Commit graph

16741 commits

Author SHA1 Message Date
Raphaël Mélotte
f95ccc102a WPS: Reconfigure credentials on hostapd config reload
When new credentials are configured and hostapd is reconfigured using
SIGHUP (or RELOAD on the ctrl_iface), also update the WPS credentials.

Before these changes, when WPS is triggered the Registar always serves
the credentials that were configured when hostapd started.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 17:15:31 +02:00
Raphaël Mélotte
2fd90eb095 WPS: Use helper variables to clean up code
This is in preparation of larger changes in hostapd_update_wps() to keep
the commits more readable.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 17:12:24 +02:00
Mikael Kanstrup
f7bbad5768 wpa_supplicant: Configurable fast-associate timer threshold
For Android the default value of 5 seconds is usually too short for
scan results from last scan initiated from settings app to be
considered for fast-associate. Make the fast-associate timer value
configurable so that a suitable value can be set based on a systems
regular scan interval.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2021-02-06 16:56:30 +02:00
Arowa Suliman
b829b7003a wpa_supplicant: Notify freq change on CH_SWITCH
wpa_supplicant does not send a D-Bus notification of the BSS frequency
change when a CSA happens. Sending a PropertyChanged signal with the
updated frequency will notify the network manager quickly, instead of
waiting for the next scan results.

Signed-off-by: Arowa Suliman <arowa@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
2021-02-06 16:50:19 +02:00
Andrei Otcheretianski
a033e886b2 tests: Fix regdom cleanup in some p2p_channel tests
cfg80211 may ignore user hints while there are active COUNTRY_IE hints,
thus at some timings it may ignore the country setting back to world
domain. Fix it by making sure the country is set only after all the
interfaces are stopped. In addition, call a more robust
clear_regdom_dev() function.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 16:18:40 +02:00
Michal Kazior
3a00a86bb9 hostapd: Fix dpp_listen in DPP responder scenario
Some time ago it was found some drivers are setting their hw/ucode RX
filters restrictively enough to prevent broadcast DPP Action frames from
being received at upper layers in the stack.

A set of patches was introduced to the kernel and
ath9k driver as well as wpa_supplicant, e.g.,

  a39e9af90 ("nl80211: DPP listen mode callback")
  4d2ec436e ("DPP: Add driver operation for enabling/disabling listen mode")

However, the hostapd code itself was not calling the new multicast
registration. As such the AP side of things wasn't working as expected
in some scenarios. I've found this while trying to get ath9k working as
an AP Responder/Configurator.

The problem wasn't seen on, e.g., mac80211 hwsim driver.

Extend the wpa_supplicant mechanism to work with hostapd as well.

Signed-off-by: Michal Kazior <michal@plume.com>
2021-02-06 16:06:15 +02:00
Raphaël Mélotte
9ec28b657e tests: Add ap_notify_mgmt_frames
Test that if notify_mgmt_frames is enabled and a station connects we do
get AP-MGMT-FRAME-RECEIVED, and that it includes an Authentication
frame.

Also test that if notify_mgmt_frames is disabled, no Management frame is
sent on ctrl_iface when a station connects.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 13:58:02 +02:00
Raphaël Mélotte
4a7e0ac268 hostapd: Add an option to notify management frames on ctrl_iface
In some contexts (e.g., Multi-AP) it can be useful to have access to
some of the management frames in upper layers (e.g., to be able to
process the content of association requests externally).

Add 'notify_mgmt_frames'. When enabled, it will notify the ctrl_iface
when a management frame arrives using the AP-MGMT-FRAME-RECEIVED event
message.

Note that to avoid completely flooding the ctrl_iface, not all
management frames are included (e.g., Beacon and Probe Request frames
are excluded).

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 13:56:18 +02:00
Ircama
e79febb3f5 P2P: Adding option to manage device drivers creating random MAC addresses
Add option 2 to the p2p_device_random_mac_addr configuration option to
support device drivers which use by default random MAC adresses when
creating a new P2P Device interface (for instance, the BCM2711 80211
wireless device driver included in Raspberry Pi 4 Model B). In such
case, this option allows to create the P2P Device interface correctly
when using P2P permanent groups, enabling wpa_supplicant to reuse the
same MAC address when re-invoking a P2P permanent group.

update_config=1 is required.

Signed-off-by: Ircama <amacri@tiscali.it>
2021-02-06 13:40:29 +02:00
Roy Marples
a579642bc3 BSD: If route socket overflows, sync drivers to system interfaces
Messages such as RTM_IFNFO or RTM_IFANNOUNCE could have been lost.
As such, sync the state of our internal driver to the state of the
system interfaces as reports by getifaddrs(2).

This change requires the routing socket be placed in non-blocking
mode. While here, set the routing and inet sockets to close on exec.

BSDs that support SO_RERROR include NetBSD and DragonFly.
There is a review underway to add this to FreeBSD.

Signed-off-by: Roy Marples <roy@marples.name>
2021-02-06 13:27:24 +02:00
Andrei Otcheretianski
ba7542f62d tests: Add mixed SAE/WPA-PSK AP test
Verify WPA-PSK/TKIP connection on SAE configured AP.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Andrei Otcheretianski
fa859ebb19 RSN+WPA: Fix RSNE removing in EAPOL-Key msg 3/4 when RSNXE is included
When the AP advertised RSNE, RSNXE, and WPA IE, hostapd incorrectly
removed the RSNE in the EAPOL-Key msg 3/4 if the STA associates with
WPA, leaving only RSNXE instead of WPA IE. WPA STA fails to connect to
such AP as the WPA IE is missing.

Since RSNXE is not really used in non-RSN connection, just remove it
here with RSNE.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Jouni Malinen
dc19779592 RSN: Validate RSNXE match in EAPOL-Key msg 3/4 only when RSN is used
This is needed to avoid the corner case of local RSNXE aware station
being configured to behave as WPA(v1)-only STA when the AP might not
include RSNXE in EAPOL-Key msg 3/4.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-06 12:09:30 +02:00
Andrei Otcheretianski
5acc20e8f4 tests: Fix sporadic failures in p2p_channel_avoid3
The P2P group may be originally formed on UNII-3, so disabling UNII-1
and UNII-2 will not result in a channel switch failing the test.
Fix this by setting 44 as a preferred channel.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Andrei Otcheretianski
7546a70fbb tests: Fix ap_ft_r0_key_expiration test
The test configures ft_r0_key_lifetime parameter, however ft_params
already contain the r0_key_lifetime. Since both options are accepted by
hostapd and set the same field, one of them gets overwritten.
As the dictionary enumeration order is not guaranteed in python, the
test may sporadically fail.
Fix that by explicitely removing the unneeded parameter.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Andrei Otcheretianski
0b7895750b DPP: Silence compiler warning about signed/unsigned comparison
Old gcc versions complain about signed/unsigned comparison in
dpp_rx_gas_resp(). Hide it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Jouni Malinen
8f557d2047 Make wpa_bss_ext_capab() handle NULL bss argument
This simplifies the callers that use wpa_s->current_bss (which could be
NULL).

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-06 12:09:30 +02:00
Johannes Berg
2cadb60abd robust_av: Use wpa_bss_ext_capab() helper
Use the helper instead of open-coding the check. Since the
helper doesn't handle a NULL BSS, keep that extra check.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2021-02-06 12:09:30 +02:00
Jouni Malinen
32cb91549e tests: he_tkip to match implementation change
HE is now getting disabled just like HT and VHT when only TKIP is
enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-06 12:09:30 +02:00
Shay Bar
a287c20789 Disable HE capabilities when using unacceptable security config
Add HE configuration check similar to HT/VHT.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
2021-02-06 11:41:09 +02:00
Johannes Berg
56c192c5ee nl80211: Skip frame filter config for P2P-Device
There's no point in attempting to configure frame filters on
a P2P-Devices that doesn't even have a netdev (nor passes any
data traffic), that just results in error messages. Skip it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2021-02-06 11:41:09 +02:00
Brad Kemp
2b916c9fd5 dbus: Fix IEs getter to use wpa_bss_ie_ptr()
The wpa_bss structure's last element is an empty array. The forgotten
code here assumed that the array of IEs was contiguous to the wpa_bss
structure. This is not always the case anymore. Update this missed case
to use the new wpa_bss_ie_ptr() wrapper to send the correct array of IEs
over DBus.

Fixes: be7ee264f6 ("BSS: Use wrapper function for getting a pointer to the IE buffer")
Signed-off-by: Brad Kemp <brad at beechwoods.com>
2021-02-06 11:41:09 +02:00
Muna Sinada
9416b5f323 Add HE in ieee80211_freq_to_channel_ext() documentation
This function covers HE cases, so include that in the comment.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2021-02-06 11:41:09 +02:00
Muna Sinada
2acfd15a2a hostapd: Generalize channel switch methods to incorperated HE mode
Remove the VHT specific naming on methods that are utilized in both VHT
and HE modes.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2021-02-06 11:41:09 +02:00
Muna Sinada
2908dc91c1 hostapd: Enable HE for channel switch commmand
Add HE as an accepted option ("he") in the CHAN_SWITCH command similarly
to the way VHT is addressed.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2021-02-06 11:41:09 +02:00
Jouni Malinen
1c3e71d149 P2P: Add a maximum length limit for peer vendor IEs
This is mainly to help with fuzz testing that could generate overly long
test data that would not be possible in real use cases due to MMPDU size
limits. The implementation for storing vendor IEs with such
unrealisticly long IE buffers can result in huge number of memory
reallozations and analyzing those can be very heavy.

While the maximum length of the fuzzing test input could be limited, it
seems nicer to limit this IE storage limit instead to avoid timeouts
from fuzz test runs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-05 01:39:29 +02:00
Jouni Malinen
947272febe P2P: Fix copying of secondary device types for P2P group client
Parsing and copying of WPS secondary device types list was verifying
that the contents is not too long for the internal maximum in the case
of WPS messages, but similar validation was missing from the case of P2P
group information which encodes this information in a different
attribute. This could result in writing beyond the memory area assigned
for these entries and corrupting memory within an instance of struct
p2p_device. This could result in invalid operations and unexpected
behavior when trying to free pointers from that corrupted memory.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
Fixes: e57ae6e19e ("P2P: Keep track of secondary device types for peers")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-04 00:25:40 +02:00
Jouni Malinen
25df656a8a Remove pointless defines for ext capab bits
These were copy-pasted templates that were forgotten to be removed when
defining the bits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-04 00:23:14 +02:00
David Su
11355a122d Reset external_scan_running on interface deletion
Currently, the external_scan_running flag is not reset when an interface
is removed. Thus, if a connection attempt is made on another iface, it
will fail due to wpa_supplicant incorrectly assuming the radio is still
busy due to the ongoing scan.

To fix this, convert external_scan_running to a pointer to the interface
that started the scan. If this interface is removed, also reset the
pointer to NULL so that other operations may continue on this radio.

Test:
  1. Start scan on wlan0
  2. Remove wlan0
  3. Can connect to a network on wlan1

Signed-off-by: David Su <dysu@google.com>
2021-02-02 23:48:14 +02:00
Aloka Dixit
630b1fdba8 AP: Add 6 GHz security constraints
Add security constraints for the 6 GHz band as given in IEEE
P802.11ax/D8.0, 12.12.2.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-02-02 23:39:31 +02:00
Abinaya Kalaiselvan
df0bfe4759 mesh: Fix for leaving mesh
Avoid multiple execution of wpa_drv_leave_mesh().

Fixes: 0896c442dc ("mesh: Fix for mesh init/deinit")
Signed-off-by: Abinaya Kalaiselvan <akalaise@codeaurora.org>
2021-02-02 22:58:49 +02:00
Ilan Peer
24f0507af4 WPA: Support deriving KDK based on capabilities (Authenticator)
Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local AP and the peer station declare
support for secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:39 +02:00
Ilan Peer
dccb6cde03 WPA: Support deriving KDK based on capabilities
Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local station and the AP declare
support for secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:39 +02:00
Ilan Peer
9e7b980d65 PASN: Include RSNXE in the PASN negotiation
IEEE P802.11az/D2.6 added definitions to include RSNXE in the PASN
negotiation. Implement the new functionality in both wpa_supplicant and
hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:36 +02:00
Ilan Peer
d8cd20e37b RSN: Add RSNXE new definitions
IEEE P802.11az/D2.6 defines the following additional capabilities to
RSNXE:

- Secure LTF support
- Secure RTT support
- Protection of range negotiation and measurement management frames.

Add support for advertising the new capabilities.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:08:27 +02:00
Ilan Peer
b07b9387d4 tests: Add PASN tests with FT key derivation
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 17:49:04 +02:00
Ilan Peer
2eb2fb8bd4 AP: Support PASN with FT key derivation
Note that the implementation is not complete as it is missing support
for the FT wrapped data which is optional for the station, but must be
supported by the AP in case the station included it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 17:49:00 +02:00
Ilan Peer
5c65ad6c0b PASN: Support PASN with FT key derivation
Add support for PASN authentication with FT key derivation:

- As IEEE P802.11az/D2.6 states that wrapped data is optional and
  is only needed for further validation of the FT security parameters,
  do not include them in the first PASN frame.

- PASN with FT key derivation requires knowledge of the PMK-R1 and
  PMK-R1-Name for the target AP. As the WPA state machine stores PMK-R1,
  etc. only for the currently associated AP, store the mapping of
  BSSID to R1KH-ID for each previous association, so the R1KH-ID
  could be used to derive PMK-R1 and PMK-R1-Name. Do so instead
  of storing the PMK-R1 to avoid maintaining keys that might not
  be used.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 17:38:30 +02:00
Ilan Peer
09a9e9939c tests: Add PASN with FILS tests
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 00:28:56 +02:00
Ilan Peer
62edb79a0c AP: Support PASN with FILS key derivation
As the PASN FILS authentication is only defined for FILS SK without PFS,
and to support PASN authentication with FILS, implement the PASN with
FILS processing as part of the PASN handling and not as part of the WPA
Authenticator state machine.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:28:33 +02:00
Ilan Peer
8c6d2e2527 PASN: Support PASN with FILS key derivation
As the PASN FILS authentication is only defined for FILS SK without PFS,
and to support PASN authentication with FILS, implement the PASN with
FILS processing as part of the PASN handling and not as part of the WPA
state machine.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:14 +02:00
Ilan Peer
8a4a52293a tests: Add PASN tests with SAE
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:14 +02:00
Ilan Peer
da35e1214d AP: Support PASN with SAE key derivation
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:14 +02:00
Ilan Peer
a93ec28d10 PASN: Support PASN with SAE key derivation
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:14 +02:00
Ilan Peer
cd2a0a84ce tests: Add PASN test coverage
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:14 +02:00
Ilan Peer
3040c8a2da AP: Add support for PASN processing to the SME
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:12 +02:00
Ilan Peer
f2f8e4f458 Add PTKSA cache to hostapd
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:47 +02:00
Ilan Peer
2c963a117a AP: Add support for configuring PASN
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:47 +02:00
Ilan Peer
ad338cfe58 ctrl_iface: Add support for PASN authentication
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:47 +02:00
Ilan Peer
363768c8ac PASN: Add support for PASN processing to wpa_supplicant
Add PASN implementation to wpa_supplicant

1. Add functions to initialize and clear PASN data.
2. Add functions to construct PASN Authentication frames.
3. Add function to process PASN Authentication frame.
4. Add function to handle PASN frame TX status.
5. Implement the station side flow processing for PASN.

The implementation is missing support for wrapped data and PMKSA
establishment for base AKMs, and only supports PASN authentication or
base AKM with PMKSA caching.

The missing parts will be added in later patches.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:44 +02:00