Commit graph

1339 commits

Author SHA1 Message Date
Jouni Malinen
7f20a3ebda DPP2: Reconfiguration support in Controller
Add handling of Reconfiguration messages in Controller.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
6dcb8aaf13 DPP2: Reconfig Announcement relaying from AP to Controller
Recognize the Reconfig Announcement message type and handle it similarly
to the Presence Announcement in the Relay, i.e., send it to the first
Controller if the local Configurator does not have matching C-sign-key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
3b4f7dfaa1 DPP2: Fix Presence Announcement processing in Controller
Use the new struct dpp_authentication instance when setting Configurator
parameters for authentication exchange triggered by Presence
Announcement. conn->auth is NULL here and would cause dereferencing of a
NULL pointer if dpp_configurator_params is set.

Fixes: fa5143feb3 ("DPP2: Presence Announcement processing in Controller")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
5e2d877cc4 DPP: Mark internal-to-file functions static
These functions are not used outside dpp_crypto.c anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
3aaf269f67 DPP: Move TCP encapsulation into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
21c612017b DPP: Move configurator backup into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
fdbbb74064 DPP: Move authentication functionality into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
3e48c5d4b4 DPP2: Reconfig Authentication Confirm processing
Extend Enrollee functionality to process Reconfig Authentication
Confirm message and start GAS client.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
24b01c706b DPP2: Reconfig Authentication Response processing and Confirm generation
Extend Configurator functionality to process Reconfig Authentication
Response message, derive the needed keys, and generate Reconfig
Authentication Confirm message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:09 +03:00
Jouni Malinen
65e94351dc DPP2: Reconfig Authentication Request processing and Response generation
Extend Enrollee functionality to process Reconfig Authentication Request
message, derive the needed keys, and generate Reconfig Authentication
Response message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
3774b6bd03 DPP2: Reconfig Authentication Request generation and transmission
Extend Configurator functionality to sign a special Connector for
reconfiguration and reply with Reconfig Authentication Request frame
when Reconfig Announcement frame is received with a matching C-sign key
hash value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
66ac616cdb DPP2: Process received Reconfig Announcement frame
Check if there is a matching Configurator and be ready to initiate
Reconfig Authentication (which itself is not included in this commit).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
0c043d9de7 DPP2: Reconfig Announcement transmission
Extend DPP chirping mechanism to allow Reconfig Announcement frames to
be transmitted instead of the Presence Announcement frames. Add a new
wpa_supplicant control interface command "DPP_RECONFIG <network id>" to
initiate reconfiguration for a specific network profile.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
92492dd3ac DPP2: Extend connector matching for reconfiguration
Allow the same helper functions to be used with reconfiguration
connector.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
961435097b DPP2: Move connStatus object building into a helper function
Allow the same helper function to be used for reconfiguration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
94f73f90ef DPP: Move signed connector checking into a helper function
This can be reused for similar need with reconfiguration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
94a28a4940 DPP: Move parsing of own connector into a helper function
This can be used for reconfiguration as well.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
d4ae12355a DPP: Move PKEX functionality into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
87b6572616 DPP: Move crypto routines into a separate source code file
This is an initial step in splitting the overly long dpp.c into smaller
pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 12:09:24 +03:00
Jouni Malinen
16626dff9b DPP2: Derive bk ("base key")
Split ke derivation into two parts so that the previously used
internal-only PRK gets stored as the bk in the authentication state.
This new key will be needed for deriving additional keys with DPP R2.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-10 15:55:30 +03:00
Jouni Malinen
76029c6e11 DPP: Use EVP_PKEY_get0_EC_KEY() when a const reference is sufficient
This removes unnecessary allocations and simplifies the implementation
by not having to remember to free the cloned reference.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-10 15:55:30 +03:00
Jouni Malinen
481fdfc462 DPP2: Fix URI version parser
Fix a copy-paste error in parsing the version info.

Fixes: 7dd768c3ca ("DPP2: Version information in bootstrapping info URI")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-06 11:58:56 +03:00
Jouni Malinen
7dd768c3ca DPP2: Version information in bootstrapping info URI
Add the local supported version information into the bootstrapping
information (V=2 in the URI) and parse this from received URI.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-05 20:48:23 +03:00
Jouni Malinen
5a0718a19c DPP2: Report MUD URL and bandSupport in control interface events
Report MUD URL and bandSupport from config request if those optional
nodes are included. For now, these are mainly for testing purposes since
there is no mechanism to delay sending of config response.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 15:33:03 +03:00
Jouni Malinen
769139c490 DPP2: Do not include Protocol Version in Auth Req when testing v1
When DPP v2 implementation is hardcoded to behave as v1 for testing
purposes, leave out the Protocol Version attribute form Authentication
Request instead of including it there with indication for v1.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 13:12:21 +03:00
Jouni Malinen
fad64b4168 DPP: Move dppCon signing to a set of helper functions
This simplifies dpp_build_conf_obj_dpp() and makes it easier to share
the signing functionality for other purposes like reconfiguration where
the Configurator needs to sign a dppCon object for itself without
generating the encapsulating config object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:39:19 +03:00
Jouni Malinen
12c8eacf73 DPP: Allow version number to be overridden for testing purposes
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
68422fedbf DPP2: Parse DPP KDE in EAPOL-Key Key Data field
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
b11a12401a DPP2: Add DPP KDE into EAPOL-Key msg 3/4 when using DPP AKM
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
e81e2091b3 Remove now unused Boolean/TRUE/FALSE definitions
The previous users were converted to C99 bool.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
4d9c313f2a WPA: Fix wpa_parse_kde_ies() handling with vendor specific elements
Documentation of the return values for wpa_parse_vendor_specific() and
wpa_parse_generic() were not accurate and the parsing results from these
were not really handled appropriately. There is no point in calling
wpa_parse_vendor_specific() if wpa_parse_generic() recognizes a KDE. Not
that this would break anything in practice, but still, it looks
confusing.

The part about handling wpa_parse_vendor_specific() return value can, at
least in theory, break some cases where an unexpectedly short KDE/vendor
specific element were present and something would need to be recognized
after it. That does not really happen with any standard compliant
implementation and this is unlikely to cause any real harm, but it is
clearer to handle this more appropriately even for any theoretical case,
including misbehavior of a peer device.

Instead of stopping parsing on too short vendor specific element,
continue parsing the following KDEs/IEs. Skip the
wpa_parse_vendor_specific() call when a KDE has been recognized. Also
fix the return value documentation for wpa_parse_generic() and remove
the useless return value from wpa_parse_vendor_specific().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
3e6383f31a DPP2: Silence compiler warning with no-CONFIG_DPP2 and OpenSSL 1.0.2
EVP_PKEY_get0_EC_KEY() compatibility wrapper is used only within
CONFIG_DPP2 blocks, so define it with matching condition.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Disha Das
6b1c590ebb Allow TKIP support to be removed from build
Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from
hostapd and wpa_supplicant builds. This disables use of TKIP as both the
pairwise and group cipher. The end result does not interoperate with a
WPA(v1)-only device or WPA+WPA2 mixed modes.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-04-17 23:51:58 +03:00
Edayilliam Jayadev
af0178c75b Add vendor attributes indicating number of spectral detectors
Add per bandwidth capability attributes which indicate the number of
spectral detectors used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-07 23:05:26 +03:00
Edayilliam Jayadev
7a510a97ba Add an attribute for secondary 80 MHz span of agile spectral scan
Add an attribute QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_FREQUENCY_2
for describing the secondary 80 MHz span of agile spectral scan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-07 23:03:30 +03:00
Jouni Malinen
512b6c02e0 DPP: Mandate mutual auth with NFC negotiated connection handover
Mark own bootstrap information as having been used in NFC negotiated
connection handover and do not accept non-mutual authentication when
processing Authentication Response from the peer when such bootstrapping
information is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-03 16:27:52 +03:00
Jouni Malinen
872299f4b3 DPP2: Store netAccessKey in psk/sae credentials for reconfig
Connector alone is not sufficient for authentication during
reconfiguration, so store the netAccessKey as well.

Fixes: e4eb009d98 ("DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfig")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-03 12:43:48 +03:00
Jouni Malinen
e4eb009d98 DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfig
If the Enrollee indicates support for DPP R2 or newer, add Connector and
C-sign-key in psk/sae credentials (i.e., cases where DPP AKM is not
enabled) for reconfiguration. Extend processing of such credentials in
wpa_supplicant network profile addition to handle this new case
correctly by not setting key_mgmt=DPP based on Connector being present,
but by looking at the actual akm value in the config object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-02 21:34:49 +03:00
Jouni Malinen
0e794989e5 Beacon frame protection event for incorrect protection
Define a driver interface event for Beacon frame protection failures.
Report such events over the control interface and send a
WNM-Notification Request frame to the AP as well.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-01 16:22:48 +03:00
Jouni Malinen
80914e9eb2 DPP2: Fix build with OpenSSL 1.0.2 (EVP_PKEY_get0_EC_KEY() wrapper)
EVP_PKEY_get0_EC_KEY() was added in OpenSSL 1.1.0, so add a
compatibility wrapper for it when building with OpenSSL 1.0.2.

Fixes: c025c2eb59 ("DPP: DPPEnvelopedData generation for Configurator backup")
Fixes: 7d9e320054 ("DPP: Received Configurator backup processing")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-29 21:15:16 +03:00
Sathishkumar Muruganandam
2b4f9ce287 hostapd: Add HE bit in BSSID Information field of own Neighbor Report
Add definition for HE bit in neighbor report BSSID Information field
from IEEE P802.11ax/D6.0, 9.4.2.36 Neighbor Report element.

Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2020-03-27 23:52:24 +02:00
Jouni Malinen
80d0e50dc5 DPP2: Use a helper function for encapsulating TCP message
This functionality was repeated for multiple different frames. Use a
shared helper function to avoid such duplication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
fa5143feb3 DPP2: Presence Announcement processing in Controller
Process the received Presence Announcement frames in Controller. If a
matching bootstrapping entry for the peer is found, initiate DPP
authentication to complete provisioning of the Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
db1ef82538 DPP2: Presence Announcement processing in AP/Relay
Process the received Presence Announcement frames in AP/Relay. If a
matching bootstrapping entry for the peer is found in a local
Configurator, that Configurator is used. Otherwise, the frame is relayed
to the first configured Controller (if available).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
06dd32903d DPP2: Presence Announcement processing at Configurator
Process received Presence Announcement frames and initiate
Authentication exchange if matching information is available on the
Configurator.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
562f77144c DPP2: Chirping in wpa_supplicant Enrollee
Add a new wpa_supplicant control interface command "DPP_CHIRP own=<BI
ID> iter=<count>" to request chirping, i.e., sending of Presence
Announcement frames, to be started.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
1f0226770c DPP2: Add a helper function for building Presence Announcement frame
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
7cba35b0ed DPP2: New identifier definitions
Add new identifier definitions for presence announcement,
reconfiguration, and certificate enrollment.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
547dc7eaa3 DPP: Add DPP_BOOTSTRAP_SET command
"DPP_BOOTSTRAP_SET <ID> <configurator parameters..>" can now be used to
set peer specific configurator parameters which will override any global
parameters from dpp_configurator_params.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
804fc268af DPP: Allow per-peer configurator parameters to be set
This is a more convenient way of addressing cases where a
Configurator/Controller may store a large number of peer bootstrapping
information instances and may need to manage different configuration
parameters for each peer while operating as the Responder.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
514cc49ba5 DPP: Store global pointers in struct dpp_authentication
Set the global pointer and msg_ctx when allocating struct
dpp_authentication instead of needing to pass these to
dpp_set_configurator().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
9d1857cf35 Process Transition Disable KDE in station mode
Check whether the Transition Disable KDE is received from an
authenticated AP and if so, whether it contains valid indication for
disabling a transition mode. If that is the case, update the local
network profile by removing the less secure options.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:13:14 +02:00
Jouni Malinen
3eb9ddc658 Transition Disable KDE definitions
Define the OUI Type and bitmap values for Transition Disable KDE. These
will be shared by both the AP and STA implementations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:12:39 +02:00
Wu Gao
a72ec4c221 Add addition CFR capture type to filter all NDPA NDP frames
Add QCA_WLAN_VENDOR_CFR_NDPA_NDP_ALL in enum
qca_wlan_vendor_cfr_capture_type. This capture type requests all NDPA
NDP frames to be filtered.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-25 12:05:14 +02:00
Wu Gao
a163bfe2bc Change CFR attributes from required to optional
Some CFR attributes are used frequently with conditions, so change them
from required to optional.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-25 12:04:37 +02:00
John Crispin
1e8ea0833d HE: Add HE support to hostapd_set_freq_params()
The parameters that need to be applied are symmetric to those of VHT,
however the validation code needs to be tweaked to check the HE
capabilities.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2020-03-23 18:08:50 +02:00
Wu Gao
bb08be757f Extend vendor attributes to support enhanced CFR capture
Enhanced channel frequency response supports capturing of channel status
information based on RX. Define previous CFR as version 1 and enhanced
CFR as version 2. If target supports both versions, two versions can't
be enabled at same time. Extend attributes for enhanced CFR capture in
enum qca_wlan_vendor_peer_cfr_capture_attr.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-23 15:39:36 +02:00
Noam Shaked
30ac8ddaf6 Add QCA vendor attributes for ACS over EDMG (IEEE 802.11ay)
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED, conduct ACS for EDMG.
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_CHANNEL, return the EDMG channel.

Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
2020-03-23 13:19:51 +02:00
Sourav Mohapatra
22547c3148 More details to the vendor specific driver internal failure reporting
Add more hang reason codes for the hang reason in the
QCA_NL80211_VENDOR_SUBCMD_HANG events. This also introduces the
attribute QCA_WLAN_VENDOR_ATTR_HANG_REASON_DATA to carry the required
data for the respective hang reason. This data is expected to contain
the required dump to analyze the reason for the hang.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-21 17:12:29 +02:00
Jouni Malinen
51e8f5d63c Ignore duplicated SSID element when parsing
Some APs have managed to add two SSID elements into Beacon frames and
that used to result in picking the last one which had incorrect data in
the known examples of this misbehavior. Pick the first one to get the
correct SSID.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-21 17:12:29 +02:00
Jouni Malinen
a1afa2df8a Remove unnecessary and confusing length check from the PMKID KDE case
wpa_parse_kde_ies(), i.e., the only caller to wpa_parse_generic(),
verifies that there is room for KDE Length field and pos[1] (that
length) octets of payload in the Key Data buffer. The PMKID KDE case
within wpa_parse_generic() was doing an unnecessary separate check for
there being room for the Length, OUI, and Data Type fields. This is
covered by the check in the calling function with the combination of
verifying that pos[1] is large enough to contain RSN_SELECTOR_LEN +
PMKID_LEN octets of payload.

This is confusing since no other KDE case was checking remaining full
buffer room within wpa_parse_generic(). Clean this up by removing the
unnecessary check from the PMKID KDE case so that all KDEs are handled
consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-15 23:24:18 +02:00
Alexander Wetzel
094c9cdc7e Add parsing of Key ID KDE for Extended Key ID
wpa_parse_generic() can now recognize the Key ID KDE that will be needed
to deliver the Key ID of the pairwise key when Extended Key ID is used.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-15 23:17:56 +02:00
Alexander Wetzel
f5c0104f3b Add KEY_FLAG_MODIFY for Extended Key ID support
KEY_FLAG_MODIFY was initial added for the planned Extended Key ID
support with commit a919a26035 ("Introduce and add key_flag") and then
removed with commit 82eaa3e688 ("Remove the not yet needed
KEY_FLAG_MODIFY") to simplify commit e9e69221c1 ("Validity checking
function for key_flag API").

Add it again and update check_key_flag() accordingly.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-15 23:00:10 +02:00
Jouni Malinen
10223b501b SAE: Expose sae_write_commit() error cases to callers
Check whether an error is reported from any of the functions that could
in theory fail and if so, do not proceed with the partially filled SAE
commit buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-08 16:59:42 +02:00
Jouni Malinen
bb2ea8e5e3 DPP: Remove unreachable return statement
This was forgotten from an earlier development version.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-08 16:35:45 +02:00
Jouni Malinen
7aa47fe5fc DPP: Fix connectorTemplate addition
There was a copy-paste error in this code that would be adding the
connectorTemplate once that becomes available. In practice, this was not
reachable code, but anyway, this should be ready for potential addition
of connectorTemplate in the future.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-08 16:18:22 +02:00
Jouni Malinen
33a28170a3 Recognize OWE Transition Mode element in IE parser
This silences the debug log entry on unknown WFA IE being ignored.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-07 17:27:32 +02:00
Alexander Wetzel
be15f33d07 Replace WPA_ALG_PMK with KEY_FLAG_PMK
Drop the no longer needed internal alg WPA_ALG_PMK and use KEY_FLAG_PMK
as replacement.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-06 21:44:31 +02:00
Hu Wang
0a76a0b965 OWE: Fix PTK derivation workaround for interoperability
The initial implementation of the PTK derivation workaround for
interoperability with older OWE implementations forced
WPA_KEY_MGMT_PSK_SHA256 to be used for all of PTK derivation. While that
is needed for selecting which hash algorithm to use, this was also
changing the length of the PTK components and by doing so, did not
actually address the backwards compatibility issue.

Fix this by forcing SHA256 as the hash algorithm in PTK derivation
without changing the PTK length calculation for OWE when
owe_ptk_workaround is enabled.

Fixes: 65a44e849a ("OWE: PTK derivation workaround in AP mode")
Fixes: 8b138d2826 ("OWE: PTK derivation workaround in STA mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-06 21:44:31 +02:00
Alexander Wetzel
e9e69221c1 Validity checking function for key_flag API
Add masks for each key type to define which flags can be combined and
add a helper function to validate key_flag values.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-05 00:25:47 +02:00
Alexander Wetzel
82eaa3e688 Remove the not yet needed KEY_FLAG_MODIFY
I decided to drop KEY_FLAG_MODIFY instead of allowing flag combinations not
yet used in the code and will simply recreate it with the Extended Key
ID patches once we get there. For that reason I also did not renumber
the flags.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-05 00:17:23 +02:00
Sachin Shelke
21f835e640 SAE: Allow SAE-only network profile with sae_password to be written
The commit a34ca59e (SAE: Allow SAE password to be configured separately
(STA)) added sae_password configuration option. We should also consider
sae_password in the wpa_config_write() function which stores the valid
network block details to an external database.

Fixes: a34ca59e4d ("SAE: Allow SAE password to be configured separately (STA)")
Signed-off-by: Sachin Shelke <sachin.shelke@nxp.com>
Signed-off-by: Cathy Luo <xiaohua.luo@nxp.com>
Signed-off-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
2020-03-02 11:49:19 +02:00
Alexander Wetzel
c1a6b1e47e privsep: Add key_flag to set_key()
Pass through the new key_flag to wpa_priv.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-01 21:11:07 +02:00
Ilan Peer
101da59aa2 common: Add support for element defragmentation
Add support for element defragmentation as defined in IEEE
P802.11-REVmd/D3.0, 10.28.12 (Element defragmentation).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2020-02-29 23:56:15 +02:00
Ilan Peer
e636bc855f WPA: Rename FILS wrapped data
IEEE P802.11az/D2.0 renamed the FILS Wrapped Data element,
removing the FILS prefix. Change the code accordingly.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2020-02-29 23:30:55 +02:00
Jouni Malinen
200c7693c9 Make WEP functionality an optional build parameter
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-29 17:45:25 +02:00
Andrej Shadura
3f10f716af common: Provide the BIT() macro locally
wpa_ctrl.h can be installed separately with libwpa_client, so
utils/common.h won't be available to its users.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
2020-02-28 11:03:05 +02:00
Krishna Rao
b8f6b0713a Add attribute for dwell time in QCA vendor scan
Add an attribute QCA_WLAN_VENDOR_ATTR_SCAN_DWELL_TIME for specifying
dwell time in the QCA vendor scan command. This is a common value which
applies across all frequencies requested in the scan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-26 23:47:37 +02:00
Sunil Dutt
ec303e2cb1 Introduce QCA_WLAN_VENDOR_ATTR_CONFIG_ROAM_REASON
This attribute enables/disables the host driver to send roam reason
information in the Reassociation Request frame to the AP in the same
ESS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-24 20:17:00 +02:00
Sunil Dutt
34640a88d8 Fix enum qca_wlan_vendor_attr_config value prefix
Couple of the attributes were defined with inconsistent prefix in the
name (missing "CONFIG_"). Fix these to use the common prefix for all
enum qca_wlan_vendor_attr_config values. Add defined values for the
incorrect names to avoid issues with existing users.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-24 20:16:56 +02:00
Alexander Wetzel
1a7963e36f AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.

To allow affected users to mitigate the issues, add a new hostapd
configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys
with disconnection. This requires the station to reassociate to get
connected again and as such, can result in connectivity issues as well.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 12:22:49 +02:00
Jouni Malinen
16889aff40 Add BIGTK KDE and subelement similarly to IGTK
This provides the BIGTK updates to associated stations similarly to
IGTK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
323d06187a Parsing of BIGTK KDE in EAPOL-Key frames
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
3937378abe Parsing of BIGTK subelement in FTE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
c1df321b6c AP mode indication of Beacon protection being enabled
Add the new Extended Capability bit for indicating Beacon protection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
139f6deaff Remove duplicated wpa_akm_to_suite() entry
This was unreachable code due to the previous WPA_KEY_MGTM_OWE case
returning from the function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 17:41:51 +02:00
John Crispin
ab8c55358e HE: Dynamically turn on TWT responder support
This allows us to dynamically turn on TWT responder support using an
nl80211 attribute.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-16 12:37:47 +02:00
John Crispin
0cb39f4fd5 HE: Extend BSS color support
The HE Operation field for BSS color consists of a disabled, a partial,
and 6 color bits. The original commit adding support for BSS color
considered this to be a u8. This commit changes this to the actual
bits/values.

This adds an explicit config parameter for the partial bit. The disabled
is set to 0 implicitly if a bss_color is defined.

Interoperability testing showed that stations will require a BSS color
to be set even if the feature is disabled. Hence the default color is 1
when none is defined inside the config file.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-16 12:32:17 +02:00
Sunil Dutt
877d9a02b0 Additional get_sta_info attrs for Beacon/Probe Response/disconnect reasons
This commit adds new attributes for getting the Probe Response frame
IEs, Beacon frame IEs and the disconnection reason codes through
get_sta_info vendor command.

The host driver shall give this driver specific reason code through
the disconnection reason code attribute
QCA_WLAN_VENDOR_ATTR_GET_STA_DRIVER_DISCONNECT_REASON.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-13 18:47:50 +02:00
Sachin Ahuja
8162d98f2e Introduce QCA_NL80211_VENDOR_SUBCMD_DRIVER_DISCONNECT_REASON
This acts as an event from the host driver to the user space to notify
the driver specific reason for a disconnection. The host driver
initiates the disconnection for various scenarios (beacon miss, Tx
Failures, gateway unreachability, etc.) and the reason codes from
cfg80211_disconnected() do not carry these driver specific reason codes.
Host drivers should trigger this event immediately prior to triggering
cfg80211_disconnected() to allow the user space to correlate the driver
specific reason code with the disconnect indication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-13 18:47:48 +02:00
Sunil Dutt
32551066b8 Introduce QCA_NL80211_VENDOR_SUBCMD_UPDATE_STA_INFO
This acts as a vendor event and is used to update the information
of a station from the driver to userspace.

Add an attribute for the driver to update the channels scanned in
the last connect/roam attempt.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-13 18:46:39 +02:00
Sunil Dutt
5551317834 Introduce QCA_WLAN_VENDOR_ATTR_BEACON_REPORT_FAIL
This attribute aims to configure the STA to send the Beacon Report
Response with failure reason for the scenarios where the Beacon Report
Request cannot be handled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-12 21:19:37 +02:00
Jouni Malinen
de08fae66a DPP: Do not require dpp_configurator_params to start with a space
This ugly hack for being able to search for optional arguments with
space before them was quite inconvenient and unexpected. Clean this up
by handling this mess internally with a memory allocation and string
duplication if needed so that the users of wpa_supplicant control
interface do not need to care about such details.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 06:43:02 +02:00
Vamsi Krishna
490d90db40 Define macro BIT() in qca_vendor.h
As qca_vendor.h alone can be included by other applications, define
macro BIT() in qca_vendor.h itself if not yet defined, e.g., by
including utils/common.h before qca_vendor.h.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 04:59:38 +02:00
Dmitry Shmidt
85f3ab758e Replace deprecated readdir_r() with readdir()
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2020-02-10 06:40:50 +02:00
Jouni Malinen
c248ebaf4f DPP: Fix encryptedContent DER encoding
This was not supposed to set the constructed bit in the header. Fix this
to avoid parsing issues with other ASN.1 DER parsers.

Fixes: c025c2eb59 ("DPP: DPPEnvelopedData generation for Configurator backup")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Jouni Malinen
e2b1e7dce7 DPP: Require conf=configurator to allow Configurator provisioning
Make Configurator provisioning require explicit conf parameter enabling
similarly to the previously used conf=ap-* and conf=sta-* cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Jouni Malinen
1ba4a10a07 DPP: Initialize conf_resp_status to non-OK
This avoids unexpected behavior if GAS query fails and the Config
Response does not get processed at all. Previously, this could result in
configuration being assumed to be successful instead of failure when
Config Response object was not received at all. That could result in
undesired Config Result frame transmission with DPP Rel 2 and not
clearing the ongoing DPP session.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Jouni Malinen
18714af2d8 DPP: Ignore unexpected duplicated Authentication Confirm
Previously, unexpected Authentication Confirm messages were ignored in
cases where no Authentication Confirm message was expected at all, but
if this message was received twice in a state where it was expected, the
duplicated version was also processed. This resulted in unexpected
behavior when authentication result was processed multiple times (e.g.,
two instances of GAS client could have been started).

Fix this by checking auth->waiting_auth_conf before processing
Authetication Confirm. That boolean was already tracked, but it was used
only for other purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Jouni Malinen
8f8473cebb SAE: Fix peer-commit-scalar reuse check
Only one peer-commit-scalar value was stored for a specific STA (i.e.,
one per MAC address) and that value got replaced when the next SAE
Authentication exchange was started. This ended up breaking the check
against re-use of peer-commit-scalar from an Accepted instance when
anti-clogging token was requested. The first SAE commit message (the one
without anti-clogging token) ended up overwriting the cached
peer-commit-scalar value while leaving that instance in Accepted state.
The second SAE commit message (with anti-clogging token) added ended up
getting rejected if it used the same value again (and re-use is expected
in this particular case where the value was not used in Accepted
instance).

Fix this by using a separate pointer for storing the peer-commit-scalar
value that was used in an Accepted instance. There is no need to
allocate memory for two values, i.e., it is sufficient to maintain
separate pointers to the value and move the stored value to the special
Accepted state pointer when moving to the Accepted state.

This fixes issues where a peer STA ends up running back-to-back SAE
authentication within couple of seconds, i.e., without hostapd timing
out the STA entry for a case where anti-clogging token is required.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00