changed from 2 seconds to 10
seconds in this commit 1480633f ("Use longer timeout in
wpa_ctrl_request()"), but the description was never changed accordingly.

Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-02-03 12:42:15 +02:00
David Messer
82424732af Fix compiler issue with CONFIG_TESTING_OPTIONS
Use the preprocessor conditional "ifdef" instead of "if" before
CONFIG_TESTING_OPTIONS to prevent an issue on build systems that treat
undefined preprocessor identifiers as an error.

Signed-off-by: David Messer <david.messer@garmin.com>
2018-02-03 12:41:09 +02:00
Sunil Dutt
40a68f3384 nl80211: Create a netlink socket handle for the Connect interface
This netlink socket handle owns the connect request and is further used
by the host driver/kernel to request for the external authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 19:02:44 +02:00
Sunil Dutt
ba71cb821a nl80211: Introduce the interface for external authentication
This command/event interface can be used by host drivers that do not
define separate commands for authentication and association but rely on
wpa_supplicant for the authentication (SAE) processing.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 18:51:04 +02:00
Guisen Yang
8678b14faa Add new QCA vendor commands for thermal shutdown
Add new QCA vendor commands and attributes to get thermal information
and send thermal shutdown related commands. Indicates the driver to
enter the power saving mode or resume from the power saving mode based
on the given temperature and thresholds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 18:35:06 +02:00
Jouni Malinen
99576f6f3c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-01-31.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-02 18:34:14 +02:00
Ashok Ponnaiah
cd483be252 OWE: Use PMKSA caching if available with driver AP MLME
If a matching PMKSA cache entry is present for an OWE client, use it and
do not go through DH while processing Association Rquest frame.
Association Response frame will identify the PMKID in such a case and DH
parameters won't be present.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-02-01 23:58:46 +02:00
Ashok Ponnaiah
a4668c6812 OWE: Handle unsupported finite cyclic group with driver MLME
Handle OWE unsupported finite cyclic group in (Re)Association Request
frame when not using the hostapd SME/MLME.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-02-01 23:51:19 +02:00
Ashok Ponnaiah
f811cc83b3 atheros: Send correct SSID length to the driver
Send the exact SSID length to the driver by removing the legacy +1
padding.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-02-01 23:45:12 +02:00
Srinivas Dasari
e005725a69 nl80211: Add DPP and OWE AKM selectors to CONNECT/ASSOC request
This is needed to support drivers that use NL80211_ATTR_AKM_SUITES.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2018-01-31 11:21:10 +02:00
Subhani Shaik
2cc2a0a7ea Extend QCA vendor NDP params to support schedule update indication
Add additional NDP attributes and NDP subcommand value which is
provided as part of schedule update indication from driver/firmware
to HAL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-29 20:43:10 +02:00
Subhani Shaik
a7769f6da2 Update QCA vendor commands to match ASOP
This updates QCA vendor command and attribute definitions to match AOSP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-29 20:40:54 +02:00
Ashok Ponnaiah
18e3e9c6e0 OWE: Transition mode with non-AP-MLME
Add OWE Transition IE in build_ap_extra() ies to support drivers that do
not use hostapd MLME.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-01-29 19:01:43 +02:00
Ashok Ponnaiah
92b6e0c582 hostapd: Send broadcast Public Action frame with wildcard BSSID address
Send Public Action frames with wildcard BSSID when destination was
broadcast address. This is required for DPP PKEX where the recipients
may drop the frames received with different BSSID than the wildcard
address or the current BSSID.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-01-29 18:11:03 +02:00
Jouni Malinen
fe3f81e6a8 DPP: Update PKEX role-specific points
The y coordinates for some of these PKEX role-specific points were
changed in the PKEX specification, so update the implementation to
match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-26 18:06:49 +02:00
Venkateswara Swamy Bandaru
b4cd8b7e1a Add QCA vendor command and attributes for MSDU queue depth threshold
This allow MSDU queue depth threshold in target to be set per peer per
TID. This command contains MAC address, TID, update mask, and threshold
values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-22 10:56:26 +02:00
Jouni Malinen
703470bfa1 FILS: Fix extended capability bit setting for FILS in AP mode
FILS capability bit setting could have ended up setting boths biths 72
(correct) and 64 (incorrect; part of Max Number of MSDUs In A-MSDU). Fix
this by adding the missing break to the switch statement.

Fixed: f55acd909e ("FILS: Set FILS Capability bit in management frames from AP")
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-01-22 00:07:44 +02:00
Jouni Malinen
9e834fc648 EAP-SIM/AKA: Separate identity for MK derivation
This allows a separate configuration parameter (imsi_identity) to be
used in EAP-SIM/AKA/AKA' profiles to override the identity used in MK
derivation for the case where the identity is expected to be from the
last AT_IDENTITY attribute (or EAP-Response/Identity if AT_IDENTITY was
not used). This may be needed to avoid sending out an unprotected
permanent identity information over-the-air and if the EAP-SIM/AKA
server ends up using a value based on the real IMSI during the internal
key derivation operation (that does not expose the data to others).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2018-01-21 11:28:53 +02:00
Jouni Malinen
b6b5e3554a DPP: Get rid of compiler warnings on signed/unsigned comparison
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-01-21 11:24:33 +02:00
Jouni Malinen
630ea13346 DPP: Track M.x/N.x/L.x availability for ke derivation
This prevents an issue where duplicated Authentication Response frame
could have resulted in deriving a new ke value after M.x had already
been cleared. This would result in the following configuration exchange
failing. This could happen since many driver do not filter out
retransmitted Public Action frames and link layer. Furthermore, this
could have been used as a denial-of-service attack agains the DPP
exchange.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-21 11:13:01 +02:00
Sunil Dutt
c103c0b516 Extend NUD Stats to collect the data packet statistics
This commit extends the existing QCA vendor specific NUD_STATS_GET/SET
interface to also collect the statistics of the data packets. The
intention here is to get more comprehensive information to detect the
network unreachability.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 23:07:15 +02:00
Jouni Malinen
5d5ee699a5 Copy WLAN-Reason-Code value from Access-Reject to Deauthentication
This makes hostapd use the WLAN-Reason-Code value from Access-Reject
when disconnecting a station due to IEEE 802.1X authentication failure.
If the RADIUS server does not include this attribute, the default value
23 (IEEE 802.1X authentication failed) is used. That value was the
previously hardcoded reason code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 20:55:33 +02:00
Jouni Malinen
f75ed556c8 RADIUS: Add WLAN-Reason-Code attribute to Access-Reject
Make the RADIUS server in hostapd add WLAN-Reason-Code attribute to all
Access-Reject messages generated based on EAP-Failure from the EAP
server. For now, the reason code value is set to 23 (IEEE 802.1X
authentication failed). This can be extending in future commits to cover
addition failure reasons.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 20:45:12 +02:00
Jouni Malinen
feba5848be Replace RSNE group key management mismatch status/reason codes
Use "cipher out of policy" value instead of invalid group cipher (which
is for the group data frame cipher) and management frame policy
violation (which is used for MFPC/MFPR mismatch).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 01:12:00 +02:00
Sunil Dutt
9cc8303d32 Add QCA vendor command to get the WLAN MAC information
This commit introduces a QCA vendor command that provides the current
information of WLAN hardware MAC and its associated WLAN netdev
interfaces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 00:50:45 +02:00
Jouni Malinen
fd92095491 DPP: Report reception of Config Request to upper layers
This is mainly for protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 00:50:45 +02:00
Jouni Malinen
80f71b71d5 DPP: Authentication exchange retries and channel iteration in hostapd
This extends hostapd with previoiusly implemented wpa_supplicant
functionality to retry DPP Authentication Request/Response and to
iterate over possible negotiation channels.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-08 05:19:05 +02:00
Jouni Malinen
c5cc7a59ac Report offchannel RX frame frequency to hostapd
Not all code paths for management frame RX reporting delivered the
correct frequency for offchannel RX cases. This is needed mainly for
Public Action frame processing in some special cases where AP is
operating, but an exchange is done on a non-operational channel. For
example, DPP Initiator role may need to do this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-08 03:37:48 +02:00
Jouni Malinen
b7ed94834d GnuTLS: Add option to build with libnettle instead of libgcrypt
GnuTLS-based builds can now be done using either libnettle or libgcrypt
for crypto functionality:

CONFIG_TLS=gnutls
CONFIG_CRYPTO=nettle

CONFIG_TLS=gnutls
CONFIG_CRYPTO=gnutls

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-29 17:13:57 +02:00
Jouni Malinen
c36d822418 GnuTLS: Suite B validation
This allows OpenSSL-style configuration of Suite B parameters to be used
in the wpa_supplicant network profile. 128-bit and 192-bit level
requirements for ECDHE-ECDSA cases are supported. RSA >=3K case is
enforced using GnuTLS %PROFILE_HIGH special priority string keyword.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
dd227e67ab GnuTLS: Add support for disabling TLS versions
This extends GnuTLS support for tls_disable_v1_{0,1,2}=1 flags in the
phase1 network profile parameter in wpa_supplicant.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
5d292fcfbd GnuTLS: Implement tls_get_cipher()
Provide OpenSSL-style name for the negotiated cipher suite.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
5791d2117c GnuTLS: Make debug prints clearer for cert/key parsing
Indicate more clearly when the parsing succeeds to avoid ending the
debug prints with various internal GnuTLS internal error messages even
when the parsing actually succeeded in the end.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
622d4d49e2 GnuTLS: Add TEST_FAIL() to crypto routines for testing purposes
This allows number of hwsim test cases for local error conditions to be
executed with GnuTLS-based builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
f8697e8109 GnuTLS: Implement tls_get_version()
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:06 +02:00
Jouni Malinen
133f8d09fc GnuTLS: Implement HMAC functions using libgcrypt
Replace the internal HMAC MD5, SHA-1, and SHA256 implementations with
the ones from libgcrypt and also add the SHA384 and SHA512 versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:35:26 +02:00
Jouni Malinen
85c12a62ee GnuTLS: Implement sha{256,384,512}_vector() using libgcrypt
Replace the internal SHA256 implementation with the one from libgcrypt
and also add the SHA384 and SHA512 versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:21:37 +02:00
Jouni Malinen
cc3e7bfc3c GnuTLS: Use a helper function for hash functions
Use a shared helper function instead of implementing practically same
sequence separately for each hash function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:13:51 +02:00
Jouni Malinen
02b38d0ad5 Fix MFP-enabled test for disallowed TKIP
The test against use of TKIP was done only in MFP-required
(ieee80211w=2) configuration. Fix this to check the pairwise cipher for
MFP-enabled (ieee80211w=1) case as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 18:38:12 +02:00
Jouni Malinen
ba3d435fe4 SAE: Add option to require MFP for SAE associations
The new hostapd.conf parameter sae_require_pmf=<0/1> can now be used to
enforce negotiation of MFP for all associations that negotiate use of
SAE. This is used in cases where SAE-capable devices are known to be
MFP-capable and the BSS is configured with optional MFP (ieee80211w=1)
for legacy support. The non-SAE stations can connect without MFP while
SAE stations are required to negotiate MFP if sae_require_mfp=1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 18:27:58 +02:00
Jouni Malinen
c4fc7e31c7 SAE: Set special Sc value when moving to Accepted state
Set Sc to 2^16-1 when moving to Accepted state per IEEE Std 802.11-2016,
12.4.8.6.5 (Protocol instance behavior - Confirmed state). This allows
the peer in Accepted state to silently ignore unnecessary
retransmissions of the Confirm message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 12:19:08 +02:00
Jouni Malinen
abcbd0604c SAE: Add Rc variable and peer send-confirm validation
This implements the behavior described in IEEE Std 802.11-2016,
12.4.8.6.6 (Protocol instance behavior - Accepted state) to silently
discard received Confirm message in the Accepted state if the new
message does not use an incremented send-confirm value or if the special
2^16-1 value is used. This avoids unnecessary processing of
retransmitted Confirm messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 12:19:08 +02:00
Jouni Malinen
9249afc8e1 SAE: Print state changes in debug log
This makes it easier to follow state changes in SAE protocol instances.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 00:07:42 +02:00
Jouni Malinen
d8b841eba8 SAE: Make dot11RSNASAESync configurable
The new hostapd.conf parameter sae_sync (default: 5) can now be used to
configure the dot11RSNASAESync value to specify the maximum number of
synchronization errors that are allowed to happen prior to
disassociation of the offending SAE peer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-26 12:46:22 +02:00
Sean Parkinson
04b1bcc5f3 EAP-pwd: Use abstract crypto API
This makes it easier to use EAP-pwd with other crypto libraries than
OpenSSL.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 21:40:21 +02:00
Sean Parkinson
0c3d49afd8 EAP-EKE: Use abstract crypto API
This makes it easier to use EAP-pwd with other crypto libraries.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:38:17 +02:00
Sean Parkinson
c335507c8d Enhance crypto abstract API for DH
The patch offers alternate implementations of some functions using the
abstract cryptographic API.

This work was done in preparation for the changes to allow hostap to be
compiled with the wolfSSL cryptography and TLS library.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:38:10 +02:00
Jouni Malinen
0e02f2a9fa crypto: Implement new crypto API functions for DH
This implements crypto_dh_init() and crypto_dh_derive_secret() using
os_get_random() and crypto_mod_exp() for all crypto_*.c wrappers that
include crypto_mod_exp() implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 17:36:04 +02:00
Jouni Malinen
eac084cb38 OpenSSL: Implement new crypto API functions
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 17:35:41 +02:00
Sean Parkinson
23ff5d73df Enhance crypto abstract API
Add more crypto_*() wrappers to enable use of other crypto libraries
than OpenSSL.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:35:38 +02:00
Sean Parkinson
441e8bfbb4 Fix copy-paste errors in function comments
Use correct function names for the documentation.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:03:07 +02:00
Jouni Malinen
47e966abac DH: Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 17:02:53 +02:00
Jouni Malinen
3546ef5104 EAP-pwd: Remove trailing empty line
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-23 17:27:15 +02:00
Peng Xu
61536b5f41 Add new QCA vendor attribute for getting preferred channel
A new vendor attribute QCA_WLAN_VENDOR_ATTR_GET_WEIGHED_PCL is added for
getting preferred channels with weight value and a flag to indicate how
the channels should be used in P2P negotiation process.

Signed-off-by: Peng Xu <pxu@qti.qualcomm.com>
2017-12-22 20:34:51 +02:00
Jouni Malinen
1a2cb20d5b Fix couple of QCA_NL80211_VENDOR_SUBCMD_GET_SAR_LIMITS comments
Copy-paste errors in the command name (set vs. the new get).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-22 18:57:47 +02:00
Sunil Dutt
2fca2d2144 Vendor parameter for forcing RSNE override
Indicates the driver to use the RSNE as-is from the connect interface.
Exclusively used for the scenarios where the device is used as a testbed
device with special functionality and not recommended for production.
This helps driver to not validate the RSNE passed from user space and
thus allow arbitrary IE data to be used for testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-22 18:43:55 +02:00
Jeff Johnson
2d942ec4ac Define a QCA vendor command to retrieve SAR Power limits
Previously commit c79238b6a4 ('Define a
QCA vendor command to configure SAR Power limits') implemented a vendor
command interface to allow a userspace entity to dynamically control the
SAR power limits. Now implement a command to retrieve the current SAR
power limits.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:55:15 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Bhagavathi Perumal S
af832aa998 hostapd: Add average channel utilization in STATUS
This allows external programs to get the average channel utilization.
The average channel utilization is calculated and reported through
STATUS command. Users need to configure chan_util_avg_period and
bss_load_update_period in hostapd config to get the average channel
utilization.

Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
2017-12-12 00:48:27 +02:00
Bhagavathi Perumal S
802c0fd0c3 hostapd: Update BSS load update period dynamically
Recalculate the timeout value for each event instead of calculating this
once and then not allowing the timeout configuration to be changed
without fully stopping and restarting the interface.

This allows the bss_load_update_period configuration parameter to be
modified while a BSS continues operating.

Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
2017-12-12 00:48:25 +02:00
Jouni Malinen
778d87054e Fix error handling in bss_load_update_period parser
Do not update the configuration parameter before having verified the
value to be in the valid range.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-12 00:46:21 +02:00
Jouni Malinen
04ded82efa OWE: Fix error case handling with drivers that implement AP SME
owe_auth_req_process() can return NULL in error cases, but the caller
was not prepared for this. The p pointer cannot be overridden in such
cases since that would result in buffer length (p - buf) overflows. Fix
this by using a temporary variable to check the return value before
overriding p so that the hostapd_sta_assoc() ends up using correct
length for the IE buffer.

Fixes: 33c8bbd8ca ("OWE: Add AP mode handling of OWE with drivers that implement SME")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-11 13:41:10 +02:00
Jouni Malinen
c23e87d0d1 OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()
The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works
fine with OpenSSL as well, so use that same implementation for both to
avoid unnecessary maintanence of multiple versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:49:39 +02:00
Jouni Malinen
7641d485db BoringSSL: Use EC_KEY_new_by_curve_name() to simplify implementation
There is no need to go through EC_GROUP_new_by_curve_name(),
EC_KEY_new(), and EC_KEY_set_group() when a single call to
EC_KEY_new_by_curve_name() takes care of all that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:41:29 +02:00
Jouni Malinen
a5da39607d Revert "BoringSSL: Add DPP special cases regardless of claimed version number"
This reverts commit 5548453a2d since
BoringSSL added ECDSA_SIG_set0() and ECDSA_SIG_get0() in commit
8dc226ca8f1ef60737e1c1bf8cfcabf51d4068c7 ('Add some missing OpenSSL
1.1.0 accessors.') and updated X509_ALGOR_get0() prototype to match
OpenSSL 1.1.0 changes in commit e3b2a5d30d309091cab3e6a19dee7323c40d968d
('Const-correct X509_ALGOR_get0.').

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:27:04 +02:00
Jouni Malinen
0f30844722 Revert "BoringSSL: Define RSA_bits() helper"
This reverts commit 3cfbd3b0f6 since
BoringSSL added RSA_bits() in commit
8dc226ca8f1ef60737e1c1bf8cfcabf51d4068c7 ('Add some missing OpenSSL
1.1.0 accessors.').

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:22:05 +02:00
Jouni Malinen
a2c442be25 OpenSSL: Allow cipher list to be overridden for tls_suiteb=1 case
This allows wpa_supplicant configuration with phase1="tls_suiteb=1" to
use openssl_ciphers="ECDHE-RSA-AES256-GCM-SHA384" to further limit the
possible TLS cipher suites when using Suite B with RSA >3K keys. This
combination disables use of DHE and as such, mandates ECDHE to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 21:16:26 +02:00
Jouni Malinen
e5c7c2f28e Fix ap-mgmt-fuzzer build
Add src/ap/eth_p_oui.o into libap.a to be able to link ap-mgmt-fuzzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-09 18:41:55 +02:00
David Benjamin
63942cf0f3 OpenSSL: Avoid SSL*_use_default_passwd_cb()
These functions are a bit awkward to use for one-off file loads, as
suggested by the tls_clear_default_passwd_cb() logic. There was also
some historical mess with OpenSSL versions and either not having per-SSL
settings, having per-SSL settings but ignoring them, and requiring the
per-SSL settings.

Instead, loading the key with the lower-level functions seems a bit
tidier and also allows abstracting away trying both formats, one after
another.

Signed-off-by: David Benjamin <davidben@google.com>
2017-12-09 18:29:08 +02:00
David Benjamin
149143e31d OpenSSL: Remove unnecessary os_strdup() from password callback
There's no need to make an extra copy of private_key_passwd for
SSL_{CTX_,}set_default_passwd_cb().

Signed-off-by: David Benjamin <davidben@google.com>
2017-12-09 18:09:10 +02:00
Paul Zhang
9b0de99fac Add new QCA vendor attribute for WLAN Latency Module (WLM)
A new vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_LATENCY_LEVEL is added
for vendor sub-command QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION.
This attribute is for setting the level of WLM.

Signed-off-by: Paul Zhang <paulz@qti.qualcomm.com>
2017-12-08 14:15:19 +02:00
Jouni Malinen
055cd39788 tests: DPP P-256 test vectors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-07 13:35:19 +02:00
Jouni Malinen
f55269753c DPP: Allow protocol key to be overridden for testing purposes
This can be used for various testing needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-05 23:53:08 +02:00
Jouni Malinen
402c8e00b7 WPS: Map GCMP-256 and CCMP-256 to AES encryption type
This is needed to allow a credential to be built for GCMP-256/CCMP-256
networks that do not enable GCMP-128/CCMP-128.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:45 +02:00
Shiva Sankar Gajula
a2660890a5 WPS: Allow WPS to be enabled in CCMP-256 and GCMP-256 only cases
Extend the check against WPA/TKIP only configuration by adding CCMP-256
and GCMP-256 to the list of allowed ciphers. This is needed to allow WPS
to be enabled in AP configurations where neither CCMP-128 nor GCMP-128
are enabled.

Signed-off-by: Shiva Sankar Gajula <sgajula@qti.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
163fc3d562 DPP: Indicate to upper layers whether mutual authentication was used
DPP Responder selects whether mutual authentication is used. This commit
adds information about that selection to upper layers (ctrl_iface event
DPP-AUTH-DIRECTION mutual=<0/1>) on the Initiator side.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
34603767b8 DPP: Extend protocol testing to allow exchange termination
This extends dpp_test functionality to allow DPP exchanges to be stopped
when receiving a specified message.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
963d3149ab nl80211: Fix NL80211_MESHCONF_AUTO_OPEN_PLINKS encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and wpa_supplicant
needs to use same size when writing the attribute.

This fixes mesh mode regression triggered by kernel commit "net:
netlink: Update attr validation to require exact length for some types"
in v4.15-rc1 that resulted in the following debug log entry when trying
to join a mesh:
nl80211: mesh join failed: ret=-22 (Invalid argument)

Fixes: 6c1664f605 ("nl80211: Add new commands to support mesh interfaces")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 22:21:24 +02:00
Jouni Malinen
a2426829ce nl80211: Fix NL80211_ATTR_SMPS_MODE encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and
hostapd/wpa_supplicant needs to use same size when writing the
attribute.

This fixes AP mode regression triggered by kernel commit "net: netlink:
Update attr validation to require exact length for some types" in
v4.15-rc1 that resulted in the following debug log entry when trying to
enable beaconing:
nl80211: Beacon set failed: -34 (Numerical result out of range)

Fixes: da1080d721 ("nl80211: Advertise and configure SMPS modes")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 20:22:44 +02:00
Jouni Malinen
f0a383a981 DPP: Extend dpp_test with invalid E-Nonce in Config Req
Allow an E-Nonce attribute with invalid length to be sent for protocol
testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 22:01:10 +02:00
Jouni Malinen
55c6c85855 DPP: Extend dpp_test with invalid Transaction ID in Peer Disc Req
Allow a Transaction ID attribute with invalid length to be sent for
protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 21:56:19 +02:00
Krishna Rao
364039d223 Add QCA vendor command and attributes for RROP
Add QCA vendor command and attributes for vendor specific Representative
RF Operating Parameter (RROP) information. This information is intended
for optional use by external ACS. It provides guidance values for some
RF parameters that are used by the system during operation, so that
external ACS can utilize these to compare between channels, bands, etc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 18:47:32 +02:00
Jouni Malinen
0e19300d5b nl80211: Use consistent "0x" prefix for the cookie values
One of the event message for TX status was missing 'x' from the "0x"
prefix. Add that to make the used format consistent for all cookie debug
print cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 12:42:58 +02:00
Jouni Malinen
f981ce7298 DPP: Do not continue if public key hash derivation fails
sha256_vector() result was ignored apart from printing out the failure
in the debug log. This is not really a normal case and it is better to
reject the full operation rather than try to continue with an incorrect
public key hash value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 00:08:38 +02:00
Jouni Malinen
8a37d54ea7 DPP: Fix memory leak on dpp_auth_build_conf() error paths
The wpabuf for the message needs to be freed on the error paths.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 21:21:34 +02:00
Jouni Malinen
281f480c53 JSON: Fix a memory leak on an error path
If the second json_alloc_token() call failed to allocate memory,
json_parse() missed the first allocation on the error path. Assign the
root pointer earlier for that case to avoid the potential memory leak.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 13:22:44 +02:00
Jouni Malinen
622934128b DPP: Fix a memory leak on an error path
Need to free temporary allocations if dpp_build_conf_start() fails to
allocate memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 13:03:48 +02:00
Jouni Malinen
ed62d40116 DPP: Deinit PKEX instance on DPP_STOP_LISTEN
Previously this stopped only the DPP Authentication instance, but it is
better to clear both PKEX and Authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 12:24:01 +02:00
Jouni Malinen
634a130a52 DPP: Clear authentication instance on configuration completion in AP
wpa_supplicant was already doing this and hostapd needs to clear
hapd->dpp_auth when completing the exchange in Configurator (GAS server)
role.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 20:33:43 +02:00
Jouni Malinen
d3cb7ebe1b DPP: Do not process dpp_auth_ok_on_ack multiple times
An additional TX status callback could result in processing the DPP
authentication completion another time at least with hostapd. Fix this
by clearing the dpp_auth_ok_on_ack when processing it.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 20:20:26 +02:00
Jouni Malinen
82feacced0 DPP: Ignore GAS server status callback for unknown response
It was possible for a timeout from an old GAS server operation to
trigger DPP configuration failure during the subsequent DPP operation.
Fix this by verifying that the status callback is for the response
generated during the same DPP Authentication/Configuration exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:48:40 +02:00
Jouni Malinen
a2588be82c DPP: Add DPP_CONFIGURATOR_SIGN support to hostapd
Configurator signing its own Connector was previously supported only in
wpa_supplicant. This commit extends that to hostapd to allow an AP
acting as a Configurator to self-configure itself.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:24:20 +02:00
Jouni Malinen
7eb6bfb45d DPP: Move hostapd Configurator/bootstrap data into global context
This moves the Configurator and Bootstrapping Information data from
struct hostapd_data (per-BSS) to struct hapd_interfaces (per-hostapd
process). This allows the information to be maintained over interface
restarts and shared between interfaces.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:24:20 +02:00
Jouni Malinen
73f21929a7 DPP: Auto-generate Initiator bootstrapping info if needed
Instead of using the all-zeros Initiator Bootstrapping Key Hash when no
local bootstrapping key is configuref for the Initiator, automatically
generate a temporary bootstrapping key for the same curve that the
Responder uses. If the Responder indicates that it wants to do mutual
authentication, provide the URI for the auto-generated bootstrapping key
in the DPP-RESPONSE-PENDING event for upper layers to display the QR
Code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-26 17:41:22 +02:00
Sriram R
725a953aea nl80211: Filter global events based on wiphy
Avoid same interface processing nl80211 events when at least one of
IFIDX, WDEV, or WIPHY index attribute is available in the nl80211 event
message.

Previously, a same interface processes events when ifidx and wdev id
attribute were not available in the nl80211 message. This is extended to
check the presence of wiphy index attribute as well since some radar
notifications include only WIPHY index attrbute in the nl80211 message.

Signed-off-by: Sriram R <srirrama@qti.qualcomm.com>
2017-11-26 12:42:56 +02:00
Bhagavathi Perumal S
0bd7f104c1 hostapd: Add supported rate information into STATUS and STA
These allow external programs to determine supported legacy, HT, and VHT
rates of an interface or a STA.

Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
2017-11-25 13:25:09 +02:00
Jouni Malinen
1489fcf87d FILS: Do not leave error value in left counter
If fils_decrypt_assoc() were to fail on the AP side, the previous
implementation could have continued through the response generation
using left = -1. That could have resulted in unexpected processing if
this value were to be used as the length of the remaining (unencrypted)
IEs. Fix this by not updating left in the failure case.

Fixes: 78815f3dde ("FILS: Decrypt Association Request elements and check Key-Auth (AP)")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 12:26:38 +02:00
Jouni Malinen
beae255a72 WPA: Check wpa_eapol_key_mic() result on TX
Verify that nothing unexpected happened with EAPOL-Key Key MIC
calculation when transmitting EAPOL-Key frames from the Authenticator.
This should not be able to happen in practice, but if if it does, there
is no point in sending out the frame without the correct Key MIC value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 12:13:26 +02:00
Jouni Malinen
acc555f9e6 DPP: Allow PKEX x/X and y/Y keypairs to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 01:41:50 +02:00
Jouni Malinen
d722c50d0a DPP: Print more interim EC_POINT results into debug log
This makes it easier to debug issues related to DPP/PKEX EC operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 01:02:59 +02:00
Jouni Malinen
2bdc47a945 DPP: Allow PKEX own/peer MAC addresses to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:47:52 +02:00
Jouni Malinen
af4103e5e9 DPP: Provide peer_mac to PKEX Initiator through function argument
Avoid unnecessary direct write to a struct dpp_pkex member from outside
dpp.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:32:33 +02:00
Jouni Malinen
918a2ac40f DPP: Work around missing EVP_PKEY_CTX_set_ec_param_enc()
This allows compilation with older OpenSSL 1.0.1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:31:12 +02:00
Jouni Malinen
3ca4be1eaa DPP: Remove compiler warnings about signed/unsigned comparisons
These timestamp comparisons did not use matching signedness.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:31:12 +02:00
Jouni Malinen
116454f460 DPP: Fix error return value in dpp_auth_conf_rx()
Commit 03abb6b541 ('DPP: Reject unexpected
Req/Resp message based on Auth/PKEX role') used incorrect type of error
value (NULL vs. -1). Fix that.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:20:39 +02:00
Hu Wang
63dc0f9c4d hostapd: Disassoc STA without WPA/RSN IE if AP proto is WPA/RSN
With the AP proto configured being WPA/RSN and SME in the
driver, the previous implementation in hostapd is to not
process hostapd_notif_assoc() due to "No WPA/RSN IE from STA",
if the (Re)Association Request frame is without the WPA/RSN IEs.

Enhance that to disassociate such station provided the AP is not using
WPS.

Signed-off-by: Hu Wang <huw@codeaurora.org>
2017-11-23 20:12:34 +02:00
bhagavathi perumal s
cc79e06f00 hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STA
This allows external applications to get event indication for Probe
Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on
per-request basis. For example, user has to send ctrl iface cmd "ATTACH
probe_rx_events=1" to enable the Probe Request frame events.

Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-11-23 20:12:34 +02:00
Jouni Malinen
248264c622 DPP: Stop Authentication Request attempts if no response after ACK
If unicast Authentication Request frame is used and the peer ACKs such a
frame, but does not reply within the two second limit, there is no need
to continue trying to retransmit the request frames since the peer was
found, but not responsive.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 00:22:13 +02:00
Jouni Malinen
e3a5882b3e DPP: Add SAE credential support to Configurator
The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to
specify that the legacy configuration object is for SAE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 21:24:08 +02:00
Jouni Malinen
5dd745b738 DPP: Add akm=sae and akm=psk+sae support in Enrollee role
This allows DPP to be used for enrolling credentials for SAE networks in
addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK
and FT-SAE cases automatically.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 21:23:51 +02:00
Jouni Malinen
a444673957 DPP: Protocol testing capability to send invalid I-Nonce in Auth Req
Extend dpp_test to cover one more invalid behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 16:23:42 +02:00
Jouni Malinen
00d2d13db2 DPP: Retry PKEX Exchange Request frame up to five times
Retransmit the PKEX Exchange Request frame if no response from a peer is
received. This makes the exchange more robust since this frame is sent
to a broadcast address and has no link layer retries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 15:54:35 +02:00
Jouni Malinen
ab0375508d TDLS: Add testing capability to send TPK M2 twice
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-21 00:48:52 +02:00
Jouni Malinen
4b8de0c929 DPP: Protocol testing for invalid Peer Discovery Req/Resp values
Extend dpp_test to allow more invalid attribute values to be written
into Peer Discovery Request/Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 17:15:02 +02:00
Jouni Malinen
f9cf7d03f1 DPP: Protocol testing for invalid Config Attrib Object value
Extend dpp_test to cover a case where Config Attrib Object value is
invalid in Configuration Request frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 14:13:20 +02:00
Jouni Malinen
3f35ec2dc3 DPP: Protocol testing for invalid DPP Status value
Extend dpp_test to cover cases where DPP Status value is invalid in
Authentication Response/Confirm frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 14:13:16 +02:00
Jouni Malinen
9efa531499 DPP: Use helper functions to build Bootstrap Key Hash attributes
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 12:41:57 +02:00
Jouni Malinen
acdf703d50 DPP: Replace custom undefined attr with DPP Status in after-wrapped data
This has the same impact and is needed for some testing needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 12:32:00 +02:00
Jouni Malinen
56f24d1da0 DPP: Use a helper function to build DPP Status attribute
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 12:27:14 +02:00
Jouni Malinen
65ecce87fd DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash
Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key
Hash value in DPP Authentication frames is invalid (flip one bit).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:02 +02:00
Jouni Malinen
b6b4226bdd DPP: Protocol testing capability to generate invalid Protocol Key
This extends dpp_test to allow invalid Initiator/Responder Protocol Key
to be written into the Authentication Request/Response frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 00:11:44 +02:00
Jouni Malinen
c6eb3e34b6 Stronger GTK derivation routine
If the build include SHA384, use that to derive GTK from GMK. In
addition, add more random bytes bytes to the PRF-X() context data for
longer GTK to reduce dependency on the randomness of the GMK.

GMK is 256 bits of random data and it was used with SHA256, so the
previous design was likely sufficient for all needs even with 128 bits
of additional randomness in GTK derivation. Anyway, adding up to 256
bits of new randomness and using SHA384 can be helpful extra protection
particularly for the cases using GCMP-256 or CCMP-256 as the group
cipher.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-11-18 17:50:09 +02:00
Jouni Malinen
94619905c8 DPP: Fix dpp_test_gen_invalid_key() with BoringSSL
Unlike OpenSSL, BoringSSL returns an error from
EC_POINT_set_affine_coordinates_GFp() is not on the curve. As such, need
to behave differently here depending on which library is used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 17:50:08 +02:00
Jouni Malinen
746c1792ac DPP: Build bootstrapping key DER encoding using custom routine
While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use
the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem
to work with BoringSSL. Since this is not exactly robust design, replace
use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules
on SubjectPublicKeyInfo (compressed format of the public key,
ecPublicKey OID, parameters present and indicating the curve by OID).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 17:50:02 +02:00
Jouni Malinen
f2d27ef94c DPP: Use a helper function to DER encode bootstrapping key
This routine was previously implemented twice using i2d_EC_PUBKEY().
There is no need to duplicate that implementation and especially since
it looks like this implementation needs to be replaced for BoringSSL,
start by using a shared helper function for both locations so that there
is only a single place that uses i2d_EC_PUBKEY() to build the special
DPP bootstrapping key DER encoding.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 12:14:21 +02:00
Jouni Malinen
c1564149a6 BoringSSL: Add AES support with 192-bit keys
BoringSSL restored the previously removed AES-192 ECB support in ("Add
AES-192 ECB.") commit. Since this is needed for DPP with the P-384
curve, restore support for this through EVP_aes_192_ecb().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 21:03:04 +02:00
Jouni Malinen
edd72f55f8 OpenSSL: Debug message if requested AES key length is not supported
This makes it clearer why some AES operations fail especially with
BoringSSL where the 192-bit case is not supported.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 20:59:25 +02:00
Jouni Malinen
5548453a2d BoringSSL: Add DPP special cases regardless of claimed version number
It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a
1.1.0 version, but it does not provide ECDSA_SIG_set0() or
ECDSA_SIG_get0(). For now, add the helper functions regardless of the
version BoringSSL claims to be. Similarly, include the X509_ALGOR_get0()
workaround unconditionally for BoringSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 20:44:42 +02:00
Jouni Malinen
f29761297b BoringSSL: Implement crypto_ecdh_init()
BoringSSL does not provide some of the OpenSSL API that was used here,
so update this to use similar design to what was already done with DPP
key derivation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 20:41:25 +02:00
Jouni Malinen
7721fe082b BoringSSL: Comment out SSL_set_default_passwd_cb*() calls
It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a
1.1.0 version, but it does not provide SSL_set_default_passwd_cb*(). For
now, comment out this regardless of the version BoringSSL claims to be.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 20:34:17 +02:00
Jouni Malinen
b9dc63c261 BoringSSL: Comment out SSL_set1_sigalgs_list() call
It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a
1.1.0 version, but it does not provide SSL_set1_sigalgs_list(). For now,
comment out this regardless of the version BoringSSL claims to be.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 20:30:37 +02:00
Jouni Malinen
3cfbd3b0f6 BoringSSL: Define RSA_bits() helper
It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a
1.1.0 version, but it does not provide RSA_bits(). For now, add this
backwards compatibility wrapper for BoringSSL regardless of the version
it claims to be.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 20:24:46 +02:00
Jouni Malinen
27781c0ab5 Allow group cipher selection to be overridden
The new hostapd configuration parameter group_cipher can now be used to
override the automatic cipher selection based on enabled pairwise
ciphers. It should be noted that selecting an unexpected group cipher
can result in interoperability issues and this new capability is mainly
for testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 12:31:41 +02:00
Edayilliam Jayadev
af6614ca10 Fix block comment style in QCA vendor attribute definition
Fix the block comment style issue introduced as part of commit
fbfceef3af ("Add QCA vendor commands for
spectral scan").

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 18:55:30 +02:00
tinlin
2115603a45 Add QCA_NL80211_VENDOR_SUBCMD_PEER_FLUSH_PENDING
Add sub-command QCA_NL80211_VENDOR_SUBCMD_PEER_FLUSH_PENDING to flush
pending packets in firmware. The attributes are listed in enum
qca_wlan_vendor_attr_flush_pending. The QCA_WLAN_VENDOR_ATTR_PEER_ADDR
specifies the peer MAC address and the QCA_WLAN_VENDOR_ATTR_AC specifies
the access category of the pending packets.

Signed-off-by: Lin Tingting <tinlin@qti.qualcomm.com>
2017-11-14 18:52:59 +02:00
Zhang Qian
27987b67fa Add new QCA vendor attribute for LL stats
A new vendor attribute QCA_WLAN_VENDOR_ATTR_LL_STATS_WMM_AC_PENDING_MSDU
is added for vendor sub-command QCA_NL80211_VENDOR_SUBCMD_LL_STATS_GET.
This attribute is for pending MSDUs corresponding to respective AC.

Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
2017-11-14 18:48:55 +02:00
Ashok Kumar Ponnaiah
41db74cf76 atheros: Process SAE authentication frames using EVENT_RX_MGMT
This adds support for SAE in AP mode with the atheros driver interface.
EVENT_RX_MGMT includes SAE processing while EVENT_AUTH would require
more changes to make this work.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 18:47:07 +02:00
Ashok Kumar Ponnaiah
3d9dd4b772 atheros: Generate EVENT_TX_STATUS events for management frames
This is needed for DPP functionality.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 18:44:05 +02:00
Beniamino Galvani
f5b74b966c common: Avoid conflict with __bitwise macro from linux/types.h
Undefine the __bitwise macro before defining it to avoid conflicts
with the one from linux/types.h; the same is done some lines above
when __CHECKER__ is defined. Fixes the following warning:

  In file included from ../src/l2_packet/l2_packet_linux.c:15:0:
  hostap/src/utils/common.h:438:0: warning: "__bitwise" redefined
   #define __bitwise

  In file included from /usr/include/linux/filter.h:9:0,
                   from ../src/l2_packet/l2_packet_linux.c:13:
  /usr/include/linux/types.h:21:0: note: this is the location of the previous definition
   #define __bitwise __bitwise__

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2017-11-14 18:23:47 +02:00
Masashi Honma
4109555ef7 DPP: Fix compiler warning of testing code
../src/common/dpp.c: In function 'dpp_test_gen_invalid_key':
../src/common/dpp.c:5531:10: warning: return makes integer from pointer without a cast [-Wint-conversion]
   return NULL;
          ^

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-11-14 18:22:58 +02:00
Jouni Malinen
1d624a0702 Reject PMK-to-PTK derivation with unsupported cipher
There should be no wpa_pmk_to_ptk() calls with the cipher argument
indicating a cipher that is not allowed as a pairwise cipher. However,
it looks like that was possible to happen with wlantest. Check for this
corner case explicitly to avoid generating confusing debug logs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 12:50:30 +02:00
Jouni Malinen
762fb4f066 DPP: Testing capability to send unexpected Authentication Response
This is for protocol testing to check what happens if the Responser
receives an unexpected Authentication Response instead of Authentication
Confirm.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:55:56 +02:00
Jouni Malinen
03abb6b541 DPP: Reject unexpected Req/Resp message based on Auth/PKEX role
This prevents issues where an unexpected message in the DPP
Authentication exchange or PKEX could result in undefined behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:55:56 +02:00
Jouni Malinen
95b0104a34 DPP: Retransmit DPP Authentication Response frame if it is not ACKed
This extends wpa_supplicant DPP implementation to retransmit DPP
Authentication Response frame every 10 seconds up to 5 times if the peer
does not reply with DPP Authentication Confirm frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:35:26 +02:00
Jouni Malinen
c1d3773967 DPP: Stop authentication exchange of DPP_STOP_LISTEN
Previously, this command stopped listen operation immediately, but if
there was an ongoing authentication exchange, a new listen operation was
started. This is not really expected behavior, so stop the
authentication exchange first with this command to avoid restarting
listen operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:35:26 +02:00
Jouni Malinen
d1f082644c DPP: Allowed initiator to indicate either role
The new role=either parameter can now be used with DPP_AUTH_INIT to
indicate that the initiator can take either the Configurator or Enrollee
role.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:45:05 +02:00
Jouni Malinen
f97ace34cb DPP: Support multiple channels for initiating DPP Authentication
This extends wpa_supplicant to iterate over all available channels from
the intersection of what the peer indicates and the local device
supports when initiating DPP Authentication. In addition, retry DPP
Authentication Request frame up to five times if no response is
received.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:45:05 +02:00
Jouni Malinen
a306ed5a58 DPP: Protocol testing to allow missing attributes in peer discovery
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-06 12:40:18 +02:00
Jouni Malinen
1fafdf1124 DPP: Add DPP_LISTEN and DPP_STOP_LISTEN to hostapd
This is an initial step in allowing non-operating channel operations
with DPP when hostapd is the Responder. For now, this is only used for
specifying role=configurator/enrollee and qr=mutual cases similarly to
the wpa_supplicant configuration for in Responder role. Request to use a
non-operating channel will be rejected.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-04 12:33:03 +02:00
Edayilliam Jayadev
fbfceef3af Add QCA vendor commands for spectral scan
Add the following vendor commands and their vendor attributes for
spectral scan.

 1) QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CONFIG
        Get current values of spectral parameters.
 2) QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_DIAG_STATS
        Get stats for spectral scan debug.
 3) QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CAP_INFO
        Get the spectral hardware capability.
 4) QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_STATUS
        Get the current status of spectral scan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:47:32 +02:00
Sunil Dutt
bb9808fa9f P2P: Continue P2P_WAIT_PEER_(IDLE/CONNECT) sequence on a listen cancel
Some drivers may accept the remain-on-channel command, but instead of
indicating start event for remain-on-channel, just indicate that the
operation has been canceled immediately. This listen cancel from the
WAIT_PEER_CONNECT state ended up in discontinuation of further
WAIT_PEER_IDLE/WAIT_PEER_CONNECT state transitions. Hence, delay the
subsequent IDLE state by 100 ms.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:47:32 +02:00
Zhang Qian
962b8fcf49 Add new QCA vendor attributes for MAC counters
Add QCA_WLAN_VENDOR_ATTR_LL_STATS_EXT_REPORT_TIME
and QCA_WLAN_VENDOR_ATTR_LL_STATS_EXT_MEASUREMENT_TIME to record
timestamp and duration for the last MAC counters. Some user layer
application is delay sensitive. It needs to know time stamp and
measurment duration for the counters.

Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
2017-11-03 21:21:55 +02:00
Jouni Malinen
af7f10fcdf DPP: Protocol testing for invalid Config Resp attribute values
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:14:08 +02:00
Jouni Malinen
8c99e6264a DPP: Report Config Request/Response failure reasons on control interface
This provides more details of failures to upper layer components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:04:17 +02:00
Jouni Malinen
f411ad1b86 DPP: Protocol testing to remove attributes from Config Req/Resp
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:04:17 +02:00
Jouni Malinen
7e0ebe21b0 DPP: Protocol testing - invalid I/R-Auth value in PKEX Commit-Reveal
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 20:18:24 +02:00
Jouni Malinen
89d0bf6783 DPP: Protocol testing - invalid Bootstrap Key value in PKEX Commit-Reveal
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
f31ef96dc3 DPP: Protocol testing - invalid Status value in PKEX Exchange Response
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
d05c82c4d0 DPP: Move PKEX z derivation on Responder to earlier phase
K and z can be derived already based on information available at the
time the PKEX Exchange Request is being processed, so move these there
from the PKEX Commit-Reveal Request processing since that matches the
DPP tech spec description close and allows PKEX exchange to be aborted
earlier if anything unexpected happens.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
578c9ea1ab DPP: Fix a typo in a debug print
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
5f5fff4363 DPP: Explicitly check that PKEX Qr is not the point-at-infinity
This was already done for Qi, but the same needs to be done for Qr as
well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
29ab69e4b0 DPP: PKEX counter t
Add limit on number of failed attempts that could have used PKEX code.
If the limit (5) is reached, drop the PKEX state (including the code)
and report this on the control interface to indicate that a new code
needs to be entered due to possible attack.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
039b8e7369 DPP: Terminate PKEX exchange on detection of a mismatching code
Clean up the pending PKEX exchange if Commit-Reveal Request processing
indicates a mismatch in the PKEX code. Previously, the this case was
silently ignored and the session was left in pending state that
prevented new PKEX exchanges from getting initated. Now, a new attempt
is allowed to be initiated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
fc0efa2a1e DPP: Use dpp_bn2bin_pad() helper to simplify code
Number of places writing BIGNUM values with left-padding were open
coding this helper functionality unnecessarily.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
e0247e7983 DPP: PKEX and STATUS_BAD_GROUP
Report mismatching finite cyclic group with PKEX Exchange Response using
STATUS_BAD_GROUP and provide more detailed error report over the control
interface on the peer device when this happens.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
2265353a4f DPP: Remove obsolete TODO comment on discovery object
The optional channel information was removed from the discovery object
in the DPP tech spec, so no need to maintain this TODO note anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
fe12ae777f Fix Status Code in TKIP countermeasures case
The previously used WLAN_REASON_MICHAEL_MIC_FAILURE (14) value as a
response to Authentication frame or (Re)Association Request frame is not
correct since the resp value is encoded in the Status Code (not Reason
Code) field. Status Code 14 is WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION
which is really what this value would have meant in the response frames.

There is no Michael MIC failure status code, so have to use the generic
"Unspecified failure" (1) reason code for these cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
1cfcbd32ac DPP: Testing capability to generate invalid PKEX encrypted key (M and N)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
d7e7b7122e DPP: Report PKEX failure reasons over control interface
This provides more information to upper layer software to report failure
reasons on the UI.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
61f9f27f80 DPP: Extend protocol testing to cover missing attributes in PKEX
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:53:55 +02:00
Jouni Malinen
b3e4cc5cbb DPP: Move PKEX Commit-Reveal Response building to a helper function
This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier
to add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 21:34:51 +02:00
Jouni Malinen
b0626c2a6b DPP: Move PKEX Commit-Reveal Request building to a helper function
This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to
add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 21:34:50 +02:00
Jouni Malinen
a5c3b41b2f DPP: Move PKEX Exchange Response building to a helper function
This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to
add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 21:34:17 +02:00
Jouni Malinen
60b9dd86fd DPP: Fix couple of typos in debug messages
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 21:34:03 +02:00
Jouni Malinen
06f2df0693 DPP: Fix hostapd control interface events for initiator case
Incorrect msg_ctx was registered for the wpa_msg() calls from the DPP
module.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 12:25:35 +02:00
Jouni Malinen
219d4c9fcb DPP: Report possible PKEX code mismatch in control interface
Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV
decryption fails. That is a likely sign of the PKEX code mismatch
between the devices.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 12:25:35 +02:00
Lior David
0c3bc1be09 Fix test build breakage when not compiling with ieee80211w support
Build breakage was introduced by commit
d8afdb210e ('Allow EAPOL-Key messages 1/4
and 3/4 to be retransmitted for testing') for some
CONFIG_TESTING_OPTIONS=y builds without CONFIG_IEEE80211W=y.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2017-11-01 12:50:20 +02:00
bhagavathi perumal s
ea4ace9c76 hostapd: Add max_txpower into STATUS command
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-31 11:49:41 +02:00
bhagavathi perumal s
bf6c65afce hostapd: Add Beacon interval and DTIM period into STATUS command
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-31 11:45:29 +02:00
bhagavathi perumal s
c7ae2b3104 hostapd: Add HT/VHT capability info into STATUS command
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-31 11:41:38 +02:00
bhagavathi perumal s
1f91a8bdea hostapd: Add HT/VHT capability info into STA command
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-31 11:37:20 +02:00
bhagavathi perumal s
65f9db6bc2 hostapd: Add extended capabilities into STA command
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-31 00:31:31 +02:00
bhagavathi perumal s
d1f3a81446 hostapd: Add [HT] flag into STA command
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-31 00:28:46 +02:00
bhagavathi perumal s
ba72b4b126 hostapd: Add Min/Max Transmit Power Capability into STA command
This provides access to the Minimum/Maximum Transmit Power Capabilitie
fileds (the nominal minimum/maximum transmit power with which the STA
is capable of transmitting in the current channel; signed integer in
units of decibels relative to 1 mW).

Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-31 00:22:58 +02:00
Ashok Kumar Ponnaiah
33c8bbd8ca OWE: Add AP mode handling of OWE with drivers that implement SME
Handle OWE DH exchange and key setup when processing the association
event from a driver that implements AP SME.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-30 23:24:42 +02:00
Ashok Kumar Ponnaiah
28d1264131 Check hostapd current_mode before dereferencing it in additional places
While most places using this should be for cases where the hw_features
functionality is required, there seem to be some paths that are getting
exposed in new OWE related operations where that might not be the case.
Add explicit NULL pointer checks to avoid dereferencing the pointer if
it is not set when operating with driver wrappers that do not provide
sufficient information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-30 23:20:25 +02:00
Jouni Malinen
348c93847a AP-side workaround for WNM-Sleep Mode GTK/IGTK reinstallation issues
Normally, WNM-Sleep Mode exit with management frame protection
negotiated would result in the current GTK/IGTK getting added into the
WNM-Sleep Mode Response frame. Some station implementations may have a
vulnerability that results in GTK/IGTK reinstallation based on this
frame being replayed. Add a new hostapd configuration parameter that can
be used to disable that behavior and use EAPOL-Key frames for GTK/IGTK
update instead. This would likely be only used with
wpa_disable_eapol_key_retries=1 that enables a workaround for similar
issues with EAPOL-Key. This is related to station side vulnerabilities
CVE-2017-13087 and CVE-2017-13088. To enable this AP-side workaround,
set wnm_sleep_mode_no_keys=1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-29 17:13:54 +02:00
Johannes Berg
3f5a1860a8 wpa_auth: Deplete group rekey eloop handler for strict rekeying
When strict group rekeying is in effect, every station that leaves will
cause a rekeying to happen 0.5 s after leaving. However, if a lot of
stations join/leave, the previous code could postpone this rekeying
forever, since it always re-registers the handling with a 0.5 s timeout.

Use eloop_deplete_timeout() to address that, only registering the
timeout from scratch if it wasn't pending.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-10-29 17:04:14 +02:00
Johannes Berg
92662fb281 Allow forcing group rekeying for testing purposes
In order to test the WoWLAN GTK rekeying KRACK mitigation, add a
REKEY_GTK hostapd control interface command that can be used at certain
points of the test.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-10-29 16:58:55 +02:00
Jouni Malinen
d270920692 DPP: Negotiation channel change request from Initiator
Allow the Initiator to request a different channel to be used for DPP
Authentication and DPP Configuration exchanges. This commit adds support
for this in wpa_supplicant with the optional neg_freq=<freq in MHz>
parameter in DPP_AUTH_INIT.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 16:08:02 +02:00
Jouni Malinen
e85b660129 DPP: Add DPP Status attribute into Peer Discovery Response
This was added in DPP tech spec v0.2.7 to allow result of network
introduction to be reported.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 12:16:15 +02:00
Jouni Malinen
19ef4289ca DPP: Process Authentication Confirm failure cases
Process Authentication Confirm with the two failure cases defined in the
spec: STATUS_NOT_COMPATIBLE and STATUS_AUTH_FAILURE. This verifies the
{R-nonce}k2 part and reports more detailed failure reason if the message
is valid.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 17:44:14 +03:00
Jouni Malinen
7d917ab048 DPP: Send Authentication Confirm failure reports
If Authentication Response processing fails due to R-capab
incompatibility or R-auth mismatch, send Authentication Confirm with
error status.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 17:44:14 +03:00
Jouni Malinen
978bc3f2af DPP: Auth Resp/Conf incorrect attribute values for protocol testing
This extends the dpp_test mechanism to allow I-nonce, R-capab, R-auth,
and I-auth values in Authentication Response/Confirm to use incorrect
values.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 17:44:10 +03:00
Jouni Malinen
9b51112031 DPP: Allow Responder to decide not to use mutual authentication
Previously, Initiator decided whether to use mutual authentication on
its own based on having own and peer bootstrapping info. This prevented
Responder from selecting not to use mutual authentication in such a
case. Fix this by allowed Initiator to fall back to non-mutual
authentication based on Responder choice if the bootstrapping mechanism
allows this (PKEX does not; it mandates use of mutual authentication).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-27 16:09:51 +03:00
Jouni Malinen
dcdaeab79c DPP: Report Auth Conf failures in control interface
This is useful for protocol testing purposes and UI needs to display
more detailed information about DPP exchanges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-27 16:09:51 +03:00
Jouni Malinen
f9c7d77029 DPP: Omission of Auth Conf attributes for protocol testing
This extends the dpp_test mechanism to allow each of the required
attributes in Authentication Confirm to be omitted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-27 16:09:51 +03:00
Jouni Malinen
26806abe85 DPP: Report invalid messages and failure conditions in control interface
This is useful for protocol testing purposes and UI needs to display
more detailed information about DPP exchanges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 22:45:17 +03:00
Jouni Malinen
ce9acce006 DPP: Omission of Auth Resp attributes for protocol testing
This extends the dpp_test mechanism to allow each of the required
attributes in Authentication Response to be omitted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 22:38:59 +03:00
Jouni Malinen
a03406dbe2 DPP: Move Authentication Response building into a separate function
This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok())
a bit by separating initialization steps for a DPP authentication
session from the code needed to build the frame. This allows
dpp_auth_build_resp_status() to share the helper function instead of
having to maintain a duplicated message construction implementation. In
addition, this makes it easier to remove some of the attributes for
protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 19:05:06 +03:00
Jouni Malinen
0e7cb8c6c1 DPP: Omission of Auth Req attributes for protocol testing
This extends the dpp_test mechanism to allow each of the required
attributes in Authentication Request to be omitted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:27:53 +03:00
Jouni Malinen
606a8e8d57 DPP: Move Authentication Request building into a separate function
This cleans up dpp_auth_init() a bit by separating initialization steps
for a DPP authentication session from the code needed to build the
frame. In addition, this makes it easier to remove some of the
attributes for protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:25:30 +03:00
Jouni Malinen
3749ad0e1d DPP: Explicitly check and reject 0x00 and 0x03 I/R-capab role
0x00 and 0x03 are not valid I/R-capabilities role values.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 17:21:57 +03:00
Jouni Malinen
af48810ba3 DPP: Report transmitted messages as control interface events
This is helpful for testing purposes and also for upper layer components
that may want to show more detailed progress through a DPP exchange.
Both the DPP-TX and DPP-TX-STATUS events are provided.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 17:21:57 +03:00
Jouni Malinen
a707393494 DPP: Report received messages as control interface events
This is helpful for testing purposes and also for upper layer components
that may want to show more detailed progress through a DPP exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 17:21:57 +03:00
Jouni Malinen
27fefbbb76 DPP: Remove unnecessary Wrapped Data checks from callers
Now that dpp_check_attrs() takes care of verifying that no attributes
are after the Wrapped Data attribute, the duplicated checks in hostapd
and wpa_supplicant side of the implementation can be removed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 17:21:57 +03:00
Jouni Malinen
0c881807b5 DPP: Verify that Wrapped Data attribute is the last one in the message
Do not allow any additional attributes to be included after the Wrapped
Data attribute.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 17:21:57 +03:00
Jouni Malinen
60239f60a6 DPP: Protocol testing framework
Add a generic mechanism for configuring the DPP implementation to behave
in particular different (mostly incorrect) ways for protocol testing
purposes. The new dpp_test parameter can be set to a non-zero integer to
indicate a specific behavior. This is only available in
CONFIG_TESTING_OPTIONS=y builds.

This commit include cases for an extra attribute being added after the
Wrapped Data attribute and Initiator/Responder capabilities having an
unexpected zero capability.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 17:21:57 +03:00
Michael Baird
5f7c9e50f5 EAP server: Add event messages for more EAP states
While using an external RADIUS server SUCCESS messages were not being
sent (internal was fine). Also add event messages for other states that
others might find useful, and consistency between the two.

Signed-off-by: Michael Baird <Michael.Baird@ecs.vuw.ac.nz>
2017-10-21 20:28:46 +03:00
andrekorol
a68e0d869f Fix a typo in a comment (the variable is ptk, not pkt)
Signed-off-by: Andre Rossi Korol <anrobits@yahoo.com.br>
2017-10-21 12:02:54 +03:00
Ben Greear
74e55b6585 Fix test build breakage when not compiling with mesh support
Build breakage was introduced by commit
16579769ff ('Add testing functionality for
resetting PN/IPN for configured keys') for some CONFIG_TESTING_OPTIONS=y
builds.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-10-21 10:59:15 +03:00
Jouni Malinen
3d0fb95583 WNM: Ignore BSS Transition Management frames in bss_transition=0 case
The hostapd bss_transition parameter was previously used to control
advertisement of BSS Transition Management support, but it was not used
when processing BSS Transition Management Query/Response frames. Add an
explicit check during frame processing as well so that any misbehaving
station is ignored. In addition to bss_transition=1, allow mbo=1 to be
used to mark the functionality enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-20 20:32:36 +03:00
Jouni Malinen
114f2830d2 WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case
The hostapd wnm_sleep_mode parameter was previously used to control
advertisement of WNM-Sleep Mode support, but it was not used when
processing a request to use WNM-Sleep Mode. Add an explicit check during
request processing as well so that any misbehaving station is ignored.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-20 17:39:42 +03:00
Jouni Malinen
3d6953288b Extend RESEND_* test commands to allow forcing plaintext TX
This allows hostapd testing functionality to be forced to send out a
plaintext EAPOL-Key frame with the RESEND_* command. That can be useful
in seeing how the station behaves if an unencrypted EAPOL frame is
received when TK is already configured.

This is not really perfect since there is no convenient way of sending
out a single unencrypted frame in the current nl80211 design. The
monitor interface could likely still do this, but that's not really
supposed to be used anymore. For now, clear and restore TK during this
operation. The restore part is not really working correctly, though,
since it ends up clearing the TSC value on the AP side and that shows up
as replay protection issues on the station. Anyway, this is sufficient
to generate sniffer captures to analyze station behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-19 18:32:16 +03:00
Jouni Malinen
4be5bc98a8 DPP: Update AES-SIV AD for PKEX frames
The protocol design was updated to protect the six octets in the header
before the attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-19 18:32:16 +03:00
Jouni Malinen
dc4d271c6d DPP: Update AES-SIV AD for DPP Authentication frames
The protocol design was updated to protect the six octets in the header
before the attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:51:30 +03:00
Vidyullatha Kanchanapally
084131c850 FILS: Allow eap_peer_get_erp_info() to be called without config
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 01:19:40 +03:00
Vidyullatha Kanchanapally
693eafb150 nl80211: Update FILS roam info from vendor roam event
Add support to update PMK, PMKID, and ERP next sequence number
from FILS roamed info.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-17 16:26:44 +03:00
Vidyullatha Kanchanapally
3c67e977de nl80211: Add support to send updated connection parameters
After an initial connection certain connection parameters may be
updated. It may be necessary to send these parameters to drivers since
these will be used in driver-initiated roaming cases. This commit
defines the driver_ops call for this and implements the needed
functionality for the nl80211 driver interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-17 16:04:51 +03:00
Vidyullatha Kanchanapally
cddfda7892 Add attributes to support roam+auth vendor event for FILS
Add additional attributes to specify the PMK, PMKID, and the ERP next
sequence number to the vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH. These are needed in case
of an offloaded FILS roaming.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-17 15:55:44 +03:00
Jouni Malinen
c0fe5f125a Clear BSSID information in supplicant state machine on disconnection
This fixes a corner case where RSN pre-authentication candidate from
scan results was ignored if the station was associated with that BSS
just before running the new scan for the connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-17 01:15:24 +03:00
Jouni Malinen
006fb845b8 nl80211: Use NL80211_BSS_LAST_SEEN_BOOTTIME if available
This allows a more accurate scan result age to be fetched than the one
available through NL80211_BSS_SEEN_MS_AGO.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-17 00:07:17 +03:00
Jouni Malinen
a6ea665300 Additional consistentcy checks for PTK component lengths
Verify that TK, KCK, and KEK lengths are set to consistent values within
struct wpa_ptk before using them in supplicant. This is an additional
layer of protection against unexpected states.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-17 00:07:17 +03:00
Jouni Malinen
6f234c1e2e Optional AP side workaround for key reinstallation attacks
This adds a new hostapd configuration parameter
wpa_disable_eapol_key_retries=1 that can be used to disable
retransmission of EAPOL-Key frames that are used to install
keys (EAPOL-Key message 3/4 and group message 1/2). This is
similar to setting wpa_group_update_count=1 and
wpa_pairwise_update_count=1, but with no impact to message 1/4
retries and with extended timeout for messages 4/4 and group
message 2/2 to avoid causing issues with stations that may use
aggressive power saving have very long time in replying to the
EAPOL-Key messages.

This option can be used to work around key reinstallation attacks
on the station (supplicant) side in cases those station devices
cannot be updated for some reason. By removing the
retransmissions the attacker cannot cause key reinstallation with
a delayed frame transmission. This is related to the station side
vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, and CVE-2017-13081.

This workaround might cause interoperability issues and reduced
robustness of key negotiation especially in environments with
heavy traffic load due to the number of attempts to perform the
key exchange is reduced significantly. As such, this workaround
is disabled by default (unless overridden in build
configuration). To enable this, set the parameter to 1.

It is also possible to enable this in the build by default by
adding the following to the build configuration:

CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-17 00:06:26 +03:00
Jouni Malinen
bb06748f45 Make last received ANonce available through control interface
This makes it easier to debug 4-way handshake implementation issues
without having to use a sniffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
d8afdb210e Allow EAPOL-Key messages 1/4 and 3/4 to be retransmitted for testing
The new hostapd control interface commands "RESEND_M1 <addr>" and
"RESEND_M3 <addr>" can be used to request a retransmission of the 4-Way
Handshake messages 1/4 and 3/4 witht he same or modified ANonce (in M1).

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
6bc2f00f44 Allow group key handshake message 1/2 to be retransmitted for testing
The new hostapd control interface command "RESEND_GROUP_M1 <addr>" can
be used to request a retransmission of the Group Key Handshake message
1/2 for the current GTK.

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
16579769ff Add testing functionality for resetting PN/IPN for configured keys
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:43:10 +03:00
Jouni Malinen
b488a12948 Clear PMK length and check for this when deriving PTK
Instead of setting the default PMK length for the cleared PMK, set the
length to 0 and explicitly check for this when deriving PTK to avoid
unexpected key derivation with an all-zeroes key should it be possible
to somehow trigger PTK derivation to happen before PMK derivation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
00583ef111 Add debug prints on PMK configuration in WPA supplicant
This makes it easier to understand the cases where PMK gets configured
based on information from upper layer call (e.g., a PSK).

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Mathy Vanhoef
a00e946c1c WPA: Extra defense against PTK reinstalls in 4-way handshake
Currently, reinstallations of the PTK are prevented by (1) assuring the
same TPTK is only set once as the PTK, and (2) that one particular PTK
is only installed once. This patch makes it more explicit that point (1)
is required to prevent key reinstallations. At the same time, this patch
hardens wpa_supplicant such that future changes do not accidentally
break this property.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2017-10-16 02:03:47 +03:00
Jouni Malinen
a0bf1b68c0 Remove all PeerKey functionality
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.

This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.

Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
e760851176 FILS: Do not allow multiple (Re)Association Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
(Re)Association Response frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
2f1357fb62 FILS: Accept another (Re)Association Request frame during an association
The previous implementation ended up starting a new EAPOL-Key 4-way
handshake if the STA were to attempt to perform another association.
This resulted in immediate disconnection since the PTK was not ready for
configuring FILS TK at the point when EAPOL-Key msg 1/4 is sent out.
This is better than alloing the association to continue with the same TK
reconfigured, but not really ideal.

Address this potential sequence by not starting a new 4-way handshake on
the additional association attempt. Instead, allow the association to
complete, but do so without reconfiguring the TK to avoid potential
issues with PN reuse with the same TK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
df94906201 Add MGMT_TX_STATUS_PROCESS command for testing purposes
This allows ext_mgmt_frame_handling=1 cases with hostapd to process TX
status events based on external processing. This is useful for increased
test coverage of management frame processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
2a9c5217b1 FT: Do not allow multiple Reassociation Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
Reassociation Response frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
ff89af96e5 TDLS: Reject TPK-TK reconfiguration
Do not try to reconfigure the same TPK-TK to the driver after it has
been successfully configured. This is an explicit check to avoid issues
related to resetting the TX/RX packet number. There was already a check
for this for TPK M2 (retries of that message are ignored completely), so
that behavior does not get modified.

For TPK M3, the TPK-TK could have been reconfigured, but that was
followed by immediate teardown of the link due to an issue in updating
the STA entry. Furthermore, for TDLS with any real security (i.e.,
ignoring open/WEP), the TPK message exchange is protected on the AP path
and simple replay attacks are not feasible.

As an additional corner case, make sure the local nonce gets updated if
the peer uses a very unlikely "random nonce" of all zeros.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
0adc9b28b3 Fix PTK rekeying to generate a new ANonce
The Authenticator state machine path for PTK rekeying ended up bypassing
the AUTHENTICATION2 state where a new ANonce is generated when going
directly to the PTKSTART state since there is no need to try to
determine the PMK again in such a case. This is far from ideal since the
new PTK would depend on a new nonce only from the supplicant.

Fix this by generating a new ANonce when moving to the PTKSTART state
for the purpose of starting new 4-way handshake to rekey PTK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Mathy Vanhoef
53bb18cc8b Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver
and the TK part cleared from memory. This prevents an attacker from
trying to trick the client into installing an all-zero TK.

This fixes the earlier fix in commit
ad00d64e7d ('Fix TK configuration to the
driver in EAPOL-Key 3/4 retry case') which did not take into account
possibility of an extra message 1/4 showing up between retries of
message 3/4.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2017-10-16 02:03:47 +03:00
Jouni Malinen
87e2db16ba Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
This extends the protection to track last configured GTK/IGTK value
separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
corner case where these two different mechanisms may get used when the
GTK/IGTK has changed and tracking a single value is not sufficient to
detect a possible key reconfiguration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Mathy Vanhoef
cb5132bb35 Prevent reinstallation of an already in-use group key
Track the current GTK and IGTK that is in use and when receiving a
(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
not install the given key if it is already in use. This prevents an
attacker from trying to trick the client into resetting or lowering the
sequence counter associated to the group key.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2017-10-16 02:03:47 +03:00
Mathy Vanhoef
0e3bd7ac68 hostapd: Avoid key reinstallation in FT handshake
Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.

This issue was introduced by the commit
0e84c25434 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2017-10-16 02:03:47 +03:00
Jouni Malinen
c53eb94616 OWE: Remove forgotten developer debug prints
These were used during initial implementation testing and were not
supposed to get committed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-11 23:43:59 +03:00
Jouni Malinen
2377c1caef SAE: Allow SAE password to be configured separately (AP)
The new sae_password hostapd configuration parameter can now be used to
set the SAE password instead of the previously used wpa_passphrase
parameter. This allows shorter than 8 characters and longer than 63
characters long passwords to be used. In addition, this makes it
possible to configure a BSS with both WPA-PSK and SAE enabled to use
different passphrase/password based on which AKM is selected.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-11 23:10:19 +03:00
Jouni Malinen
58efbcbcd4 DPP: Fix static analyzer warnings in key generation and JWK construction
Memory allocation failures could have resulted in error paths that
dereference a NULL pointer or double-freeing memory. Fix this by
explicitly clearing the freed pointer and checking allocation results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-11 18:19:03 +03:00
Jouni Malinen
91cc34bf32 OWE: Allow set of enabled DH groups to be limited on AP
The new hostapd configuration parameter owe_groups can be used to
specify a subset of the allowed DH groups as a space separated list of
group identifiers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-10 21:03:57 +03:00
Jouni Malinen
265bda3444 OWE: Allow DH Parameters element to be overridden for testing purposes
This allows CONFIG_TESTING_OPTIONS=y builds of wpa_supplicant to
override the OWE DH Parameters element in (Re)Association Request frames
with arbitrary data specified with the "VENDOR_ELEM_ADD 13 <IE>"
command. This is only for testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-10 18:26:29 +03:00
Jouni Malinen
8c19ea3f21 DPP: Add the crypto suite field to the frames
This additional field was added to DPP Public Action frames in DPP tech
spec v0.2.3 to support cryptographic agility in the future.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-10 01:30:08 +03:00
Jouni Malinen
c77e2ff096 DPP: Remove C-sign-key expiry
This was removed in DPP tech spec v0.2.3.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-10 01:17:33 +03:00
Jouni Malinen
6254045a51 DPP: Explicitly delete the PKEX secret element K upon generation of z
This was added as an explicit requirement in DPP tech spec 0.2.3.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-10 00:56:21 +03:00
Jouni Malinen
0e6709a4ea DPP: Rename PKEX secret element from Z to K
This matches the change in the DPP tech spec to make this less likely to
be confused with the shared secret z.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-10 00:52:35 +03:00
Jouni Malinen
6573171792 DPP: Verify that PKEX Qi is not the point-at-infinity
This was added as an explicit requirement in DPP tech spec v0.2.3.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-10 00:42:34 +03:00
Jouni Malinen
a891388184 OWE: Transition mode information based on BSS ifname
The owe_transition_bssid and owe_transition_ssid parameters can now be
replace with owe_transition_ifname to clone the BSSID/SSID information
automatically in case the same hostapd process manages both the OWE and
open BSS for transition mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 13:39:23 +03:00
Jouni Malinen
5a78c36194 OWE: PMKSA caching in station mode
This extends OWE support in wpa_supplicant to allow PMKSA caching to be
used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 12:12:54 +03:00
Jouni Malinen
d90f10fa41 OWE: PMKSA caching in AP mode
This extends OWE support in hostapd to allow PMKSA caching to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 12:12:54 +03:00
Jouni Malinen
8b5579e17a DPP: Fix EAPOL-Key Key MIC calculation
The Key MIC field value got truncated for all cases and incorrect HMAC
hash algorithm was used for the SHA512 cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
ec9f483774 OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in station
This extends OWE support in wpa_supplicant to allow DH groups 20 and 21
to be used in addition to the mandatory group 19 (NIST P-256). The group
is configured using the new network profile parameter owe_group.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
7a12edd163 OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in AP mode
This extends OWE support in hostapd to allow DH groups 20 and 21 to be
used in addition to the mandatory group 19 (NIST P-256).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
6c4726189c OWE: Extend shared helper functions to support other DH curves
This extends the helper functions for determining OWE key lengths and
Key MIC values to support other DH curves beyond the mandatory group 19.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
d8c8d85753 OWE: Include RSNE in (Re)Association Response frame
This is not normally done in RSN, but RFC 8110 seems to imply that AP
has to include OWE AKM in the RSNE within these frames. So, add the RSNE
to (Re)Association Response frames when OWE is being negotiated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
675112df1b OWE: Set PMK length properly on supplicant side
sm->pmk_len was not set when deriving the PMK as part of OWE key
generation. This depending on wpa_sm_set_pmk_from_pmksa() call resetting
the value to the default. While this worked for many cases, this is not
correct and can have issues with network profile selection based on
association information. For example, the OWE transition mode cases
would hit an issue here.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
ea079153f4 OWE: Add AP support for transition mode
The new owe_transition_bssid and owe_transition_ssid parameters can be
used to configure hostapd to advertise the OWE Transition Mode element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Peng Xu
4a37463416 hostapd: Update HE capabilities and HE operation definition
Replace vendor-specific elements for HE capabilities and HE operation
elements with the P802.11ax defined element values. This version is
based on P802.11ax/D1.4.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-05 15:09:43 +03:00
bhagavathi perumal s
3567641ebb Add TX/RX rate info and signal strength into STA output
These allow external programs to fetch the TX and RX rate information
and signal strength for a specific STA through the hostapd control
interface command "STA <addr>". The values of these attributes are
filled in the response of nl80211 command NL80211_CMD_GET_STATION.

Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-05 12:12:24 +03:00
Lior David
fa4b605a0d WPS: Do not increment wildcard_uuid when pin is locked
Commit 84751b98c1 ('WPS: Allow wildcard
UUID PIN to be used twice') relaxed the constraints on how many time a
wildcard PIN can be used to allow two attempts. However, it did this in
a way that could result in concurrent attempts resulting in the wildcard
PIN being invalidated even without the second attempt actually going as
far as trying to use the PIN and a WPS protocol run.

wildcard_uuid is a flag/counter set for wildcard PINs and it is
incremented whenever the PIN is retrieved by wps_registrar_get_pin().
Eventually it causes the wildcard PIN to be released, effectively
limiting the number of registration attempts with a wildcard PIN.

With the previous implementation, when the PIN is in use and locked
(PIN_LOCKED), it is not returned from wps_registrar_get_pin() but
wildcard_uuid is still incremented which can cause the PIN to be
released earlier and stations will have fewer registration attempts with
it. Fix this scenario by only incrementing wildcard_uuid if the PIN is
actually going to be returned and used.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2017-10-03 19:19:01 +03:00
Krishna Rao
ee522d27cf Vendor flags for 11ax channel property flags for use with external ACS
Add 802.11ax channel property flags for use with external ACS (QCA
vendor command). Use the remaining available bits in
qca_wlan_vendor_channel_prop_flags for the first few 11ax flags. Then
add qca_wlan_vendor_channel_prop_flags_2 as a continuation of
qca_wlan_vendor_channel_prop_flags and add the remaining 11ax flags
there. Note that qca_wlan_vendor_channel_prop_flags_ext is not used
since it is currently not intended for holding such information. Rather
it is meant for holding additional control information related to
features such as DFS, CSA, etc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-26 18:00:47 +03:00
Jouni Malinen
61a56c1480 Add group_mgmt network parameter for PMF cipher selection
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-26 17:40:02 +03:00
Michael Braun
0ad5893a2f PAE: Validate input before pointer
ieee802_1x_kay_decode_mkpdu() calls ieee802_1x_mka_i_in_peerlist()
before body_len has been checked on all segments.

ieee802_1x_kay_decode_mkpdu() and ieee802_1x_mka_i_in_peerlist() might
continue and thus underflow left_len even if it finds left_len to small
(or before checking).

Additionally, ieee802_1x_mka_dump_peer_body() might perform out of bound
reads in this case.

Fix this by checking left_len and aborting if too small early.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2017-09-25 21:26:32 +03:00
Ilan Peer
fd35ed5bba AP: Remove unneeded check for 'added_unassociated'
In fils_hlp_finish_assoc() the station is already added to the
driver so it is not needed to check the 'added_unassociated'
flag.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2017-09-25 21:21:22 +03:00
Vamsi Krishna
d55b174609 FILS: Vendor attribute to disable driver FILS features
The FILS features on STA needs to be disabled for testing purposes to
verify the APUT behavior with non-FILS STAs. Add a QCA vendor attribute
for doing so.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-25 20:22:46 +03:00
Jouni Malinen
29c940e7a6 TDLS: Update the comments related to TPK derivation
Update these comments based on IEEE Std 802.11-2016 to get rid of the
already resolved TODO comment regarding duplicated N_KEY use. The
implementation does not need any changes since it was already following
the fixed version in the current standard.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-22 10:23:35 +03:00
Peng Xu
3de1566db8 FILS: Check req_ies for NULL pointer in hostapd_notif_assoc()
Add checking for NULL req_ies when FILS processing a driver ASSOC event
in hostapd_notif_assoc(). This was already done in number of old code
paths, but the newer FILS path did not handle this. Though, it is
unlikely that this code path would be reachable in practice since this
is all within sta->auth_alg == WLAN_AUTH_FILS_* check.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-19 15:28:58 +03:00
Jouni Malinen
1c9663cf6b OpenSSL: Force RSA 3072-bit DH prime size limit for Suite B
Reject a DHE handshake if the server uses a DH prime that does not have
sufficient length to meet the Suite B 192-bit level requirement (<= 3k
(3072) bits).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-18 12:12:48 +03:00
Jouni Malinen
2ed70c7586 OpenSSL: Add option to disable ECDHE with Suite B RSA
The hostapd.conf tls_flags=[SUITEB-NO-ECDH] and wpa_supplicant network
profile phase1="tls_suiteb_no_ecdh=1" can now be used to configure Suite
B RSA constraints with ECDHE disabled. This is mainly to allow
the DHE TLS cipher suite to be tested.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-18 12:12:48 +03:00
Jouni Malinen
4eb8cfe06b OpenSSL: Force RSA 3072-bit key size limit for Suite B
Reject a peer certificate chain if it includes an RSA public key that
does not use sufficient key length to meet the Suite B 192-bit level
requirement (<= 3k (3072) bits).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-18 12:12:48 +03:00
Jouni Malinen
6418400db9 Add hostapd tls_flags parameter
This can be used to set the TLS flags for authentication server.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-18 12:12:48 +03:00
Jouni Malinen
60ed2f24eb Suite B: Add tls_suiteb=1 parameter for RSA 3k key case
This adds phase1 parameter tls_suiteb=1 into wpa_supplicant
configuration to allow TLS library (only OpenSSL supported for now) to
use Suite B 192-bit level rules with RSA when using >= 3k (3072) keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-17 00:09:47 +03:00
Jouni Malinen
5030d7d9fd DPP: Allow raw hex PSK to be used for legacy configuration
The new psk=<hexdump> can be used as an alternative to pass=<passphrase>
when configuring the DPP Configurator with a legacy network parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-15 17:54:31 +03:00
Jouni Malinen
039ab15fdf DPP: Add DPP-CONFOBJ-PASS/PSK events for hostapd legacy configuration
These control interface event messages can be used to allow hostapd AP
to be configured for legacy WPA2-Personal configuration with DPP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-15 17:45:06 +03:00