Commit graph

8963 commits

Author SHA1 Message Date
Jouni Malinen
4f58afee9a FT: Extend MIC derivation for FT-SAE-EXT-KEY
Provide AKM to the helper function so that the new SHA256 and SHA512
options can be covered for FT-SAE-EXT-KEY.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:07:54 +03:00
Jouni Malinen
dcd46edf5f FT: Extend PMKR1Name derivation for FT-SAE-EXT-KEY
Provide key length instead of SHA384/SHA256 selection to the helper
function so that the new SHA512 option can be covered for
FT-SAE-EXT-KEY.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:03:10 +03:00
Jouni Malinen
9fd2455642 FT: Support longer SAE PMK for FT in INITPSK AP
This is needed for the new FT-SAE-EXT-KEY AKM that uses variable length
PMK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 16:54:21 +03:00
Jouni Malinen
c41bd98be3 FT: AP mode FTE writing to support FT-SAE-KEY-EXT
Provide enough information to allow the FTE to be built using the
correct MIC field length based on the used AKM and key length.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 16:51:12 +03:00
Jouni Malinen
efa0f51d33 FT: Accept 512-bit PMK-R1 from RRB
This will be needed for FT-SAE-KEY-EXT.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 16:41:12 +03:00
Harsh Kumar Bijlani
eb0821c90c Add service class id attribute in SCS rule config vendor subcommand
Add service class id attribute
QCA_WLAN_VENDOR_ATTR_SCS_RULE_CONFIG_SERVICE_CLASS_ID in SCS rule
configuration vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_SCS_RULE_CONFIG.

Signed-off-by: Harsh Kumar Bijlani<quic_hbijlani@quicinc.com>
2022-10-14 16:35:29 +03:00
Chaoli Zhou
f8a05de669 Move default action from after switch to within
Move from this type of constructions:

switch (val) {
case 1:
	something;
	break;
}
default-action;

into following:

switch (val) {
case 1:
	something;
	break;
default:
	default-action;
	break
}

for cases where the switch statement is not expected to contain a full
set of enum values and as such, does not lose value from not having the
default target.

This makes the intent of default behavior clearer for static analyzers like
gcc with -Wswitch-default.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-10-14 16:08:20 +03:00
Vishal Miskin
7614fcebe0 ACS: Filter out 6 GHz channels if HE or EHT is not enabled
Do not include 6 GHz channels in the ACS possible channel list if
neither HE (ieee80211ax=1) nor EHT (ieee80211be=1) is enabled since
those channels cannot be used in such combination.

Signed-off-by: Vishal Miskin <quic_vmiskin@quicinc.com>
2022-10-13 21:21:51 +03:00
Swarn Singh
1864664ca3 Android: Delay QCA roam+auth event until NL80211_CMD_ROAM is received
Information from both NL80211_CMD_ROAM and
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH events is required for
processing the roam events correctly, especially to get the newly
connected BSS details. Indicate the roam event to private libraries only
after NL80211_CMD_ROAM and QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH
events are received.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-13 18:34:26 +03:00
Jouni Malinen
8219d2b7dd PASN: Fix CONFIG_PASN=y build without CONFIG_IEEE80211R=y
Do not try to use variables that are not defined without
CONFIG_IEEE80211R=y and add the forgotten "inline" for the function
wrapper.

Fixes: 5c65ad6c0b ("PASN: Support PASN with FT key derivation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-04 20:41:54 +03:00
Veerendranath Jakkam
61c6e7c62c nl80211: Parsing of MLO connection info from roam+auth event
Add support to parse MLO connection information from
QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_MLO_LINKS for
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-29 13:26:53 +03:00
Rohan Dutta
3d842d9108 MLD STA: Add support for parsing MLO KDEs
Add support for parsing MLO KDEs as defined in Table 12-10 (KDE
selectors) in IEEE P802.11be/D2.0.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-28 23:24:36 +03:00
Rachit Kankane
e1105bab89 Add QCA vendor interface support for Spatial Reuse (SR) feature
Add a new vendor sub-command to implement Spatial Reuse feature.
Userspace enables SR feature with specific configuration parameters. The
driver/firmware upon receiving the command, enables the SR feature if it
is supported by the currently connected AP. The driver may reject the
command if it cannot enable the SR with the configured parameters. The
driver sends events to userspace to indicate when SR feature is enabled
or disabled internally. Userspace can also query SR feature related
parameters and statistics from the driver/firmware as needed.

Signed-off-by: Rachit Kankane <quic_rkankane@quicinc.com>
Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2022-09-26 12:50:43 +03:00
Chaoli Zhou
1f39f85b72 Fix compiler warning on shift overflow in QCA vendor definitions
Fix the following compiler error:
qca-vendor.h:5892:54: error: result of ‘1 << 31’ requires 33 bits to represent, but ‘int’ only has 32 bits [-Werror=shift-overflow=]
 5892 |  QCA_WLAN_VENDOR_CHANNEL_PROP_FLAG_HE40INTOL     = 1 << 31,

This "1" needs to be marked unsigned for this case of MSB=1.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-09-23 19:38:07 +03:00
Sunil Ravi
a7684a21c7 Update hw mode after ACS selects the channel
hostapd based automatic channel selection doesn't update the hardware
mode after the channel is selected. This change specifically helps
channel 14 which can operate only in IEEE 802.11b mode.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-09-23 00:23:56 +03:00
Shay Bar
01944c0957 Fix RNR BSSID setting for own interfaces
bss->conf->bssid may be kept unset and will cause an empty BSSID field
in RNR. Fix this to use own_addr instead.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
Signed-off-by: moran.daori <moran.daori@celeno.com>
2022-09-16 22:15:56 +03:00
stijn@linux-ipv6.be
f77c0f914a ACS: Include frequency in info messages
The ACS info messages frequently appear for multiple channels. Without
the actual frequency in the messages, they are not very informative.
Add the frequency to them to improve this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-09-16 21:39:47 +03:00
Sergey Matyukevich
0c7b3814ca Use a less generic name for IEEE802.11 CRC-32 routine
Hostapd uses 'crc32' name for IEEE802.11 CRC-32 routine. This name is
too generic. Buildroot autobuilder detected build configuration that
failed to build due to the naming conflict: static linking with openssl
using zlib-ng as a zlib provider, e.g. see:
- http://autobuild.buildroot.net/results/9901df820d3afa4cde78e8ad6d62cb8ce7e69fdb/
- http://autobuild.buildroot.net/results/ac19975f0bf77f4a8ca574c374092ba81cd5a332/

Use a less generic name ieee80211_crc32 for IEEE802.11 CRC-32 routine
to avoid such naming conflicts.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
2022-09-16 21:39:47 +03:00
David Bauer
7ed17eee3a ACS: Don't select indoor channel on outdoor operation
Don't select channels designated for exclusive indoor use when the
country string is set for outdoor operation (country3=0x4f, i.e., the
third character of the country string is 'O').

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-16 21:00:21 +03:00
nakul kachhwaha
ef2d2e81a9 Add a new QCA vendor attribute to support flexible TWT
Add a new attribute QCA_WLAN_VENDOR_ATTR_TWT_NUDGE_SP_START_OFFSET to
configure offset to shift start of the service period. This attribute
will be used when device supports flexible TWT. If provided, this
attribute will override QCA_WLAN_VENDOR_ATTR_TWT_NUDGE_WAKE_TIME.

Signed-off-by: nakul kachhwaha <quic_nkachhwa@quicinc.com>
2022-09-16 20:02:49 +03:00
Veerendranath Jakkam
1b6f3b5850 MLD STA: Indicate per link channel switch
Parse link id info from channel switch events and indicate the info to
control interface using new per link channel switch events. If channel
switch happens on the link which used during association both legacy
and new per-link channel switch events will be reported.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 16:00:51 +03:00
Veerendranath Jakkam
b7f98d92dc MLD STA: Add per-link MLO signal poll
Add support to fetch and indicate per-link MLO signal poll information
via a new control interface command MLO_SIGNAL_POLL.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 16:00:51 +03:00
Veerendranath Jakkam
8dd5b9a9ed nl80211: Send bssid info as parameter to nl80211_get_link_signal()
Add bssid as parameter to nl80211_get_link_signal() instead of using
bssid from driver structure. This is useful for calling the function
per-MLO link.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 16:00:51 +03:00
Shivani Baranwal
cc29cadf2e Helper function to get MLD address from Basic Multi-Link element
Add a utility function to fetch Multi-Link Device (MLD) address from a
Basic Multi-Link element.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-09-15 16:00:38 +03:00
Veerendranath Jakkam
e211286140 nl80211: Use AP MLD address to set supplicant port as authorized
Use AP MLD address as the peer's MAC address to set supplicant port as
authorized for MLO connection.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 05:58:14 +03:00
Shivani Baranwal
7784964cbe MLD STA: Fetch MLO connection info into core wpa_supplicant
Add support to fetch MLO connection info from the driver to the
wpa_supplicant instance of corresponding MLD STA interface. In addition,
return true for BSSs associated with MLO links from wpa_bss_in_use() to
avoid getting them cleared from scan results.

Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-09-15 05:55:40 +03:00
Veerendranath Jakkam
e2147f917f nl80211: Indicate MLO connection info in driver status
Indicate MLO connection info in DRIVER-STATUS control interface command.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 05:40:21 +03:00
Veerendranath Jakkam
c7741009f7 nl80211: Parse MLO connection info in NL80211_CMD_CONNECT event
Parse NL80211_ATTR_MLO_LINKS in NL80211_CMD_CONNECT event and cache the
MLO connection information. Set the legacy connection fields such as
assoc_freq and bssid to the values of the MLO link on which association
happened.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 05:31:55 +03:00
Veerendranath Jakkam
bd499f0e6e Add a helper function to get ML IE of specified type from IEs buffer
Add a helper function to find the specified type of Multi-Link element
from IEs buffer.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 05:08:36 +03:00
Veerendranath Jakkam
36645f8394 EHT: Add Multi-Link element field definitions
Define the following fields described in IEEE P802.11be/D2.1:
- Multi-Link element types as defined in Table 9-401c (Type subfield
  encoding)
- Basic Multi-Link element presence bitmap as defined in Figure
  9-1002g (Presence Bitmap subfield of the Basic Multi-Link element
  format)

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 04:23:18 +03:00
Qiwei Cai
62612dfc1a P2P: Use only PSC for P2P group in the 6 GHz band
P2P connections in the 6 GHz band should be limited to preferred
scanning channels since AP/GO discovery cannot depend on 2.4/5 GHz
discovery.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-14 23:54:20 +03:00
Chaoli Zhou
7974d80531 Configure RRM elements to the driver in the driver-AP-SME case
Support updating the RRM IEs to the driver for Probe Response and
(Re)Association response frames in the AP mode when the SME is
implemented in the driver.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-09-14 21:32:23 +03:00
Manaswini Paluri
122cdd5925 Enable TWT responder AP role only if IEEE 802.11ax/HE is enabled
Set TWT responder configurator in the driver parameters only when the AP
is configured with HE enabled. This was already done for the extended
capability bit generation in commit 8de0ff0fa1 ("HE: Add TWT responder
extended capabilities field"), but this parameter for the driver command
to start the AP in _ieee802_11_set_beacon() missed the condition.

Move the ieee80211ax check into the common helper function to cover both
cases. In addition, add a check for disable_11ax to cover the case where
HE is disabled for a specific BSS.

Fixes: ab8c55358e ("HE: Dynamically turn on TWT responder support")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-13 04:24:03 +03:00
Aleti Nageshwar Reddy
5b76c36545 Extend attributes of QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO
Extend attributes of subcmd QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO
for quering per MCS TX and RX packets from the driver/firmware.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-13 00:21:45 +03:00
Kiran Kumar Lokere
897e090852 QCA vendor attribute to configure periodic sounding
Add a new QCA vendor attribute to configure the periodic sounding for Tx
beamformer functionality.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-12 23:54:24 +03:00
Jouni Malinen
0cc6f985d1 wlantest: Recognize additional not-Robust Action categories
Do not complain about unprotected Action frames for additional
categories that have been defined as not being Robust.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-05 22:06:31 +03:00
Jouni Malinen
cd392151c5 Validate MAC Address KDE length in the parser
Verify that the MAC Address KDE includes enough data to contain a MAC
address as a part of the parsing function so that each caller would not
need to verify this separately. None of the existing users of this
parser actually needed the MAC address value, so there was not any use
for the length field before. The updated design is more robust for
future uses and gets rid of that unused length field as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-05 20:56:49 +03:00
Vinay Gannevaram
6f8af5974c Fix expiration logic for the first PTKSA cache entry
When an entry is added to the PTKSA cache, timer expiration is not set.
Check the list and set the timer expiration when the list is empty also.
When another entry is added to the list, it is placed before the relavant
entry in the order of expiry time of all entries present in the list.

Fixes: a4e3691616 ("WPA: Add PTKSA cache implementation")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 17:10:58 +03:00
Vinay Gannevaram
85e28a79ba PASN: Set secure ranging context to driver after association
After the secure association and PTK derivation are completed, if the
device supports LTF keyseed, generate the LTF keyseed using KDK and set
the ranging context to the driver by using the command
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 17:07:56 +03:00
Vinay Gannevaram
9b62b61c68 PASN: Configure secure ranging context to the driver in AP mode
AP as a responder, on successful completion of PASN authentication
configures the required keys by using the command
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT to the driver.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 16:25:20 +03:00
Vinay Gannevaram
de3b91a172 nl80211: Define vendor interface functions to offload PASN authentication
This defines the QCA vendor interface functions to offload PASN
authentication from the driver.

The driver sends the QCA_NL80211_VENDOR_SUBCMD_PASN event requesting to
perform PASN authentication with a list of peers with which the driver
needs to do ranging. wpa_supplicant performs PASN handshake with all the
peer devices and sets the required keys using the command
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT to the driver. After
PASN handshake is completed with all requested peers, wpa_supplicant
sends consolidated status for all peers to the driver.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 16:18:26 +03:00
Vinay Gannevaram
e2c3cdf2ca nl80211: Register PASN Authentication frames for SME-in-driver
This is needed to allow PASN processing offload from the driver to
wpa_supplicant.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 16:18:14 +03:00
Vinay Gannevaram
58a96187ee nl80211: Allow PASN Authentication frames with random (foreign) MAC address
To support secure ranging with a random MAC address, PASN handshake is
performed with a different source MAC address from the device's own
interface address. Hence, allow PASN Authentication frames with any
foreign MAC address to further process the Authentication frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 16:18:14 +03:00
Vinay Gannevaram
24929543ba PASN: Deauthenticate on PTKSA cache entry expiration
Add an option for an alternative processing of PTKSA life time expiry.

Register a callback in wpa_supplicant to handle the life time expiry of
the keys in PTKSA cache. Send PASN deauthentication when a PTKSA cache
entry expires.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 16:18:14 +03:00
Vinay Gannevaram
2edebc6b63 PASN: Add interface to handle PASN request from the driver
This brings in the function declarations and data structures that are
required for handling PASN request from the driver, sending secure
ranging context and PASN response to the driver.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-02 15:27:50 +03:00
Vinay Gannevaram
9330bf3189 PASN: Add function to compute LTF keyseed from KDK
Add a function to derive the LTF keyseed from KDK. This function is
built only in case that CONFIG_PASN is enabled at build time.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-01 20:30:11 +03:00
Vinay Gannevaram
580bd04cf3 Add own MAC address used for key derivation to PTKSA cache
On successful PASN handshake or 4-way handshake with a peer, PTK is
derived using the local and peer MAC addresses as input. Store the own
MAC address that is used for key derivation in PTKSA cache to maintain
that state over potential MAC addresses changes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-01 19:01:21 +03:00
Vinay Gannevaram
d0d585c481 Store secure ranging driver capabilities in WPA state machine
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-01 18:59:58 +03:00
Vinay Gannevaram
96a604128b Use separate PASN capabilities for AP and STA modes
Use separate capabilities for AP and STA modes for P802.11az security
parameters secure LTF support, secure RTT measurement exchange support,
and protection of range negotiation and measurement management frames
support.

P802.11az security parameters are considered to be supported for both
station and AP modes if the driver sets NL80211_EXT_FEATURE_SECURE_LTF,
NL80211_EXT_FEATURE_SECURE_RTT, and
NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE flags. The driver can
advertize capabilities specific to each mode using
QCA_WLAN_VENDOR_FEATURE_SECURE_LTF*,
QCA_WLAN_VENDOR_FEATURE_SECURE_RTT*, and
QCA_WLAN_VENDOR_FEATURE_PROT_RANGE_NEGO_AND_MEASURE* flags.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-01 18:59:52 +03:00
Andre Heider
c80dc69408 OpenSSL: Include rsa.h for all OpenSSL versions
This fixes the build with OpenSSL 1.1.1:
../src/crypto/crypto_openssl.c: In function 'crypto_rsa_oaep_sha256_decrypt':
../src/crypto/crypto_openssl.c:4404:49: error: 'RSA_PKCS1_OAEP_PADDING' undeclared (first use in this function)

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-08-31 17:19:03 +03:00
Jouni Malinen
1f9a988f1f DPP3: Do not initiate PKEX for PB if no configuration is available
Reorder PKEX initiation function to send out the PKEX Exchange Request
frame at the end after all possible error cases have been checked. This
prevents Enrollee from seeing a PKEX frame when the session is about to
fail.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-27 00:50:05 +03:00
mukul sharma
aa75aa1dc0 Add QCA vendor interface to get SAR capabilities to userspace
Add QCA_NL80211_VENDOR_SUBCMD_GET_SAR_CAPABILITY to get various SAR
capabilities supported by the WLAN firmware to userspace. These
capabilites are usually reported by the firmware during the initial
bootup handshake with the driver. Based on these capabilities, user
space can choose proper SAR indexes.

Signed-off-by: Mukul Sharma <quic_mukul@quicinc.com>
2022-08-26 18:02:29 +03:00
Veerendranath Jakkam
5de45546d5 Add support to send multi AKM connect request when driver's SME in use
Add support to configure SAE, PSK, and PSK-SHA256 AKMs in connect
request when driver's SME in use. This is needed for implementing
WPA3-Personal transition mode correctly with any driver that handles
roaming internally.

Send additional AKMs configured in network block to driver based on
the maximum number of AKMs allowed by driver in connect request. Keep
first AKM in the list AKMs in the connect request as AKM selected by
wpa_supplicant to maintain backwards compatibility.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-08-26 17:54:12 +03:00
Veerendranath Jakkam
0ce1545dcb nl80211: Determine maximum number of supported AKMs
Use the recently added attribute to determine whether the kernel
supports a larger number of AKM suites in various commands.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-08-26 17:27:45 +03:00
Jouni Malinen
7e97c619a9 Sync with wireless-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2022-07-22. In addition, update
nl80211_command_to_string() to cover the new defined commands.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-08-26 17:27:45 +03:00
Jouni Malinen
54706957e3 DPP: Fix DPP_RELAY_ADD_CONTROLLER command parsing
hostapd_dpp_add_controller() ended up trying to parse the IP address
without nul terminating it. This might work with some C libraries, but
not all. And anyway, this was already supposed to nul terminate the
string since a temporary copy is created of the constant string. Fix
this by adding the missed replacement of the space with nul.

Fixes: bfe3cfc382 ("DPP: Allow Relay connections to Controllers to be added and removed")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-26 17:27:45 +03:00
Jouni Malinen
44b26d82b0 nl80211: Silence a compiler warning on printf in 32-bit builds
u64 needs "long long unsigned int" on 32-bit, so print this using a
typecase value so that both 32 and 64-bit builds work fine.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-26 17:27:45 +03:00
Jouni Malinen
820211245b OpenSSL: Fix HPKE in some corner cases
EVP_PKEY_derive() might report a larger maximum size of the output than
HPKE_MAX_SHARED_SECRET_LEN under some conditions. That should be allowed
as long as the real final length is within the maximum limit.
Furthermore, since we are using a fixed length buffer for this, there is
no need to call EVP_PKEY_derive() twice to first learn the maximum
length. Use a bit longer buffer and allow OpenSSL to take care of the
update to the final length internally with than single call.

This showed up using the following test case sequence:
dbus_pkcs11 dpp_private_peer_introduction

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-24 23:32:23 +03:00
Jouni Malinen
89de431f23 DPP: Add config response status value to DPP-CONF-SENT
This can be helpful for upper layers to be able to determine whether the
configuration was rejected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-29 18:55:37 +03:00
Veerendranath Jakkam
80d5e264c5 Enhance QCA vendor roam event to indicate MLO links after reassociation
Enhance QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event for the
driver to indicate the information of the associated links of MLO
roaming.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-07-28 20:37:16 +03:00
Jouni Malinen
6622493065 Update copyright notices for the QCA vendor definitions
Catch up with the changes from the last year.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 20:13:35 +03:00
Jouni Malinen
1d08b238cb nl80211: Allow more time for the initial scan with 6 GHz
The initial timeout of 10 seconds for the first scan before knowing
whether the driver reports scan completion events may not be sufficient
in cases where the driver ends up scanning a large number of channels.
In particular, this could be hit with 6 GHz support. Increase this
timeout when the driver indicates support for 6 GHz channels.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 16:40:05 +03:00
David Benjamin
faf9c04cb5 Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs
The <openssl/buf.h> include is relevant in both OpenSSL and BoringSSL
because the file uses BUF_MEM (include what you use). OpenSSL just
happened to include it via another file. OpenSSL also spells it
<openssl/buffer.h>, not matching the type, so use the compatible
spelling.

Additionally all the CHECKED_CAST and manual STACK_OF(T) definitions
call into BoringSSL internals. The correct, public APIs are simply to
just use the same code as OpenSSL and call the DEFINE_STACK_OF macros.

Signed-off-by: David Benjamin <davidben@google.com>
2022-07-28 12:57:40 +03:00
Veerendranath Jakkam
b9cd5a82f4 Always process pending QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH data
Commit 74818ca63f ("Process
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH after NL80211_CMD_ROAM")
added workaround to hold the pending
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event data for up to 100 ms
in case NL80211_CMD_ROAM is not received first. The 100 ms wait period
was sufficient for most of the cases but it's observed that some times
kernel is taking more than 100 ms to process and send NL80211_CMD_ROAM
to userspace.

If NL80211_CMD_ROAM takes more than 100 ms
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event data getting ignored
though wpa_supplicant has it. To avoid this remove timeout for
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event data since driver
always indicates NL80211_CMD_ROAM along with
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH.

In addition, clear the pending event data when marking the interface
disconnected since the roaming information is supposed to be used only
when reassociating without a disconnection.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-07-28 12:49:45 +03:00
Xiaoning Ma
93be02592c Add fixed FDD mode to qca_btc_chain_mode QCA vendor attribute
Previously when chains of BT and WLAN 2.4 GHz are separated,
hybrid mode will be used for BTC. Now adding fixed FDD mode
to fulfill different BTC scenarios.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 12:24:21 +03:00
Jouni Malinen
5565fbee23 DPP: Check Enrollee supported curves when building Config Response
The Enrollee may report its supported curves in the bootstrapping URI.
If it does that, the Configurator may stop generating the Config Object
that would depend on the Enrollee using a curve that it did not indicate
as being supported. Check for this case while proessing the Config
Request and stop Configurator from building a configuration that is
known not to work.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 11:19:55 +03:00
Jouni Malinen
f70db167ab SAE: Derive a variable length PMK with the new AKM suites
Select the PMK length based on the used group (prime length) when using
the new AKM suites for SAE.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:31:51 +03:00
Jouni Malinen
91010e6f67 SAE: Indicate AKM suite selector in commit for new AKM suites
SAE authentication needs to known which AKM suite is being used to be
able to determine the correct PMK length for the new AKM suite selectors
that use variable length keys.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:31:51 +03:00
Jouni Malinen
e81ec0962d SAE: Use H2E unconditionally with the new AKM suites
The new SAE AKM suites are defined to use H2E, so ignore the sae_pwe
value when these AKM suites are used similarly to the way H2E gets
enabled when SAE Password Identifiers are used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:31:51 +03:00
Jouni Malinen
f8eed2e8b8 SAE: Store PMK length and AKM in SAE data
These are needed to be able to support new AKM suites with variable
length PMK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:31:51 +03:00
Jouni Malinen
9dc4e9d136 SAE: EAPOL-Key and key/MIC length information for the new AKM suites
Update the AKM suite specific mapping of various EAPOL-Key key lengths
and algorithms to include the new SAE AKM suites with variable length
keys.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:31:51 +03:00
Jouni Malinen
a32ef3cfb2 SAE: Driver capability flags for the new SAE AKM suites
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
91df8c9c65 SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs
Define new WPA_KEY_MGMT_* values for the new SAE AKM suite selectors
with variable length keys. This includes updates to various mapping and
checking of the SAE key_mgmt values.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
5c8a714b18 SAE: Use wpa_key_mgmt_sae() helper
Use the existing helper function instead of maintaining multiple copies
of lists of SAE key management suites.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
5456b0f260 Define new RSN AKM suite selector values
Add the new AKM suite selectors defined in IEEE P802.11-REVme/D1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
d22dfe9187 DPP: Event message for indicating when Relay would need a Controller
The new DPP-RELAY-NEEDS-CONTROLLER control interface event can be used
to trigger mDNS discovery of a Controller to see if such a connection
can be established automatically at the time an Enrollee is trying to
initiate an operation.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
bfe3cfc382 DPP: Allow Relay connections to Controllers to be added and removed
The new control interface commands "DPP_RELAY_ADD_CONTROLLER <IP addr>
<PK hash>" and "DPP_RELAY_REMOVE_CONTROLLER <IP addr>" can now be used
to dynamically add and remove connections to Controllers for the cases
where the connection is initialized through a DPP Public Action frame
(i.e., Controller as the Responder).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
808834b18b Add a comparison function for hostapd_ip_addr
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
f7763880bd DPP: Advertise Configurator connectivity on Relay automatically
Instead of requiring explicit configuration through
dpp_configurator_connectivity=1, advertise Configurator connectivity
automatically if a Relay is configured with a Controller that can
operate as a Responder.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-25 00:23:31 +03:00
Jouni Malinen
ca682f80a9 DPP: Dynamic Controller initiated connection on Relay
Accept an incoming TCP connection from a Controller in a Relay that is
configured with dpp_relay_port even if that Controller is not configured
with a dpp_controller parameter. This allows more dynamic Controller
initiated operations, e.g., when using mDNS to discover a Relay.

This type of a dynamic Controller entry will not be used for exchanges
that are initiated by an Enrollee (i.e., based on a DPP Public Action
frame received by the Relay).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-23 16:57:54 +03:00
Jouni Malinen
d2388bcca5 DPP: Strict validation of PKEX peer bootstrapping key during auth
Verify that the peer does not change its bootstrapping key between the
PKEX exchange and the authentication exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 21:08:08 +03:00
Jouni Malinen
a7b8cef8b7 DPP3: Fix push button boostrapping key passing through PKEX
When PKEX was started through the push button mechanism, the own
bootstrapping key was not bound correctly to the Authentication phase
information and that ended up in incorrectly generating a new
bootstrapping key for the Authentication exchange. Fix this by added the
needed own=<id> parameter into the cached parameters when using push
button.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 21:06:04 +03:00
Jouni Malinen
69d7c8e6bb DPP: Add peer=id entry for PKEX-over-TCP case
The peer=<id> information about the specific boostrapping key provided
through PKEX was added for Public Action frame cases, but the TCP
variant did not do same. Add the same information there to maintain
knowledge of the specific peer bootstrapping key from PKEX to
Authentication exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 21:04:08 +03:00
Jouni Malinen
1ff9251a83 DPP3: Push button Configurator in wpa_supplicant
Extend DPP push button support in wpa_supplicant to allow the role of
the Configurator to be used. This provides similar functionality to the
way the DPP_PUSH_BUTTON command in hostapd worked when providing the
configuration parameters with that command (instead of building the
config object based on current AP configuration).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-22 12:28:18 +03:00
Jouni Malinen
e9137950fa DPP: Recognize own PKEX Exchange Request if it ends up being received
It is possible for a Controller to receive a copy of its own PKEX
Exchange Request in the case where the Controller is initiating a PKEX
exchange through a Relay. The Configurator role in the device would have
a matching PKEX code in that case and the device might reply as a PKEX
responder which would result in going through the exchange with the
Controller device itself. That is clearly not desired, so recognize this
special case by checking whether the Encrypted Key attribute value
matches a pending locally generated one when processing a received PKEX
Exchange Request.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-21 20:30:07 +03:00
Jouni Malinen
ae4a3a6f67 DPP: Add DPP-CONF-REQ-RX event for Controller
This gets the Controller (DPP-over-TCP) sequence closer to the one used
with Public Action frames and makes it easier for upper layer components
to share the same design for tracking operation status.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-21 13:15:22 +03:00
Jouni Malinen
fb2937b858 DPP: Allow Controller to initiate PKEX through Relay
Relay will need to allow the PKEX Exchange Response message to be
handled similarly to the Authentication Response message to allow this
sequence to be completed successfully.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 23:28:33 +03:00
Jouni Malinen
15af83cf18 DPP: Delete PKEX code and identifier on success completion of PKEX
We are not supposed to reuse these without being explicitly requested to
perform PKEX again. There is not a strong use case for being able to
provision an Enrollee multiple times with PKEX, so this should have no
issues on the Enrollee. For a Configurator, there might be some use
cases that would benefit from being able to use the same code with
multiple Enrollee devices, e.g., for guess access with a laptop and a
smart phone. That case will now require a new DPP_PKEX_ADD command on
the Configurator after each completion of the provisioning exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 23:28:33 +03:00
Jouni Malinen
148de3e0dc DPP3: Private Peer Introduction protocol
Add a privacy protecting variant of the peer introduction protocol to
allow the station device to hide its Connector from 3rd parties. The new
wpa_supplicant network profile parameter dpp_connector_privacy=1 can be
used to select this alternative mechanism to the peer introduction
protocol added in the initial release of DPP.

It should be noted that the new variant does not work with older DPP APs
(i.e., requires support for release 3). As such, this new variant is
disabled by default.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-19 00:14:41 +03:00
Jouni Malinen
786ea402bc HPKE base mode with single-shot API
Add support for HPKE base mode with single-shot API (see RFC 9180) using
OpenSSL. This is needed for DPP private introduction protocol.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-18 16:49:45 +03:00
Jouni Malinen
f0273bc814 OpenSSL: Remove a forgotten debug print
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-17 12:07:22 +03:00
Jouni Malinen
68209ddbe4 DPP: Allow 3rd party information to be added into config object
This allows the DPP Configuration Object from a Configurator to be
extended with 3rd party information. This information can be provided as
a part of the existing configuration specification mechanisms with the
new extra_name=<string> and extra_value=<hexdump encoded JSON>.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-16 17:22:23 +03:00
Jouni Malinen
0e2217c95b DPP: Allow 3rd party information to be added into config request obj
This allows the DPP Configuration Request Object from an Enrollee to be
extended with 3rd party information. The new dpp_extra_conf_req_name and
dpp_extra_conf_req_value configuration parameters specify the name of
the added JSON node and its contents. For example:
dpp_extra_conf_req_name=org.example
dpp_extra_conf_req_value={"a":1,"b":"test"}

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-16 17:22:23 +03:00
Harsh Kumar Bijlani
3d82fbe058 Add QCA vendor subcommand and attributes for SCS rule configuration
Add a new vendor subcommand QCA_NL80211_VENDOR_SUBCMD_SCS_RULE_CONFIG
for configuration event of Stream Classification Service (SCS) rule.

Also define the attributes present in this subcommand.

Signed-off-by: Harsh Kumar Bijlani <quic_hbijlani@quicinc.com>
2022-07-09 17:28:56 +03:00
Aditya Kodukula
16b62ddfaf QCA vendor attribute for DBAM configuration
Add a new vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_DBAM to
configure Dedicated Bluetooth Antenna Mode (DBAM). It is used to
switch between dedicated antenna mode for BT and COEX shared
antenna mode for WLAN and BT.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-09 17:18:49 +03:00
Jouni Malinen
451ede2c31 DPP: Allow AP/Relay to be configured to listed for new TCP connections
This extends Relay functionality to allow a Controller to intitiate a
new DPP exchange in addition to the previously supported case where the
exchange was initiated through a DPP Public Action frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-09 13:09:04 +03:00
Jouni Malinen
7bbe859873 DPP3: Allow external configuration to be specified on AP for PB
While the most likely production use case for DPP push button is to
provision the AP's current configuration, there might be some use cases
for providing different configuration. Add possibility for doing this by
extending the DPP_PUSH_BUTTON command to accept an optional set of
parameters similarly to the other DPP commands for the Configurator.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-08 00:14:06 +03:00
Jouni Malinen
8db786a43b DPP3: Testing functionality for push button announcements
Allow the Responder/Initiator hash values to be corrupted in Push Button
Presence Announcement messages for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-07 12:58:49 +03:00
Jouni Malinen
37bccfcab8 DPP3: Push button bootstrap mechanism
Add support to use a push button -based bootstrap mechanism with DPP.
The new DPP_PUSH_BUTTON control interface command enables this mode on
the AP/hostapd and station/wpa_supplicant. This goes through the
following sequence of events: a suitable peer in active push button mode
is discovered with session overlap detection, PKEX is executed with
bootstrap key hash validation, DPP authentication and configuration
exchanges are performed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-07 00:31:30 +03:00
Vinay Gannevaram
a0054fe7ca Add AP and STA specific P802.11az security capabilities (vendor command)
Add feature capability indication for P802.11az security for the drivers
to advertise capabilities such as secure LTF support, secure RTT
measurement exchange support, and protection of range negotiation and
measurement management frames for station and AP interfaces
independently. This allows a more fine-tuned capability indication as an
alternative to the upstream nl80211 mechanism that is not specific to
the operating mode.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-07 00:31:24 +03:00
Yu Wang
159e636132 QCA vendor command for CoAP offload processing
Add vendor command QCA_NL80211_VENDOR_SUBCMD_COAP_OFFLOAD to
enable/disable offload processing in firmware for CoAP messages
(RFC7252: The Constrained Application Protocol) or fetch the
CoAP messages cached during offload processing.

Signed-off-by: Yu Wang <quic_yyuwang@quicinc.com>
2022-06-30 15:43:54 +03:00
Jingxiang Ge
3b7bb17f69 Add QCA vendor attribute for TIM beacon statistics
Add the following two vendor attributes to send TIM beacon
statistics to userspace which can be used for power saving:
QCA_WLAN_VENDOR_ATTR_LL_STATS_TIM_BEACON
QCA_WLAN_VENDOR_ATTR_LL_STATS_TIM_BEACON_ERR

Signed-off-by: Jingxiang Ge <quic_jge@quicinc.com>
2022-06-30 15:30:10 +03:00
Vinay Gannevaram
09a281e52a Add QCA vendor interface for PASN offload to userspace
Define QCA vendor interface for PASN offload to userspace from the driver.

The driver can send this command as an event to a userspace component to
perform PASN authentication with a list of peers with which the driver
needs to do ranging. The userspace component, if capable of performing
PASN handshake, can perform PASN handshake with all the peer devices and
set the relevant keys by sending the
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT command for each peer
to the driver.

Once PASN handshake is completed with all requested peers, the userspace
component sends consolidated status for all the peers to the driver. The
consolidated report is required for the driver to understand that the
PASN handshake process is complete and whether it succeeded/failed for
each of the peers it was requested for. The secure ranging context is
configured only for the peers with which the PASN handshake succeeded.

When the driver requests PASN keys, the userspace component can set the
keys from its cache if those keys have not already expired and were
derived with the same source MAC address that is requested by the driver
instead of doing the full PASN handshake again.

If the driver detects that current keys of a peer are not valid anymore,
it sends a notification to userspace using the
QCA_NL80211_VENDOR_SUBCMD_PASN command and setting the action to
QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT. The userspace
component should delete the corresponding keys from its cache.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-06-23 21:50:04 +03:00
Purushottam Kushwaha
809fb96fa0 Add a vendor attribute to configure concurrency policy for AP interface
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG to
QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY sub command to set the
concurrency policy for AP interface.
QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG uses the values
defined in enum qca_wlan_concurrent_ap_policy_config to specify
concurrency policy.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2022-06-23 21:33:38 +03:00
Purushottam Kushwaha
a5754f531e Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY
Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY to
QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY to allow extension for other
interface type(s). A subsequent commit will extend the renamed
definitions in a manner that is inconsistent with the current naming.

This is a precursor for AP/P2P concurrency policy configuration support
via updated vendor command QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2022-06-23 21:32:06 +03:00
Veerendranath Jakkam
085a3fc76e EHT: Add 320 channel width support
Add initial changes to support 320 MHz channel width.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Karthikeyan Periyasamy <quic_periyasa@quicinc.com>
2022-06-20 14:39:26 +03:00
Aleti Nageshwar Reddy
bafe35df03 Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h
Move most of CHANWIDTH_* definitions from ieee80211_defs.h to defs.h as
the definitions are getting used mostly for internal purpose only. Also
change prefix of the definitions to CONF_OPER_CHWIDTH_* and update in
all the files accordingly.

Leave the couple of VHT-specific exceptions to use the old defines (the
reason why they were originally added as VHT values), to avoid use of
clearly marked configuration values in information elements. In
addition, use the defines instead of magic values where appropriate.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2022-06-20 14:39:18 +03:00
Veerendranath Jakkam
3c2ba98add Add QCA vendor event to indicate driver recovery after internal failures
Add QCA vendor event to indicate user space that the driver recovery is
completed after the internal failure reported with
QCA_NL80211_VENDOR_SUBCMD_HANG.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-06-16 20:15:39 +03:00
Purushottam Kushwaha
8dd8267413 QCA vendor attribute to configure direct data path for audio traffic
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_AUDIO_DATA_PATH to
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to configure audio data
path.

Possible audio data paths are defined in enum qca_wlan_audio_data_path.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2022-06-16 17:49:45 +03:00
Kiran Kumar Lokere
504be2f9de QCA vendor command support to get WLAN radio combinations
Vendor command to get the WLAN radio combinations matrix supported by
the device which provides the device simultaneous radio configurations
such as standalone, dual band simultaneous, and single band
simultaneous.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-06-16 17:47:06 +03:00
Jouni Malinen
d5905dbc84 OCV: Check the Frequency Segment 1 Channel Number only on 80+80 MHz
The initial OCV implementation validating this field in the OCI element
for both the 80+80 MHz and 160 MHz cases. However, IEEE Std 802.11-2020,
12.2.9 ("Requirements for Operating Channel Validation") limitis that
verification step for the 80+80 MHz case: "Verifying that, if operating
an 80+80 MHz operating class, the frequency segment 1 channel number ...
is equal to the Frequency Segment 1 Channel Number field of the OCI."

Remove this check for the 160 MHz case since there has been incorrect
interpretation on how the Frequency Segment 1 Channel Number field of
the OCI element is set in this case (using VHT rules for CCFS2). The
modified validation step is meets the real need here, is compliant with
the standard, and avoids potential interoperability issues when using
contiguous 160 MHz channels.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-06-14 17:19:27 +03:00
Sreeramya Soratkal
4383528e01 P2P: Use weighted preferred channel list for channel selection
Previously, the driver could optionally (using QCA vendor command)
provide a preferred channel list to wpa_supplicant for channel selection
during the GO negotiation. Channel selection process can be more
efficient with the information of weights and flags of the preferred
channel list that can be provided by the driver. Use a weighted
preferred channel list provided by the driver for channel selection
during GO negotiation if such a list is available.

Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com>
2022-06-02 17:09:10 +03:00
Jianmin Zhu
f2c5c8d38f QCA vendor attribute to configure RX link speed threshold for roaming
Add QCA_ATTR_ROAM_CONTROL_RX_LINKSPEED_THRESHOLD value as the RX link
speed threshold to disable roaming. If the current link speed is above
the threshold, there is no need to roam.

Signed-off-by: Jianmin Zhu <quic_jianminz@quicinc.com>
2022-06-02 16:10:28 +03:00
Purushottam Kushwaha
94bc94b206 Add QCA vendor attribute for DO_ACS to allow using existing scan entries
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME to
QCA_NL80211_VENDOR_SUBCMD_DO_ACS and opportunistically optimize time
taken for ACS scan. Avoid scanning the channels which were scanned
within last QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME milliseconds
and use scan results from the scan results cache for ACS scoring. For
other channels, perform ACS scan and use the received scan results.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-31 12:44:38 +03:00
Qiwei Cai
b9e2826b9d P2P: Filter 6 GHz channels if peer doesn't support them
When 6 GHz channels are included in channel list of P2P Action frames
but some peer devices don't support the 6 GHz feature and cannot parse
P2P IE data correctly, P2P handshake will fail.

Remove 6 GHz channels from the P2P Action frames if the peer doesn't
support 6 GHz feature to avoid such failures.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-31 12:41:48 +03:00
Vikram Kandukuri
d5a9944b84 Reserve QCA vendor sub command id 206..212
This is reserved for QCA use.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-31 12:09:52 +03:00
Jeff Johnson (QUIC)
ed63c286fc Remove space before tab in QCA vendor commands
A few of the comments in the QCA vendor commands have a space
character before a tab. That is pointless, and some code style
checkers may complain about it, so remove the spaces.

Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
2022-05-31 12:00:43 +03:00
Jouni Malinen
e4015440af ProxyARP: Clear bridge parameters on deinit only if hostapd set them
Skip the x_snoop_deinit() operations if hostapd did not actually
configure the parameters in the first place. While clearing these
specific parameters is unlikely to change how they were set outside the
scope of hostapd, it is better to leave them as-is to avoid surprises if
hostapd was not configured to use ProxyARP.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-31 11:53:05 +03:00
Jouni Malinen
cd92f7f98a FIPS PRF: Avoid duplicate SHA1Init() functionality
The initialization values used for the FIPS 186-2 PRF are identical to
the ones used in SHA1Init(), so use that internal function instead of
maintaining a duplicate set of values here. fips186_2_prf() was already
using an internal SHA1Transform() function so using another internal
function does not make this any worse.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-27 00:32:12 +03:00
Jouni Malinen
5c87fcc154 OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0
OpenSSL 3.0 has deprecated the low-level SHA1 functions and does not
include an upper layer interface that could be used to use the
SHA1_Transform() function. Use the internal SHA-1 implementation instead
as a workaround.

While this type of duplicate implementation of SHA-1 is not really
ideal, this PRF is needed only for EAP-SIM/AKA and there does not seem
to be sufficient justification to try to get this working more cleanly
with OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-27 00:32:10 +03:00
Jouni Malinen
c41004d861 OpenSSL: Convert more crypto_ec_key routines to new EVP API
This avoids some more uses of the deprecated EC_KEY API when using
OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:23 +03:00
Jouni Malinen
667a2959c2 OpenSSL: crypto_ec_key_get_public_key() using new EVP_PKEY API
Implement crypto_ec_key_get_public_key() without the deprecated EC_KEY
API when using OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:22 +03:00
Jouni Malinen
5b97395b3e OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API
Implement crypto_ec_key_get_private_key() without the deprecated EC_KEY
API when using OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:20 +03:00
Jouni Malinen
177ebfe109 crypto: Convert crypto_ec_key_get_public_key() to return new ec_point
This makes it easier for the crypto library/wrapper to avoid direct
references to internal EC key parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:19 +03:00
Jouni Malinen
26780d92f3 crypto: Convert crypto_ec_key_get_private_key() to return new bignum
This makes it easier for the crypto library/wrapper to avoid direct
references to internal EC key parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:18 +03:00
Jouni Malinen
c9c2c2d9c7 OpenSSL: Fix a memory leak on crypto_hash_init() error path
The EVP_MAC context data needs to be freed on error paths.

Fixes: e31500adea ("OpenSSL: Implement HMAC using the EVP_MAC API")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:17 +03:00
Jouni Malinen
6d19dccf94 OpenSSL: Free OSSL_DECODER_CTX in tls_global_dh()
The conversion to the new OpenSSL 3.0 API had forgotten to free the
context structure.

Fixes: bcd299b326 ("OpenSSL: Convert DH/DSA parameter loading to new API")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:16 +03:00
Jouni Malinen
4f4479ef9e OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API
Avoid using the deprecated EC_KEY API when building these functions with
OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:15 +03:00
Jouni Malinen
5636991749 EAP-SIM/AKA peer: IMSI privacy attribute
Extend IMSI privacy functionality to allow an attribute (in name=value
format) to be added using the new imsi_privacy_attr parameter.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-25 20:18:40 +03:00
Jouni Malinen
99165cc4b0 Rename wpa_supplicant imsi_privacy_key configuration parameter
Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:44:03 +03:00
Jouni Malinen
35eda6e700 EAP-SIM peer: Free imsi_privacy_key on an error path
This is an allocated resource so it needs to be free on the error path.

Fixes: 42871a5d25 ("EAP-SIM/AKA peer: IMSI privacy")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:34:08 +03:00
Jouni Malinen
d1652dc7cc OpenSSL: Refuse to accept expired RSA certificate
This is needed for IMSI privacy to avoid trying to use an expired public
key.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:32:56 +03:00
Jouni Malinen
866e7b7458 OpenSSL: Include rsa.h for OpenSSL 3.0
This is needed to get RSA_PKCS1_OAEP_PADDING.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 23:13:28 +03:00
Jouni Malinen
bc99366f9b OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1
Commit 9afb68b039 ("OpenSSL: Allow systemwide secpolicy overrides for
TLS version") with commit 58bbcfa31b ("OpenSSL: Update security level
drop for TLS 1.0/1.1 with OpenSSL 3.0") allow this workaround to be
enabled with an explicit network configuration parameter. However, the
default settings are still allowing TLS 1.0 and 1.1 to be negotiated
just to see them fail immediately when using OpenSSL 3.0. This is not
exactly helpful especially when the OpenSSL error message for this
particular case is "internal error" which does not really say anything
about the reason for the error.

It is is a bit inconvenient to update the security policy for this
particular issue based on the negotiated TLS version since that happens
in the middle of processing for the first message from the server.
However, this can be done by using the debug callback for printing out
the received TLS messages during processing.

Drop the OpenSSL security level to 0 if that is the only option to
continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed
in wpa_supplicant default configuration and OpenSSL 3.0 with the
constraint on MD5-SHA1 use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 17:01:35 +03:00
Jouni Malinen
ed325ff0f9 DPP: Allow TCP destination (address/port) to be used from peer URI
tcp_addr=from-uri can now be used as a special case for initiating
DPP-over-TCP to the destination indicated in the peer bootstrapping URI.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 22:53:36 +03:00
Jouni Malinen
37bb4178b5 DPP: Host information in bootstrapping URI
Parse the host information, if present, in bootstrapping URI and allow
such information to be added when generating the URI.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 17:55:25 +03:00
Jouni Malinen
1142b6e415 EHT: Do not check HE PHY capability info reserved fields
Only use the bandwidth bits that are applicable for the current
operating band. This avoids use of reserved bits when determining the
length of the Support EHT-MCS And NSS Set field length.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-16 19:39:57 +03:00
Jouni Malinen
bc36991791 Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4
IEEE Std 802.11-2020 is ambiguous on how the Secure bit is set in
EAPOL-Key msg 1/4 and 2/4 in the case where 4-way handshake is use to
rekey the PTK. 12.7.2 describes this with "set to 1 once the initial key
exchange is complete" while 12.7.6 shows EAPOL-Key msg 1/4 and 2/4 using
Secure=0 without any consideration on whether the handshake is for
rekeying.

TGme seems to be moving towards clarifying this to use Secure=1 based on
there being a shared PTKSA between the Authenticator and the Supplicant.
In other words, this would use Secure=1 in EAPOL-Key msg 1/4 and 2/4 in
the case of rekeying. Change implementation to match that. This bit was
already practically ignored on the reception side, so this should not
have impact on actual functionality beyond this one bit changing its
value in the frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-16 17:47:17 +03:00
Jouni Malinen
fc9648a6a1 DPP: Debug print if not relay is available for PKEX exchange
This makes it easier to see what happened with the received PKEX frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 17:25:09 +03:00
Jouni Malinen
1739d50c20 FST: More robust bounds checking of local data in fst_dump_mb_ies()
Check the full MBIE length against the buffer length explicitly before
the debug print. This is for locally generated data, so the bounds
checking is not critical here, but it is better to use proper checking
anyway to avoid static analyzer complaints.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 17:18:58 +03:00
Jouni Malinen
77bb12a604 P2P: Maintain ip_pool bitfield index separately
Avoid the somewhat confusing mechanism of determining the bitfield index
from the assigned IP address to make this easier for static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:59:31 +03:00
Jouni Malinen
2982e50c15 EAP-SAKA: Simplify attribute parser for static analyzers
Make bounds checking in eap_sake_parse_attributes() easier to analyze.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:53:38 +03:00
Jouni Malinen
6e8518749f GAS: Limit maximum comeback delay value
Limit the GAS comeback delay to 60000 TUs, i.e., about 60 seconds. This
is mostly to silence static analyzers that complain about unbounded
value from external sources even though this is clearly bounded by being
a 16-bit value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:41:37 +03:00
Jouni Malinen
f8615990e2 Simplify wpa_parse_kde_ies()
Use a local variable to store the full IE length instead of calculating
it multiple times.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:36:09 +03:00
Jouni Malinen
61d37f44b7 Simplify wpa_parse_generic()
Use local variables and common checking of the selector (or vendor
specific IE header) to make the bounds checking easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:36:09 +03:00
Jouni Malinen
469528a6e5 BSS coloring: Fix bitmap check
BIT(r) is not sufficient here since it does not cover 64 bit values.
Write this out with 1ULL to be large enough for the shift operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:36:09 +03:00
Jouni Malinen
8392c86df0 Check he_cap pointer in hostapd_set_freq_params() consistently
The EHT changes made this checking inconsistent. If he_cap can be NULL
in case of EHT being enabled, better make sure it does not get
dereferenced without an explicit check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 00:39:20 +03:00
Jouni Malinen
2227c85a94 DPP: Verify that crypto_ec_point_to_bin() succeeds
This is testing code, but it's better to check the return value
explicitly even if this were not really able to fail in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 00:31:25 +03:00
Jouni Malinen
a8c3199527 nl80211: Verify that nla_put_flag() succeeds for background radar
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 00:29:48 +03:00
Jouni Malinen
993eb12407 FST: Make sure get_hw_modes() callback is set for hostapd
It looks like fst_wpa_obj::get_hw_modes would have been left
uninitialized in hostapd. It is not obviously clear why this would not
have caused issues earlier, but in any case, better make this set
properly to allow unexpected behavior should that function pointer ever
be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 00:27:51 +03:00
Jouni Malinen
4537fe124a P2P: Explicit nul termination of the generated passphrase
Nul terminate the struct p2p_go_neg_results::passphrase explicitly to
keep static analyzers happier. This was already nul terminated in
practice due to the full array being cleared to zero on initialization,
but that was apparently not clear enough for some analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 23:59:23 +03:00
Tova Mussai
3b8d9da9b5 nl80211: Set NL80211_SCAN_FLAG_COLOCATED_6GHZ in scan
Set NL80211_SCAN_FLAG_COLOCATED_6GHZ in the scan parameters to enable
scanning for co-located APs discovered based on neighbor reports from
the 2.4/5 GHz bands when not scanning passively. Do so only when
collocated scanning is not disabled by higher layer logic.

Signed-off-by: Tova Mussai <tova.mussai@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2022-05-07 21:37:08 +03:00
MeiChia Chiu
96a7f38329 hostapd: Add the destination address of unsolicited Probe Response frame
Without this, hostapd generates Probe Response frames with the null
destination address when hostapd enables unsolicited Probe Response
frame transmission. Fix this to use the broadcast address instead.

Fixes: 024b4b2a29 ("AP: Unsolicited broadcast Probe Response configuration")
Signed-off-by: MeiChia Chiu <meichia.chiu@mediatek.com>
2022-05-07 21:37:08 +03:00
Jouni Malinen
8690374439 Discard unencrypted EAPOL/EAP when TK is set and PMF is enabled (AP)
RSN design is supposed to encrypt all Data frames, including EAPOL
frames, once the TK has been configured. However, there are deployed
implementations that do not really follow this design and there are
various examples from the older uses of EAPOL frame where those frames
were not encrypted. As such, strict filtering of unencrypted EAPOL
frames might results in undesired interoperation issues.

However, some of the most important cases of missing EAPOL frame
encryption should be possible to handle without causing too significant
issues. These are for cases where an attacker could potentially cause an
existing association to be dropped when PMF is used. EAPOL-Start and
EAPOL-Logoff are potential candidate for such attacks since those frames
could be used to terminate an authentication or initiate a new EAP
authentication. Such an attack could result in the station ending up
disconnecting or at minimum, getting into somewhat mismatching state
with the AP.

Drop EAPOL-Start/Logoff/EAP frames on the AP/Authenticator when it is
known that it was not encrypted but should have been and when PMF is
enabled. While it would be correct to drop this even without PMF, that
does not provide any significant benefit since it is trivial to force
disconnection in no-PMF cases. It should also be noted that not all
drivers provide information about the encryption status of the EAPOL
frames and this change has no impact with drivers that do not indicate
whether the frame was encrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
3c2fbe9f56 Discard unencrypted EAPOL-EAP when TK is set and PMF is enabled
RSN design is supposed to encrypt all Data frames, including EAPOL
frames, once the TK has been configured. However, there are deployed
implementations that do not really follow this design and there are
various examples from the older uses of EAPOL frame where those frames
were not encrypted. As such, strict filtering of unencrypted EAPOL
frames might results in undesired interoperation issues.

However, some of the most important cases of missing EAPOL frame
encryption should be possible to handle without causing too significant
issues. These are for cases where an attacker could potentially cause an
existing association to be dropped when PMF is used. EAP-Request is one
potential candidate for such attacks since that frame could be used to
initiate a new EAP authentication and the AP/Authenticator might not
allow that to complete or a large number of EAP-Request frames could be
injected to exceed the maximum number of EAP frames. Such an attack
could result in the station ending up disconnecting or at minimum,
getting into somewhat mismatching state with the AP.

Drop EAPOL-EAP frames when it is known that it was not encrypted but
should have been and when PMF is enabled. While it would be correct to
drop this even without PMF, that does not provide any significant
benefit since it is trivial to force disconnection in no-PMF cases. It
should also be noted that not all drivers provide information about the
encryption status of the EAPOL frames and this change has no impact with
drivers that do not indicate whether the frame was encrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
872a57500c Discard unencrypted EAPOL-Key msg 1/4 when TK is set and PMF is enabled
RSN design is supposed to encrypt all Data frames, including EAPOL
frames, once the TK has been configured. However, there are deployed
implementations that do not really follow this design and there are
various examples from the older uses of EAPOL frame where those frames
were not encrypted. As such, strict filtering of unencrypted EAPOL
frames might results in undesired interoperation issues.

However, some of the most important cases of missing EAPOL frame
encryption should be possible to handle without causing too significant
issues. These are for cases where an attacker could potentially cause an
existing association to be dropped when PMF is used. EAPOL-Key msg 1/4
is one potential candidate for such attacks since that frame could be
used to initiate a 4-way handshake that the real AP might never complete
and the station might end up disconnecting because of that or at
minimum, getting into somewhat mismatching state with the AP.

Drop EAPOL-Key msg 1/4 when it is known that it was not encrypted but
should have been and when PMF is enabled. While it would be correct to
drop this even without PMF, that does not provide any significant
benefit since it is trivial to force disconnection in no-PMF cases. It
should also be noted that not all drivers provide information about the
encryption status of the EAPOL frames and this change has no impact with
drivers that do not indicate whether the frame was encrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
e6c0e12158 Do not prevent Michael MIC error report based on disallowed PTK0 rekey
EAPOL-Key Request frame with Error=1 is not really a request for a new
key, so allow that frame to be sent even if PTK0 rekey is not allowed
since the supplicant is required to report Michael MIC errors to the
authenticator.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
18c0ac8901 Provide information about the encryption status of received EAPOL frames
This information was already available from the nl80211 control port RX
path, but it was not provided to upper layers within wpa_supplicant and
hostapd. It can be helpful, so parse the information from the driver
event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:03 +03:00
Jouni Malinen
7ee814201b FILS: Set pairwise_set when configuring TK after association
sm->pairwise_set needs to be set whenever the TK has been configured to
the driver to request following EAPOL frames to be encrypted (or more
specifically, not to request them to not be encrypted). The FILS case
missed this setting and that could result in rekeying or
reauthentication in an associated started with FILS not working
correctly.

Fixes: da24c5aa1c ("FILS: Set TK after association (AP)")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 20:36:49 +03:00
Jouni Malinen
98278c0de0 Fix no_encrypt flag in control port TX for rekeying
The wpa_supplicant check for whether a TK is configured into the driver
was broken during the time this information is needed for rekeying or
reauthenticating with another 4-way handshake. sm->ptk.installed is not
set at the point the EAPOL-Key msg 4/4 is sent and while that means the
initial 4-way handshake needs to prevent encryption, the consecutive
4-way handshake must not be doing that since the old key (TK) is still
in the driver. Fix this so that the EAPOL-Key msg 4/4 during rekeying
does not get transmitted without encryption.

Fixes: a79ed06871 ("Add no_encrypt flag for control port TX")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 18:54:09 +03:00
Domien Schepers
b1172c19e1 WPA: Discard EAPOL-Key msg 1/4 with corrupted information elements
Currently a corrupted handshake message 1/4 causes the client to
disconnect from the network. This can lead to a denial-of-service
vulnerability allowing an adversary to forcibly disconnect a client from
protected networks even when Wi-Fi Management Frame Protection (MFP) is
enforced if the driver allows unencrypted EAPOL-Key frames to be
received after key configuration..

Fix this by discarding the corrupted handshake message 1/4.

This issue was discovered by Domien Schepers (Northeastern University)
and Mathy Vanhoef (imec-DistriNet, KU Leuven).

Signed-off-by: Domien Schepers <schepers.d@northeastern.edu>
2022-05-07 18:54:09 +03:00
Jouni Malinen
7a7a4ea578 Check need for SA Query/assoc comeback before updating RSNE parameters
wpa_validate_wpa_ie() might update sm->* values, so it should not be
allowed for an existing STA entry if that STA has negotiated MFP to be
used for the association. Fix this by first checking whether an SA Query
procedure needs to be initiated. In particular, this prevents a
potential bypass of the disconnection protection.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-07 18:52:13 +03:00
Veerendranath Jakkam
27e828d728 ACS: Send EHT enabled info to driver
The driver can consider EHT specific parameters such as the puncture
pattern for ACS when this flag attribute is indicated by userspace.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:25:44 +03:00
Veerendranath Jakkam
82066bd367 nl80211: Don't force VHT channel definition with EHT
Add a check to avoid sending VHT channel definition when EHT is enabled
in the 2.4 GHz band since the 2.4 GHz band isn't supposed to use VHT
operations. Also add EHT enabled info into debug prints.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:23:51 +03:00
Veerendranath Jakkam
43fe1ce35d EHT: Add [EHT] flag into AP mode STA command
This indicates whether an associated stations supports EHT.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:21:35 +03:00
Veerendranath Jakkam
4994c41f22 EHT: Indicate ieee80211be configuration in hostapd STATUS output
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:20:15 +03:00
Veerendranath Jakkam
50d8837106 EHT: Fix invalid length checking for EHT Capability element
Do not consider optional octets maximum lengths when validating EHT
fixed fields length. Furthermore, do not use the first two octets of the
PPE Thresholds field without explicitly confirming that these octets
were included in the element and fix PPE Thresholds field length
calculation.

Fixes: a6d1b4c46c ("EHT: Process (Re)Association Request frame capabilities")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:19:56 +03:00
Sunil Ravi
2c78f11a9f Fix compilation due to forward declaration of macaddr_acl
enum macaddr_acl is forward declared in wpa_supplicant/ap.h.
c++ compiler doesn't allow forward declaration. So to fix the
compilation error, moved the enum macaddr_acl declaration out
of struct hostapd_bss_config.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-05-05 13:04:13 +03:00
Jouni Malinen
c8e822801d OpenSSL: Fix build with old library versions that do not support TLS 1.3
The OCSP check here is specific to TLS 1.3 and the TLS1_3_VERSION value
is not available in older library versions. Comment this check out from
such cases since it is not applicable with such an old library.

Fixes: 10746875e2 ("OpenSSL: Allow no OCSP response when resuming a session with TLS 1.3")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 13:04:13 +03:00
Jouni Malinen
c24e18e5c5 LibreSSL: Fix compilation issue with TLS 1.3 session ticket limit
LibreSSL does not seem have SSL_CTX_set_num_tickets(), so comment out
these not really critical calls when building with that library.

Fixes: 81e2498889 ("OpenSSL: Limit the number of TLS 1.3 session tickets to one")
Fixes: decac7cd1e ("OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 13:03:59 +03:00
Jouni Malinen
eb5e639856 LibreSSL: Fix compilation issue with RSA-OAEP
EVP_PKEY_CTX_set_rsa_oaep_md() does not seem to be available in
LibreSSL, so for now, comment out this functionality whenever building
with that library.

Fixes: 36b11bbcff ("OpenSSL: RSA-OAEP-SHA-256 encryption/decryption")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 13:02:12 +03:00
Sunil Ravi
5d56cf1c71 BoringSSL: Fix compilation error due to TLS 1.3 session tickets
SSL_CTX_set_num_tickets() is not available in boringSSL.
So protect the call to SSL_CTX_set_num_tickets() under
!defined(OPENSSL_IS_BORINGSSL) to fix the compilation error.

Fixes: decac7cd1e ("OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled")
Fixes: 81e2498889 ("OpenSSL: Limit the number of TLS 1.3 session tickets to one")
Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-05-05 13:01:33 +03:00
Jouni Malinen
a561d12d24 EAP peer status notification for server not supporting RFC 5746
Add a notification message to indicate reason for TLS handshake failure
due to the server not supporting safe renegotiation (RFC 5746).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 00:21:46 +03:00
Jouni Malinen
566ce69a8d EAP peer: Workaround for servers that do not support safe TLS renegotiation
The TLS protocol design for renegotiation was identified to have a
significant security flaw in 2009 and an extension to secure this design
was published in 2010 (RFC 5746). However, some old RADIUS
authentication servers without support for this are still used commonly.

This is obviously not good from the security view point, but since there
are cases where the user of a network service has no realistic means for
getting the authentication server upgraded, TLS handshake may still need
to be allowed to be able to use the network.

OpenSSL 3.0 disabled the client side workaround by default and this
resulted in issues connection to some networks with insecure
authentication servers. With OpenSSL 3.0, the client is now enforcing
security by refusing to authenticate with such servers. The pre-3.0
behavior of ignoring this issue and leaving security to the server can
now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1.
This should be used only when having to connect to a network that has an
insecure authentication server that cannot be upgraded.

The old (pre-2010) TLS renegotiation mechanism might open security
vulnerabilities if the authentication server were to allow TLS
renegotiation to be initiated. While this is unlikely to cause real
issues with EAP-TLS, there might be cases where use of PEAP or TTLS with
an authentication server that does not support RFC 5746 might result in
a security vulnerability.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 00:20:19 +03:00
Jouni Malinen
ccb3206b61 Fix tls_connection_set_success_data() in TLS library wrappers
Some of the TLS library wrappers defined only an empty function for
tls_connection_set_success_data(). That could result in memory leaks in
TLS server cases, so update these to do the minimal thing and free the
provided buffer as unused.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-04 00:05:09 +03:00
Jouni Malinen
decac7cd1e OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled
Do not provide TLS 1.3 session tickets if session caching is disabled.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 18:07:50 +03:00
Jouni Malinen
05406f7ae8 EAP-PEAP server: Fix TLS 1.3 move to Phase 2 without a new session ticket
When a new session ticket is not issued to the peer, Phase 2 identity
request need to be sent out as a response to the Finished message from
the peer. Fix this to allow the TLS server to be configured to not send
out a new session ticket when using TLS 1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 18:07:50 +03:00
Jouni Malinen
10746875e2 OpenSSL: Allow no OCSP response when resuming a session with TLS 1.3
TLS 1.3 sends the OCSP response with the server Certificate message.
Since that Certificate message is not sent when resuming a session,
there can be no new OCSP response. Allow this since the OCSP response
was validated when checking the initial certificate exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 18:07:43 +03:00
Jouni Malinen
2be1bcaf74 EAP-TLS peer: Fix protected success indication check for resumed session
The internal flag prot_success_received was not cleared between the
sessions and that resulted in the resumed session not mandating the
protected success indication to be received. Fix this by clearing the
internal flag so that the EAP-TLS handshake using session resumption
with TLS 1.3 takes care of the required check before marking the
authentication successfully completed. This will make the EAP-TLS peer
reject an EAP-Success message should it be received without the
protected success indication.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 17:16:44 +03:00
Jouni Malinen
1c66276d9a EAP-TLS server: Send final TLS message for resumed session with TLS 1.3
The final message with NewSessionTicket and ApplicationData(0x00) was
already generated, but that was not sent out due the session considered
to be already completed. Fix this by actually sending out that message
to allow the peer to receive the new session ticket and protected
success indication when using resuming a session with TLS 1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 17:16:44 +03:00
Jouni Malinen
81e2498889 OpenSSL: Limit the number of TLS 1.3 session tickets to one
One session ticket is sufficient for EAP-TLS, so do not bother
generating more than a single session ticket.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 17:16:39 +03:00
Alexander Clouter
a8d058c939 OpenSSL: SSLKEYLOGFILE capability to allow Wireshark TLS decoding
A port of the trivial patch I wrote for FreeRADIUS to allow TLS decoding
in Wireshark for hostapd/wpa_supplicant:

df0eb0a884

Signed-off-by: Alexander Clouter <alex@coremem.com>
2022-05-01 18:23:59 +03:00
Juliusz Sosinowicz
23f389068e wolfSSL: Fix OCSP stapling
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:27:04 +03:00
Juliusz Sosinowicz
a2971f8d8e wolfSSL: Allow TLS version 1.3 to be disabled
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:26:59 +03:00
Juliusz Sosinowicz
a40e48fbe1 wolfSSL: Fix TLS 1.3 session handling
Uses the changes to wolfSSL found in
https://github.com/wolfSSL/wolfssl/pull/5078

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:26:52 +03:00
Juliusz Sosinowicz
0c3f68f2a0 wolfSSL: Check for the too-short-password error in pbkdf2_sha1()
This may fail with FIPS builds because the FIPS requirement is that the
password must be at least 14 characters.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:13:34 +03:00
Juliusz Sosinowicz
ca26224815 Check the return of pbkdf2_sha1() for errors
pbkdf2_sha1() may return errors and this should be checked in calls.
This is especially an issue with FIPS builds because the FIPS
requirement is that the password must be at least 14 characters.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:13:31 +03:00
Juliusz Sosinowicz
013cd694d9 wolfSSL: Fixes for FIPS builds
Some API is not available when using FIPS. We need to allocate memory
and initialize the structs directly.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:04:16 +03:00
Juliusz Sosinowicz
9d5f8168fc wolfSSL: Register a FIPS callback
Register a callback with wolfCrypt_SetCb_fips to inform the user of
errors in the wolfCrypt FIPS module.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:03:50 +03:00
Juliusz Sosinowicz
8f36e6c0f4 wolfSSL: Implement crypto_ec_key wrappers
These are needed to support SAEK-PK with the wolfSSL backend.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:01:34 +03:00
Juliusz Sosinowicz
1f7e10177a wolfSSL: Add missing free calls for wolfSSL structs
In some configurations the wc_Init*() functions may either allocate
memory or other system resources. These resources need to be freed.

Co-authored-by: JacobBarthelmeh <jacob@wolfssl.com>
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 16:35:36 +03:00
Juliusz Sosinowicz
ec1cd91e72 wolfSSL: Support both DER and PEM blobs
Add support for loading private keys and certificates in both PEM and
DER formats with wolfSSL.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 16:34:39 +03:00
Jouni Malinen
42871a5d25 EAP-SIM/AKA peer: IMSI privacy
Add support for IMSI privacy in the EAP-SIM/AKA peer implementation. If
the new wpa_supplicant network configuration parameter imsi_privacy_key
is used to specify an RSA public key in a form of a PEM encoded X.509v3
certificate, that key will be used to encrypt the permanent identity
(IMSI) in the transmitted EAP messages.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
21098e39fe EAP-SIM/AKA server: IMSI privacy
Add support for IMSI privacy in the EAP-SIM/AKA server implementation.
If the new hostapd configuration parameter imsi_privacy_key is used to
specify an RSA private key, that key will be used to decrypt encrypted
permanent identity.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
36b11bbcff OpenSSL: RSA-OAEP-SHA-256 encryption/decryption
Add new crypto wrappers for performing RSA-OAEP-SHA-256 encryption and
decryption. These are needed for IMSI privacy.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:06 +03:00
Muna Sinada
c3d389b72f EHT: Channel switch command support
Add option to hostapd control interface CHAN_SWITCH command to allow
switch in EHT mode.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:44:18 +03:00
Muna Sinada
dae7940a48 EHT: Additions to hostapd_set_freq_params()
Modify hostapd_set_freq_params() to include EHT parameters and update
the calling functions to match.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:40:13 +03:00
Aloka Dixit
e646b11fea EHT: Indicate EHT support in Neighbor Report element
Set bit 21 in the neighbor report for an EHT AP as described in IEEE
P802.11be/D1.5, 9.4.2.36. Also move the check for HE outside the check
for HT as neither HT nor VHT are enabled in the 6 GHz band.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:30:26 +03:00
Aloka Dixit
f915d52dee EHT: Provide EHT capabilities in STA addition path
Add support for EHT capabilities in the addition of a new station entry
to the driver.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
a6d1b4c46c EHT: Process (Re)Association Request frame capabilities
Parse EHT capabilities sent by a non-AP STA in (Re)Association Request
frames. Validate the length of the element, matching MCS rates between
AP TX and STA RX. Store the capabilities in the station info structure.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
340c0e2122 EHT: Parse elements received in Management frames
Parse and store pointers to EHT Capabilities and Operation elements
received in Management frames.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
d54e3d0495 EHT: Add operation element in AP mode Management frames
Add EHT Operation element in Beacon, Probe Response, and (Re)Association
Response frames using the format described in IEEE P802.11be/D1.5,
9.4.2.311.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
9b7202d665 EHT: Add capabilities element in AP mode Management frames
Add EHT Capabilities element in Beacon, Probe Response, and
(Re)Association Response frames.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
a7ea721889 EHT: Add configuration options for beamforming capabilities
Add configuration options to set EHT SU/MU beamforming capabilities.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:39 +03:00
Aloka Dixit
8db3881c76 EHT: Add operating channel width configuration
Add new configuration options to configure EHT operating channel
width and center frequency.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:39 +03:00
Aloka Dixit
8dcc2139ff EHT: AP mode configuration options to enable/disable the support
Add compilation support for IEEE 802.11be along with options to enable
EHT support per radio and disable per interface.

Enabling HE is mandatory to enable EHT mode.

Tested-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:39 +03:00
Aloka Dixit
9f7da264bd nl80211: Pass station's EHT capabilities to the driver in sta_add()
Pass non-AP STA's EHT capabilities to the driver using the
NL80211_ATTR_EHT_CAPABILITY attribute.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:27:52 +03:00
Aloka Dixit
0c8a9aa5d2 nl80211: Parse EHT capabilities from the driver
Add nl80211 support to parse the EHT capabilities passed by the kernel
using new attributes added in NL80211_BAND_ATTR_IFTYPE_DATA.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 15:31:07 +03:00
Aloka Dixit
c08b735fdb EHT: Define EHT elements
Define the following fields described in IEEE P802.11be/D1.5:
- 9.4.2.311 EHT Operation element
- 9.4.2.313 EHT Capabilities element

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 15:13:08 +03:00
Jouni Malinen
86310c2202 Set hostapd hw_mode automatically based on 6 GHz op_class
Allow hostapd configuration to specify use of the 6 GHz band with the
specific op_class values without having to set the hw_mode=a parameter
explicitly.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-29 11:19:43 +03:00
Jouni Malinen
664fd83d59 nl80211: Increase the buffer length for debug printing channels
The previously used buffer was not large enough to be able to print out
all 6 GHz channels, so use a larger buffer to avoid leaving out
supported channels from the debug print.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-28 21:15:41 +03:00
Gururaj Pandurangi
563162a5f5 QCA vendor attribute to allow eMLSR HW mode
Add QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_11BE_EMLSR_MODE value to allow
or disallow eMLSR hardware mode for IEEE 802.11be MLO capable devices.
If this attribute is set to 1, and if the firmware supports this
capability too, the STA advertises this capability to the AP over
Association Request frame. This attribute will not have any effect on
legacy devices with no IEEE 802.11be support.

Signed-off-by: Gururaj Pandurangi <quic_panduran@quicinc.com>
2022-04-28 21:09:41 +03:00
Jouni Malinen
1e34bc49cd OpenSSL: Track SSL_SESSION ex data separately
It looks like the OpenSSL callbacks for SSL_SESSION can end up calling
the remove callback for multiple SSL_SESSION entries that share the same
ex data. This could result in double freeing the session data on the
server side.

Track the SSL_SESSION ex data in a separate list and free the
allocations only if they are pointing to a valid allocated wpabuf
pointer.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-27 20:43:41 +03:00
Jouni Malinen
284e3ad196 Determine whether Beacon frame information is newer in scan results
It can be helpful to know whether the information elements from the
Beacon frame or the Probe Response frame are newer when using BSS table
entries, so make this information known, if available. This allows the
Beacon frame elements to be preferred over the Probe Response frame
elements when desired.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-24 12:08:28 +03:00
Ben Greear
f1686d7761 hostapd: Allow enabling background radar
This feature does not work on all radios that advertise this feature
with the current driver implementation, and possibly some users don't
want to use it even if it works fine, so disable it by default for now,
but let users enable it as desired with enable_background_radar=1.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2022-04-23 23:38:58 +03:00
Jouni Malinen
08d7738bb2 wolfSSL: Speed up crypto_ec_point_compute_y_sqr()
Optimize the calculation by computing (x^2 + a) first to get rid of one
separate multiplication by x.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 16:12:49 +03:00
Jouni Malinen
f50d5c9a83 wolfSSL: Fix crypto_ec_point_compute_y_sqr() error case processing
The result (y2) was cleared and freed in error cases, but the pointer
itself was not cleared to NULL, so the error path would have returned a
pointer to freed memory. Fix this by properly clearing the return value
in error cases. In addition, simplify the function to avoid tracking
success case separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 16:04:49 +03:00
赵军涛
7302aa7614 wolfSSL: Fix the memory leak of crypto_ec_point_compute_y_sqr()
Local variable "t" needs to be cleared whether "calced" is 0 or 1.

Signed-off-by: 赵军涛 <d2014zjt@163.com>
2022-04-23 15:55:06 +03:00
Jouni Malinen
e7dd0fff1d wolfSSL: Use wc_HmacInit() to avoid potential use of uninitialized values
wc_HmacSetKey() seems to initialize everything that is needed for the
actual operation, but at least valgrind is reporting use of
uninitialized values when this was done on a data structure that was not
explicitly cleared.

Call wc_HmacInit() before wc_HmacSetKey() to avoid any unexpected
behavior from potentially uninitialized values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 15:45:31 +03:00
Jouni Malinen
f7be558d69 OpenSSL: Fix build with BoringSSL
SSL_CTX_set_dh_auto() is not available in BoringSSL even though it
claims to be based on OpenSSL 1.1.1 in OPENSSL_VERSION_NUMBER.

Fixes: ebb3055e13 ("OpenSSL: Generate DH parameters automatically if not set with dh_file")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 13:05:49 +03:00
Jouni Malinen
6d33ef362e OpenSSL: Remove compatibility options for older versions than 1.0.2
Anything older than OpenSSL 1.0.2 should not be used anymore, so drop
the build compatibility options for those old versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 13:02:37 +03:00
Jouni Malinen
78c2a4cd07 OpenSSL: Drop compatibility options for LibreSSL older than 2.7
Compilation was failing even with LibreSSL 2.7 versions, so there is no
point in maintaining these old compatibility options for older versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 12:52:27 +03:00
Jouni Malinen
b062507670 OpenSSL: Implement crypto_ecdh routines without EC_KEY for OpenSSL 3.0
OpenSSL 3.0 has deprecated the low-level EC_KEY functionality, so use
the EVP API (EVP_EC_gen() and EV_PKEY_derive()) for the crypto_ecdh
wrappers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 12:46:17 +03:00
Jouni Malinen
fc96f6802e OpenSSL: Use new name for the EC_POINT set/get coordinate functions
OpenSSL 1.1.1 deprecated the function names with the _GFp postfix, so
move to the new function name. Add backwards compatibility wrappers for
older versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 11:09:28 +03:00
Alan T. DeKok
f942149684 wpa_ctrl: Wait for a total of 10 seconds, not 10 seconds per iteration
EINTR will cause the loop to restart, which means that the total
time could be significantly longer than 10 seconds.

Signed-off-by: Alan DeKok <aland@deployingradius.com>
2022-04-18 17:18:40 +03:00
Jouni Malinen
0d9be88551 wolfSSL: Fix certificate commonName checking
wolfSSL_X509_NAME_get_index_by_NID() uses NID_* to identify the entry.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 16:45:42 +03:00
Jouni Malinen
94e0f39d97 wolfSSL: Use wolfSSL_export_keying_material() when available
This is needed to work with TLS 1.3 key derivation. It looks the needed
functionality was added in wolfSSL 4.7.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 16:27:47 +03:00
Jouni Malinen
c31fc7a64c wolfSSL: Fix crypto_dh_init() and dh5_init()
priv_sz and pub_sz needs to be initialized to the buffer size before the
wc_DhGenerateKeyPair() call. The previous version happened to work in
some cases where a separate handled prime length was used, but not for
the generic case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 11:03:55 +03:00
Jouni Malinen
d7b8c6eef2 wolfSSL: Fix crypto_ecdh_* with ECC_TIMING_RESISTANT
It looks like crypto_ecdh_set_peerkey() had started failing at some
point with a wolfSSL update due to ECC_TIMING_RESISTANT from
--enable-harden requiring RNG to be set.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 00:54:37 +03:00
Jouni Malinen
ae1fb64550 EAP-EKE server: Fix a memory leak on an error path
The allocated Response/Commit message was not freed if DH initialization
failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-17 23:37:50 +03:00
Juliusz Sosinowicz
166acab4e6 wolfSSL: TLS session caching
Add support for EAP server to cache TLS sessions (see hostapd
configuration parameter tls_session_lifetime).

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Juliusz Sosinowicz
12dee16d71 wolfSSL: Add a debug logging callback
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Juliusz Sosinowicz
a5d190650b wolfSSL: Implement tls_get_tls_unique()
This is needed for EAP-TEAP. This needs wolfSSL 5.0.0 or newer.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:50 +03:00
Juliusz Sosinowicz
a419fef367 wolfSSL: Implement tls_connection_get_cipher_suite()
This is needed for EAP-TEAP.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:41 +03:00
Juliusz Sosinowicz
364876b7da wolfSSL: Implement tls_connection_get_peer_subject()
This is needed for EAP-TEAP server implementation.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:36 +03:00
Juliusz Sosinowicz
d9c7164001 wolfSSL: Implement tls_connection_get_own_cert_used()
This is needed for EAP-TEAP client implementation. This needs wolfSSL
5.0.0 or newer.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:28 +03:00
Juliusz Sosinowicz
d677b9dc65 wolfSSL: Conditional build for aes_wrap/aes_unwrap()
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 21:47:43 +03:00
Nicolas Escande
3a759dcc8c ACS: Honor acs_exclude_dfs with hostapd's ACS implementation
The acs_exclude_dfs parameter is documented as a way to exclude DFS
channels when performing ACS without disabling DFS altogether. The
problem is this parameter is only enforced when ACS is offloaded to the
driver (WPA_DRIVER_FLAGS_ACS_OFFLOAD). So from now on, lets also check
acs_exclude_dfs in the internal ACS implementation to exclude channels
marked with radar detection.

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
2022-04-17 19:50:23 +03:00
Jouni Malinen
f5c711c855 OpenSSL: Unload providers only at process exit
The previous mechanism of unloaded the providers from tls_deinit() did
not work correctly for some cases. In particular, it was possible for
hostapd to end up unloading both providers and not being able to recover
from this if TLS server was not enabled.

Address this more cleanly by introducing a new crypto_unload() function
that will be called when the process is exiting.

Fixes: 097ca6bf0b ("OpenSSL: Unload providers on deinit")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 18:51:32 +03:00
John Crispin
33c4dd26cd BSS coloring: Handle the collision and CCA events coming from the kernel
This commit activates the functionality of the previous commits by
handling the actual events that will trigger the CCA process.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:30:30 +03:00
John Crispin
27b4cc712f nl80211: Handle driver events for BSS coloring
Process the color collision and color change related events.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:30:30 +03:00
John Crispin
399d6e64d9 nl80211: Add the switch_color() handler for BSS color changes
To start the CCA process we need to send NL80211_CMD_COLOR_CHANGE to the
kernel. This commit adds the required code.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:30:09 +03:00
John Crispin
86bd90eb37 BSS coloring: Disable BSS color during CCA
While we are doing CCA the BSS Color Disabled field inside the HE
Operation Parameters field needs to be set.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:13:51 +03:00
John Crispin
f7d0b740e7 BSS coloring: BSS Color Change Announcement element generation
This information element is similar to the CSA one. It contains a
counter and the target color. Once the counter expired, the change to
the new color happens.

Just note the current implementation is based on CCA counter attributes
that only take Beacon and Probe Response framesinto account.
(Re)Association Response frames do not currently have kernel APIs to
decrement the CCA counter since mediatek mcu firmware does not support
it yet and it will be added in future firmware release.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:13:08 +03:00
John Crispin
654d2395dd BSS coloring: Handling of collision events and triggering CCA
Add the core code for handling BSS color collision events and triggering
CCA inside the kernel. The caller of hostapd_switch_color() will be
added in the following commits.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:06:06 +03:00
Jouni Malinen
6a2a60f1db OpenSSL: Do not use the deprecated RSAPrivateKey function
Comment out the call to SSL_use_RSAPrivateKey_ASN1() function when using
OpenSSL 3.0 since that function was deprecated and there does not seem
to be any significant use case for supporting DER encoded RSAPrivateKey
structure in the private key blob.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 12:45:32 +03:00
Jouni Malinen
ebb3055e13 OpenSSL: Generate DH parameters automatically if not set with dh_file
This is the recommended way of using DH in OpenSSL TLS handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 11:38:44 +03:00
Jouni Malinen
bcd299b326 OpenSSL: Convert DH/DSA parameter loading to new API
OpenSSL 3.0 has deprecated low-level DH/DSA functions. Convert this
loading of the dh_file parameter to use newer API.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 11:32:21 +03:00
Jouni Malinen
28c1c91d03 Remove unused dh_blob parameter
This was used earlier in the wpa_supplicant configuration, but there was
no real use for that, so remove the now completely unused parameter to
simplify implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 10:45:17 +03:00
Jouni Malinen
4a774cf317 Remove useless DH file configuration from TLS library wrappers
These operations do not really have any effect since
tls_connection_set_params() is used only in the TLS client case and the
client receives the DH parameters from the server instead of local
configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00