Commit graph

8963 commits

Author SHA1 Message Date
Yu Wang
159e636132 QCA vendor command for CoAP offload processing
Add vendor command QCA_NL80211_VENDOR_SUBCMD_COAP_OFFLOAD to
enable/disable offload processing in firmware for CoAP messages
(RFC7252: The Constrained Application Protocol) or fetch the
CoAP messages cached during offload processing.

Signed-off-by: Yu Wang <quic_yyuwang@quicinc.com>
2022-06-30 15:43:54 +03:00
Jingxiang Ge
3b7bb17f69 Add QCA vendor attribute for TIM beacon statistics
Add the following two vendor attributes to send TIM beacon
statistics to userspace which can be used for power saving:
QCA_WLAN_VENDOR_ATTR_LL_STATS_TIM_BEACON
QCA_WLAN_VENDOR_ATTR_LL_STATS_TIM_BEACON_ERR

Signed-off-by: Jingxiang Ge <quic_jge@quicinc.com>
2022-06-30 15:30:10 +03:00
Vinay Gannevaram
09a281e52a Add QCA vendor interface for PASN offload to userspace
Define QCA vendor interface for PASN offload to userspace from the driver.

The driver can send this command as an event to a userspace component to
perform PASN authentication with a list of peers with which the driver
needs to do ranging. The userspace component, if capable of performing
PASN handshake, can perform PASN handshake with all the peer devices and
set the relevant keys by sending the
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT command for each peer
to the driver.

Once PASN handshake is completed with all requested peers, the userspace
component sends consolidated status for all the peers to the driver. The
consolidated report is required for the driver to understand that the
PASN handshake process is complete and whether it succeeded/failed for
each of the peers it was requested for. The secure ranging context is
configured only for the peers with which the PASN handshake succeeded.

When the driver requests PASN keys, the userspace component can set the
keys from its cache if those keys have not already expired and were
derived with the same source MAC address that is requested by the driver
instead of doing the full PASN handshake again.

If the driver detects that current keys of a peer are not valid anymore,
it sends a notification to userspace using the
QCA_NL80211_VENDOR_SUBCMD_PASN command and setting the action to
QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT. The userspace
component should delete the corresponding keys from its cache.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-06-23 21:50:04 +03:00
Purushottam Kushwaha
809fb96fa0 Add a vendor attribute to configure concurrency policy for AP interface
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG to
QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY sub command to set the
concurrency policy for AP interface.
QCA_WLAN_VENDOR_ATTR_CONCURRENT_POLICY_AP_CONFIG uses the values
defined in enum qca_wlan_concurrent_ap_policy_config to specify
concurrency policy.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2022-06-23 21:33:38 +03:00
Purushottam Kushwaha
a5754f531e Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY
Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY to
QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY to allow extension for other
interface type(s). A subsequent commit will extend the renamed
definitions in a manner that is inconsistent with the current naming.

This is a precursor for AP/P2P concurrency policy configuration support
via updated vendor command QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_POLICY.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2022-06-23 21:32:06 +03:00
Veerendranath Jakkam
085a3fc76e EHT: Add 320 channel width support
Add initial changes to support 320 MHz channel width.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Karthikeyan Periyasamy <quic_periyasa@quicinc.com>
2022-06-20 14:39:26 +03:00
Aleti Nageshwar Reddy
bafe35df03 Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h
Move most of CHANWIDTH_* definitions from ieee80211_defs.h to defs.h as
the definitions are getting used mostly for internal purpose only. Also
change prefix of the definitions to CONF_OPER_CHWIDTH_* and update in
all the files accordingly.

Leave the couple of VHT-specific exceptions to use the old defines (the
reason why they were originally added as VHT values), to avoid use of
clearly marked configuration values in information elements. In
addition, use the defines instead of magic values where appropriate.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2022-06-20 14:39:18 +03:00
Veerendranath Jakkam
3c2ba98add Add QCA vendor event to indicate driver recovery after internal failures
Add QCA vendor event to indicate user space that the driver recovery is
completed after the internal failure reported with
QCA_NL80211_VENDOR_SUBCMD_HANG.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-06-16 20:15:39 +03:00
Purushottam Kushwaha
8dd8267413 QCA vendor attribute to configure direct data path for audio traffic
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_AUDIO_DATA_PATH to
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to configure audio data
path.

Possible audio data paths are defined in enum qca_wlan_audio_data_path.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2022-06-16 17:49:45 +03:00
Kiran Kumar Lokere
504be2f9de QCA vendor command support to get WLAN radio combinations
Vendor command to get the WLAN radio combinations matrix supported by
the device which provides the device simultaneous radio configurations
such as standalone, dual band simultaneous, and single band
simultaneous.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-06-16 17:47:06 +03:00
Jouni Malinen
d5905dbc84 OCV: Check the Frequency Segment 1 Channel Number only on 80+80 MHz
The initial OCV implementation validating this field in the OCI element
for both the 80+80 MHz and 160 MHz cases. However, IEEE Std 802.11-2020,
12.2.9 ("Requirements for Operating Channel Validation") limitis that
verification step for the 80+80 MHz case: "Verifying that, if operating
an 80+80 MHz operating class, the frequency segment 1 channel number ...
is equal to the Frequency Segment 1 Channel Number field of the OCI."

Remove this check for the 160 MHz case since there has been incorrect
interpretation on how the Frequency Segment 1 Channel Number field of
the OCI element is set in this case (using VHT rules for CCFS2). The
modified validation step is meets the real need here, is compliant with
the standard, and avoids potential interoperability issues when using
contiguous 160 MHz channels.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-06-14 17:19:27 +03:00
Sreeramya Soratkal
4383528e01 P2P: Use weighted preferred channel list for channel selection
Previously, the driver could optionally (using QCA vendor command)
provide a preferred channel list to wpa_supplicant for channel selection
during the GO negotiation. Channel selection process can be more
efficient with the information of weights and flags of the preferred
channel list that can be provided by the driver. Use a weighted
preferred channel list provided by the driver for channel selection
during GO negotiation if such a list is available.

Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com>
2022-06-02 17:09:10 +03:00
Jianmin Zhu
f2c5c8d38f QCA vendor attribute to configure RX link speed threshold for roaming
Add QCA_ATTR_ROAM_CONTROL_RX_LINKSPEED_THRESHOLD value as the RX link
speed threshold to disable roaming. If the current link speed is above
the threshold, there is no need to roam.

Signed-off-by: Jianmin Zhu <quic_jianminz@quicinc.com>
2022-06-02 16:10:28 +03:00
Purushottam Kushwaha
94bc94b206 Add QCA vendor attribute for DO_ACS to allow using existing scan entries
Add a new QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME to
QCA_NL80211_VENDOR_SUBCMD_DO_ACS and opportunistically optimize time
taken for ACS scan. Avoid scanning the channels which were scanned
within last QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME milliseconds
and use scan results from the scan results cache for ACS scoring. For
other channels, perform ACS scan and use the received scan results.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-31 12:44:38 +03:00
Qiwei Cai
b9e2826b9d P2P: Filter 6 GHz channels if peer doesn't support them
When 6 GHz channels are included in channel list of P2P Action frames
but some peer devices don't support the 6 GHz feature and cannot parse
P2P IE data correctly, P2P handshake will fail.

Remove 6 GHz channels from the P2P Action frames if the peer doesn't
support 6 GHz feature to avoid such failures.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-31 12:41:48 +03:00
Vikram Kandukuri
d5a9944b84 Reserve QCA vendor sub command id 206..212
This is reserved for QCA use.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-31 12:09:52 +03:00
Jeff Johnson (QUIC)
ed63c286fc Remove space before tab in QCA vendor commands
A few of the comments in the QCA vendor commands have a space
character before a tab. That is pointless, and some code style
checkers may complain about it, so remove the spaces.

Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
2022-05-31 12:00:43 +03:00
Jouni Malinen
e4015440af ProxyARP: Clear bridge parameters on deinit only if hostapd set them
Skip the x_snoop_deinit() operations if hostapd did not actually
configure the parameters in the first place. While clearing these
specific parameters is unlikely to change how they were set outside the
scope of hostapd, it is better to leave them as-is to avoid surprises if
hostapd was not configured to use ProxyARP.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-31 11:53:05 +03:00
Jouni Malinen
cd92f7f98a FIPS PRF: Avoid duplicate SHA1Init() functionality
The initialization values used for the FIPS 186-2 PRF are identical to
the ones used in SHA1Init(), so use that internal function instead of
maintaining a duplicate set of values here. fips186_2_prf() was already
using an internal SHA1Transform() function so using another internal
function does not make this any worse.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-27 00:32:12 +03:00
Jouni Malinen
5c87fcc154 OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0
OpenSSL 3.0 has deprecated the low-level SHA1 functions and does not
include an upper layer interface that could be used to use the
SHA1_Transform() function. Use the internal SHA-1 implementation instead
as a workaround.

While this type of duplicate implementation of SHA-1 is not really
ideal, this PRF is needed only for EAP-SIM/AKA and there does not seem
to be sufficient justification to try to get this working more cleanly
with OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-27 00:32:10 +03:00
Jouni Malinen
c41004d861 OpenSSL: Convert more crypto_ec_key routines to new EVP API
This avoids some more uses of the deprecated EC_KEY API when using
OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:23 +03:00
Jouni Malinen
667a2959c2 OpenSSL: crypto_ec_key_get_public_key() using new EVP_PKEY API
Implement crypto_ec_key_get_public_key() without the deprecated EC_KEY
API when using OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:22 +03:00
Jouni Malinen
5b97395b3e OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API
Implement crypto_ec_key_get_private_key() without the deprecated EC_KEY
API when using OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:20 +03:00
Jouni Malinen
177ebfe109 crypto: Convert crypto_ec_key_get_public_key() to return new ec_point
This makes it easier for the crypto library/wrapper to avoid direct
references to internal EC key parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:19 +03:00
Jouni Malinen
26780d92f3 crypto: Convert crypto_ec_key_get_private_key() to return new bignum
This makes it easier for the crypto library/wrapper to avoid direct
references to internal EC key parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:18 +03:00
Jouni Malinen
c9c2c2d9c7 OpenSSL: Fix a memory leak on crypto_hash_init() error path
The EVP_MAC context data needs to be freed on error paths.

Fixes: e31500adea ("OpenSSL: Implement HMAC using the EVP_MAC API")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:17 +03:00
Jouni Malinen
6d19dccf94 OpenSSL: Free OSSL_DECODER_CTX in tls_global_dh()
The conversion to the new OpenSSL 3.0 API had forgotten to free the
context structure.

Fixes: bcd299b326 ("OpenSSL: Convert DH/DSA parameter loading to new API")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:16 +03:00
Jouni Malinen
4f4479ef9e OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API
Avoid using the deprecated EC_KEY API when building these functions with
OpenSSL 3.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-26 20:51:15 +03:00
Jouni Malinen
5636991749 EAP-SIM/AKA peer: IMSI privacy attribute
Extend IMSI privacy functionality to allow an attribute (in name=value
format) to be added using the new imsi_privacy_attr parameter.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-25 20:18:40 +03:00
Jouni Malinen
99165cc4b0 Rename wpa_supplicant imsi_privacy_key configuration parameter
Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:44:03 +03:00
Jouni Malinen
35eda6e700 EAP-SIM peer: Free imsi_privacy_key on an error path
This is an allocated resource so it needs to be free on the error path.

Fixes: 42871a5d25 ("EAP-SIM/AKA peer: IMSI privacy")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:34:08 +03:00
Jouni Malinen
d1652dc7cc OpenSSL: Refuse to accept expired RSA certificate
This is needed for IMSI privacy to avoid trying to use an expired public
key.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-24 00:32:56 +03:00
Jouni Malinen
866e7b7458 OpenSSL: Include rsa.h for OpenSSL 3.0
This is needed to get RSA_PKCS1_OAEP_PADDING.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 23:13:28 +03:00
Jouni Malinen
bc99366f9b OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1
Commit 9afb68b039 ("OpenSSL: Allow systemwide secpolicy overrides for
TLS version") with commit 58bbcfa31b ("OpenSSL: Update security level
drop for TLS 1.0/1.1 with OpenSSL 3.0") allow this workaround to be
enabled with an explicit network configuration parameter. However, the
default settings are still allowing TLS 1.0 and 1.1 to be negotiated
just to see them fail immediately when using OpenSSL 3.0. This is not
exactly helpful especially when the OpenSSL error message for this
particular case is "internal error" which does not really say anything
about the reason for the error.

It is is a bit inconvenient to update the security policy for this
particular issue based on the negotiated TLS version since that happens
in the middle of processing for the first message from the server.
However, this can be done by using the debug callback for printing out
the received TLS messages during processing.

Drop the OpenSSL security level to 0 if that is the only option to
continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed
in wpa_supplicant default configuration and OpenSSL 3.0 with the
constraint on MD5-SHA1 use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-22 17:01:35 +03:00
Jouni Malinen
ed325ff0f9 DPP: Allow TCP destination (address/port) to be used from peer URI
tcp_addr=from-uri can now be used as a special case for initiating
DPP-over-TCP to the destination indicated in the peer bootstrapping URI.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 22:53:36 +03:00
Jouni Malinen
37bb4178b5 DPP: Host information in bootstrapping URI
Parse the host information, if present, in bootstrapping URI and allow
such information to be added when generating the URI.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-19 17:55:25 +03:00
Jouni Malinen
1142b6e415 EHT: Do not check HE PHY capability info reserved fields
Only use the bandwidth bits that are applicable for the current
operating band. This avoids use of reserved bits when determining the
length of the Support EHT-MCS And NSS Set field length.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-16 19:39:57 +03:00
Jouni Malinen
bc36991791 Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4
IEEE Std 802.11-2020 is ambiguous on how the Secure bit is set in
EAPOL-Key msg 1/4 and 2/4 in the case where 4-way handshake is use to
rekey the PTK. 12.7.2 describes this with "set to 1 once the initial key
exchange is complete" while 12.7.6 shows EAPOL-Key msg 1/4 and 2/4 using
Secure=0 without any consideration on whether the handshake is for
rekeying.

TGme seems to be moving towards clarifying this to use Secure=1 based on
there being a shared PTKSA between the Authenticator and the Supplicant.
In other words, this would use Secure=1 in EAPOL-Key msg 1/4 and 2/4 in
the case of rekeying. Change implementation to match that. This bit was
already practically ignored on the reception side, so this should not
have impact on actual functionality beyond this one bit changing its
value in the frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-16 17:47:17 +03:00
Jouni Malinen
fc9648a6a1 DPP: Debug print if not relay is available for PKEX exchange
This makes it easier to see what happened with the received PKEX frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 17:25:09 +03:00
Jouni Malinen
1739d50c20 FST: More robust bounds checking of local data in fst_dump_mb_ies()
Check the full MBIE length against the buffer length explicitly before
the debug print. This is for locally generated data, so the bounds
checking is not critical here, but it is better to use proper checking
anyway to avoid static analyzer complaints.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 17:18:58 +03:00
Jouni Malinen
77bb12a604 P2P: Maintain ip_pool bitfield index separately
Avoid the somewhat confusing mechanism of determining the bitfield index
from the assigned IP address to make this easier for static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:59:31 +03:00
Jouni Malinen
2982e50c15 EAP-SAKA: Simplify attribute parser for static analyzers
Make bounds checking in eap_sake_parse_attributes() easier to analyze.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:53:38 +03:00
Jouni Malinen
6e8518749f GAS: Limit maximum comeback delay value
Limit the GAS comeback delay to 60000 TUs, i.e., about 60 seconds. This
is mostly to silence static analyzers that complain about unbounded
value from external sources even though this is clearly bounded by being
a 16-bit value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:41:37 +03:00
Jouni Malinen
f8615990e2 Simplify wpa_parse_kde_ies()
Use a local variable to store the full IE length instead of calculating
it multiple times.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:36:09 +03:00
Jouni Malinen
61d37f44b7 Simplify wpa_parse_generic()
Use local variables and common checking of the selector (or vendor
specific IE header) to make the bounds checking easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:36:09 +03:00
Jouni Malinen
469528a6e5 BSS coloring: Fix bitmap check
BIT(r) is not sufficient here since it does not cover 64 bit values.
Write this out with 1ULL to be large enough for the shift operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:36:09 +03:00
Jouni Malinen
8392c86df0 Check he_cap pointer in hostapd_set_freq_params() consistently
The EHT changes made this checking inconsistent. If he_cap can be NULL
in case of EHT being enabled, better make sure it does not get
dereferenced without an explicit check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 00:39:20 +03:00
Jouni Malinen
2227c85a94 DPP: Verify that crypto_ec_point_to_bin() succeeds
This is testing code, but it's better to check the return value
explicitly even if this were not really able to fail in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 00:31:25 +03:00
Jouni Malinen
a8c3199527 nl80211: Verify that nla_put_flag() succeeds for background radar
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 00:29:48 +03:00
Jouni Malinen
993eb12407 FST: Make sure get_hw_modes() callback is set for hostapd
It looks like fst_wpa_obj::get_hw_modes would have been left
uninitialized in hostapd. It is not obviously clear why this would not
have caused issues earlier, but in any case, better make this set
properly to allow unexpected behavior should that function pointer ever
be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 00:27:51 +03:00
Jouni Malinen
4537fe124a P2P: Explicit nul termination of the generated passphrase
Nul terminate the struct p2p_go_neg_results::passphrase explicitly to
keep static analyzers happier. This was already nul terminated in
practice due to the full array being cleared to zero on initialization,
but that was apparently not clear enough for some analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 23:59:23 +03:00
Tova Mussai
3b8d9da9b5 nl80211: Set NL80211_SCAN_FLAG_COLOCATED_6GHZ in scan
Set NL80211_SCAN_FLAG_COLOCATED_6GHZ in the scan parameters to enable
scanning for co-located APs discovered based on neighbor reports from
the 2.4/5 GHz bands when not scanning passively. Do so only when
collocated scanning is not disabled by higher layer logic.

Signed-off-by: Tova Mussai <tova.mussai@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2022-05-07 21:37:08 +03:00
MeiChia Chiu
96a7f38329 hostapd: Add the destination address of unsolicited Probe Response frame
Without this, hostapd generates Probe Response frames with the null
destination address when hostapd enables unsolicited Probe Response
frame transmission. Fix this to use the broadcast address instead.

Fixes: 024b4b2a29 ("AP: Unsolicited broadcast Probe Response configuration")
Signed-off-by: MeiChia Chiu <meichia.chiu@mediatek.com>
2022-05-07 21:37:08 +03:00
Jouni Malinen
8690374439 Discard unencrypted EAPOL/EAP when TK is set and PMF is enabled (AP)
RSN design is supposed to encrypt all Data frames, including EAPOL
frames, once the TK has been configured. However, there are deployed
implementations that do not really follow this design and there are
various examples from the older uses of EAPOL frame where those frames
were not encrypted. As such, strict filtering of unencrypted EAPOL
frames might results in undesired interoperation issues.

However, some of the most important cases of missing EAPOL frame
encryption should be possible to handle without causing too significant
issues. These are for cases where an attacker could potentially cause an
existing association to be dropped when PMF is used. EAPOL-Start and
EAPOL-Logoff are potential candidate for such attacks since those frames
could be used to terminate an authentication or initiate a new EAP
authentication. Such an attack could result in the station ending up
disconnecting or at minimum, getting into somewhat mismatching state
with the AP.

Drop EAPOL-Start/Logoff/EAP frames on the AP/Authenticator when it is
known that it was not encrypted but should have been and when PMF is
enabled. While it would be correct to drop this even without PMF, that
does not provide any significant benefit since it is trivial to force
disconnection in no-PMF cases. It should also be noted that not all
drivers provide information about the encryption status of the EAPOL
frames and this change has no impact with drivers that do not indicate
whether the frame was encrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
3c2fbe9f56 Discard unencrypted EAPOL-EAP when TK is set and PMF is enabled
RSN design is supposed to encrypt all Data frames, including EAPOL
frames, once the TK has been configured. However, there are deployed
implementations that do not really follow this design and there are
various examples from the older uses of EAPOL frame where those frames
were not encrypted. As such, strict filtering of unencrypted EAPOL
frames might results in undesired interoperation issues.

However, some of the most important cases of missing EAPOL frame
encryption should be possible to handle without causing too significant
issues. These are for cases where an attacker could potentially cause an
existing association to be dropped when PMF is used. EAP-Request is one
potential candidate for such attacks since that frame could be used to
initiate a new EAP authentication and the AP/Authenticator might not
allow that to complete or a large number of EAP-Request frames could be
injected to exceed the maximum number of EAP frames. Such an attack
could result in the station ending up disconnecting or at minimum,
getting into somewhat mismatching state with the AP.

Drop EAPOL-EAP frames when it is known that it was not encrypted but
should have been and when PMF is enabled. While it would be correct to
drop this even without PMF, that does not provide any significant
benefit since it is trivial to force disconnection in no-PMF cases. It
should also be noted that not all drivers provide information about the
encryption status of the EAPOL frames and this change has no impact with
drivers that do not indicate whether the frame was encrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
872a57500c Discard unencrypted EAPOL-Key msg 1/4 when TK is set and PMF is enabled
RSN design is supposed to encrypt all Data frames, including EAPOL
frames, once the TK has been configured. However, there are deployed
implementations that do not really follow this design and there are
various examples from the older uses of EAPOL frame where those frames
were not encrypted. As such, strict filtering of unencrypted EAPOL
frames might results in undesired interoperation issues.

However, some of the most important cases of missing EAPOL frame
encryption should be possible to handle without causing too significant
issues. These are for cases where an attacker could potentially cause an
existing association to be dropped when PMF is used. EAPOL-Key msg 1/4
is one potential candidate for such attacks since that frame could be
used to initiate a 4-way handshake that the real AP might never complete
and the station might end up disconnecting because of that or at
minimum, getting into somewhat mismatching state with the AP.

Drop EAPOL-Key msg 1/4 when it is known that it was not encrypted but
should have been and when PMF is enabled. While it would be correct to
drop this even without PMF, that does not provide any significant
benefit since it is trivial to force disconnection in no-PMF cases. It
should also be noted that not all drivers provide information about the
encryption status of the EAPOL frames and this change has no impact with
drivers that do not indicate whether the frame was encrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
e6c0e12158 Do not prevent Michael MIC error report based on disallowed PTK0 rekey
EAPOL-Key Request frame with Error=1 is not really a request for a new
key, so allow that frame to be sent even if PTK0 rekey is not allowed
since the supplicant is required to report Michael MIC errors to the
authenticator.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:08 +03:00
Jouni Malinen
18c0ac8901 Provide information about the encryption status of received EAPOL frames
This information was already available from the nl80211 control port RX
path, but it was not provided to upper layers within wpa_supplicant and
hostapd. It can be helpful, so parse the information from the driver
event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:03 +03:00
Jouni Malinen
7ee814201b FILS: Set pairwise_set when configuring TK after association
sm->pairwise_set needs to be set whenever the TK has been configured to
the driver to request following EAPOL frames to be encrypted (or more
specifically, not to request them to not be encrypted). The FILS case
missed this setting and that could result in rekeying or
reauthentication in an associated started with FILS not working
correctly.

Fixes: da24c5aa1c ("FILS: Set TK after association (AP)")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 20:36:49 +03:00
Jouni Malinen
98278c0de0 Fix no_encrypt flag in control port TX for rekeying
The wpa_supplicant check for whether a TK is configured into the driver
was broken during the time this information is needed for rekeying or
reauthenticating with another 4-way handshake. sm->ptk.installed is not
set at the point the EAPOL-Key msg 4/4 is sent and while that means the
initial 4-way handshake needs to prevent encryption, the consecutive
4-way handshake must not be doing that since the old key (TK) is still
in the driver. Fix this so that the EAPOL-Key msg 4/4 during rekeying
does not get transmitted without encryption.

Fixes: a79ed06871 ("Add no_encrypt flag for control port TX")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 18:54:09 +03:00
Domien Schepers
b1172c19e1 WPA: Discard EAPOL-Key msg 1/4 with corrupted information elements
Currently a corrupted handshake message 1/4 causes the client to
disconnect from the network. This can lead to a denial-of-service
vulnerability allowing an adversary to forcibly disconnect a client from
protected networks even when Wi-Fi Management Frame Protection (MFP) is
enforced if the driver allows unencrypted EAPOL-Key frames to be
received after key configuration..

Fix this by discarding the corrupted handshake message 1/4.

This issue was discovered by Domien Schepers (Northeastern University)
and Mathy Vanhoef (imec-DistriNet, KU Leuven).

Signed-off-by: Domien Schepers <schepers.d@northeastern.edu>
2022-05-07 18:54:09 +03:00
Jouni Malinen
7a7a4ea578 Check need for SA Query/assoc comeback before updating RSNE parameters
wpa_validate_wpa_ie() might update sm->* values, so it should not be
allowed for an existing STA entry if that STA has negotiated MFP to be
used for the association. Fix this by first checking whether an SA Query
procedure needs to be initiated. In particular, this prevents a
potential bypass of the disconnection protection.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-07 18:52:13 +03:00
Veerendranath Jakkam
27e828d728 ACS: Send EHT enabled info to driver
The driver can consider EHT specific parameters such as the puncture
pattern for ACS when this flag attribute is indicated by userspace.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:25:44 +03:00
Veerendranath Jakkam
82066bd367 nl80211: Don't force VHT channel definition with EHT
Add a check to avoid sending VHT channel definition when EHT is enabled
in the 2.4 GHz band since the 2.4 GHz band isn't supposed to use VHT
operations. Also add EHT enabled info into debug prints.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:23:51 +03:00
Veerendranath Jakkam
43fe1ce35d EHT: Add [EHT] flag into AP mode STA command
This indicates whether an associated stations supports EHT.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:21:35 +03:00
Veerendranath Jakkam
4994c41f22 EHT: Indicate ieee80211be configuration in hostapd STATUS output
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:20:15 +03:00
Veerendranath Jakkam
50d8837106 EHT: Fix invalid length checking for EHT Capability element
Do not consider optional octets maximum lengths when validating EHT
fixed fields length. Furthermore, do not use the first two octets of the
PPE Thresholds field without explicitly confirming that these octets
were included in the element and fix PPE Thresholds field length
calculation.

Fixes: a6d1b4c46c ("EHT: Process (Re)Association Request frame capabilities")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-05-05 13:19:56 +03:00
Sunil Ravi
2c78f11a9f Fix compilation due to forward declaration of macaddr_acl
enum macaddr_acl is forward declared in wpa_supplicant/ap.h.
c++ compiler doesn't allow forward declaration. So to fix the
compilation error, moved the enum macaddr_acl declaration out
of struct hostapd_bss_config.

Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-05-05 13:04:13 +03:00
Jouni Malinen
c8e822801d OpenSSL: Fix build with old library versions that do not support TLS 1.3
The OCSP check here is specific to TLS 1.3 and the TLS1_3_VERSION value
is not available in older library versions. Comment this check out from
such cases since it is not applicable with such an old library.

Fixes: 10746875e2 ("OpenSSL: Allow no OCSP response when resuming a session with TLS 1.3")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 13:04:13 +03:00
Jouni Malinen
c24e18e5c5 LibreSSL: Fix compilation issue with TLS 1.3 session ticket limit
LibreSSL does not seem have SSL_CTX_set_num_tickets(), so comment out
these not really critical calls when building with that library.

Fixes: 81e2498889 ("OpenSSL: Limit the number of TLS 1.3 session tickets to one")
Fixes: decac7cd1e ("OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 13:03:59 +03:00
Jouni Malinen
eb5e639856 LibreSSL: Fix compilation issue with RSA-OAEP
EVP_PKEY_CTX_set_rsa_oaep_md() does not seem to be available in
LibreSSL, so for now, comment out this functionality whenever building
with that library.

Fixes: 36b11bbcff ("OpenSSL: RSA-OAEP-SHA-256 encryption/decryption")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 13:02:12 +03:00
Sunil Ravi
5d56cf1c71 BoringSSL: Fix compilation error due to TLS 1.3 session tickets
SSL_CTX_set_num_tickets() is not available in boringSSL.
So protect the call to SSL_CTX_set_num_tickets() under
!defined(OPENSSL_IS_BORINGSSL) to fix the compilation error.

Fixes: decac7cd1e ("OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled")
Fixes: 81e2498889 ("OpenSSL: Limit the number of TLS 1.3 session tickets to one")
Signed-off-by: Sunil Ravi <sunilravi@google.com>
2022-05-05 13:01:33 +03:00
Jouni Malinen
a561d12d24 EAP peer status notification for server not supporting RFC 5746
Add a notification message to indicate reason for TLS handshake failure
due to the server not supporting safe renegotiation (RFC 5746).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 00:21:46 +03:00
Jouni Malinen
566ce69a8d EAP peer: Workaround for servers that do not support safe TLS renegotiation
The TLS protocol design for renegotiation was identified to have a
significant security flaw in 2009 and an extension to secure this design
was published in 2010 (RFC 5746). However, some old RADIUS
authentication servers without support for this are still used commonly.

This is obviously not good from the security view point, but since there
are cases where the user of a network service has no realistic means for
getting the authentication server upgraded, TLS handshake may still need
to be allowed to be able to use the network.

OpenSSL 3.0 disabled the client side workaround by default and this
resulted in issues connection to some networks with insecure
authentication servers. With OpenSSL 3.0, the client is now enforcing
security by refusing to authenticate with such servers. The pre-3.0
behavior of ignoring this issue and leaving security to the server can
now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1.
This should be used only when having to connect to a network that has an
insecure authentication server that cannot be upgraded.

The old (pre-2010) TLS renegotiation mechanism might open security
vulnerabilities if the authentication server were to allow TLS
renegotiation to be initiated. While this is unlikely to cause real
issues with EAP-TLS, there might be cases where use of PEAP or TTLS with
an authentication server that does not support RFC 5746 might result in
a security vulnerability.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-05 00:20:19 +03:00
Jouni Malinen
ccb3206b61 Fix tls_connection_set_success_data() in TLS library wrappers
Some of the TLS library wrappers defined only an empty function for
tls_connection_set_success_data(). That could result in memory leaks in
TLS server cases, so update these to do the minimal thing and free the
provided buffer as unused.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-04 00:05:09 +03:00
Jouni Malinen
decac7cd1e OpenSSL: Do not send out a TLS 1.3 session ticket if caching disabled
Do not provide TLS 1.3 session tickets if session caching is disabled.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 18:07:50 +03:00
Jouni Malinen
05406f7ae8 EAP-PEAP server: Fix TLS 1.3 move to Phase 2 without a new session ticket
When a new session ticket is not issued to the peer, Phase 2 identity
request need to be sent out as a response to the Finished message from
the peer. Fix this to allow the TLS server to be configured to not send
out a new session ticket when using TLS 1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 18:07:50 +03:00
Jouni Malinen
10746875e2 OpenSSL: Allow no OCSP response when resuming a session with TLS 1.3
TLS 1.3 sends the OCSP response with the server Certificate message.
Since that Certificate message is not sent when resuming a session,
there can be no new OCSP response. Allow this since the OCSP response
was validated when checking the initial certificate exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 18:07:43 +03:00
Jouni Malinen
2be1bcaf74 EAP-TLS peer: Fix protected success indication check for resumed session
The internal flag prot_success_received was not cleared between the
sessions and that resulted in the resumed session not mandating the
protected success indication to be received. Fix this by clearing the
internal flag so that the EAP-TLS handshake using session resumption
with TLS 1.3 takes care of the required check before marking the
authentication successfully completed. This will make the EAP-TLS peer
reject an EAP-Success message should it be received without the
protected success indication.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 17:16:44 +03:00
Jouni Malinen
1c66276d9a EAP-TLS server: Send final TLS message for resumed session with TLS 1.3
The final message with NewSessionTicket and ApplicationData(0x00) was
already generated, but that was not sent out due the session considered
to be already completed. Fix this by actually sending out that message
to allow the peer to receive the new session ticket and protected
success indication when using resuming a session with TLS 1.3.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 17:16:44 +03:00
Jouni Malinen
81e2498889 OpenSSL: Limit the number of TLS 1.3 session tickets to one
One session ticket is sufficient for EAP-TLS, so do not bother
generating more than a single session ticket.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-02 17:16:39 +03:00
Alexander Clouter
a8d058c939 OpenSSL: SSLKEYLOGFILE capability to allow Wireshark TLS decoding
A port of the trivial patch I wrote for FreeRADIUS to allow TLS decoding
in Wireshark for hostapd/wpa_supplicant:

df0eb0a884

Signed-off-by: Alexander Clouter <alex@coremem.com>
2022-05-01 18:23:59 +03:00
Juliusz Sosinowicz
23f389068e wolfSSL: Fix OCSP stapling
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:27:04 +03:00
Juliusz Sosinowicz
a2971f8d8e wolfSSL: Allow TLS version 1.3 to be disabled
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:26:59 +03:00
Juliusz Sosinowicz
a40e48fbe1 wolfSSL: Fix TLS 1.3 session handling
Uses the changes to wolfSSL found in
https://github.com/wolfSSL/wolfssl/pull/5078

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:26:52 +03:00
Juliusz Sosinowicz
0c3f68f2a0 wolfSSL: Check for the too-short-password error in pbkdf2_sha1()
This may fail with FIPS builds because the FIPS requirement is that the
password must be at least 14 characters.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:13:34 +03:00
Juliusz Sosinowicz
ca26224815 Check the return of pbkdf2_sha1() for errors
pbkdf2_sha1() may return errors and this should be checked in calls.
This is especially an issue with FIPS builds because the FIPS
requirement is that the password must be at least 14 characters.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:13:31 +03:00
Juliusz Sosinowicz
013cd694d9 wolfSSL: Fixes for FIPS builds
Some API is not available when using FIPS. We need to allocate memory
and initialize the structs directly.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:04:16 +03:00
Juliusz Sosinowicz
9d5f8168fc wolfSSL: Register a FIPS callback
Register a callback with wolfCrypt_SetCb_fips to inform the user of
errors in the wolfCrypt FIPS module.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:03:50 +03:00
Juliusz Sosinowicz
8f36e6c0f4 wolfSSL: Implement crypto_ec_key wrappers
These are needed to support SAEK-PK with the wolfSSL backend.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 17:01:34 +03:00
Juliusz Sosinowicz
1f7e10177a wolfSSL: Add missing free calls for wolfSSL structs
In some configurations the wc_Init*() functions may either allocate
memory or other system resources. These resources need to be freed.

Co-authored-by: JacobBarthelmeh <jacob@wolfssl.com>
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 16:35:36 +03:00
Juliusz Sosinowicz
ec1cd91e72 wolfSSL: Support both DER and PEM blobs
Add support for loading private keys and certificates in both PEM and
DER formats with wolfSSL.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-05-01 16:34:39 +03:00
Jouni Malinen
42871a5d25 EAP-SIM/AKA peer: IMSI privacy
Add support for IMSI privacy in the EAP-SIM/AKA peer implementation. If
the new wpa_supplicant network configuration parameter imsi_privacy_key
is used to specify an RSA public key in a form of a PEM encoded X.509v3
certificate, that key will be used to encrypt the permanent identity
(IMSI) in the transmitted EAP messages.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
21098e39fe EAP-SIM/AKA server: IMSI privacy
Add support for IMSI privacy in the EAP-SIM/AKA server implementation.
If the new hostapd configuration parameter imsi_privacy_key is used to
specify an RSA private key, that key will be used to decrypt encrypted
permanent identity.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:16 +03:00
Jouni Malinen
36b11bbcff OpenSSL: RSA-OAEP-SHA-256 encryption/decryption
Add new crypto wrappers for performing RSA-OAEP-SHA-256 encryption and
decryption. These are needed for IMSI privacy.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-05-01 16:25:06 +03:00
Muna Sinada
c3d389b72f EHT: Channel switch command support
Add option to hostapd control interface CHAN_SWITCH command to allow
switch in EHT mode.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:44:18 +03:00
Muna Sinada
dae7940a48 EHT: Additions to hostapd_set_freq_params()
Modify hostapd_set_freq_params() to include EHT parameters and update
the calling functions to match.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:40:13 +03:00
Aloka Dixit
e646b11fea EHT: Indicate EHT support in Neighbor Report element
Set bit 21 in the neighbor report for an EHT AP as described in IEEE
P802.11be/D1.5, 9.4.2.36. Also move the check for HE outside the check
for HT as neither HT nor VHT are enabled in the 6 GHz band.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:30:26 +03:00
Aloka Dixit
f915d52dee EHT: Provide EHT capabilities in STA addition path
Add support for EHT capabilities in the addition of a new station entry
to the driver.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
a6d1b4c46c EHT: Process (Re)Association Request frame capabilities
Parse EHT capabilities sent by a non-AP STA in (Re)Association Request
frames. Validate the length of the element, matching MCS rates between
AP TX and STA RX. Store the capabilities in the station info structure.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
340c0e2122 EHT: Parse elements received in Management frames
Parse and store pointers to EHT Capabilities and Operation elements
received in Management frames.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
d54e3d0495 EHT: Add operation element in AP mode Management frames
Add EHT Operation element in Beacon, Probe Response, and (Re)Association
Response frames using the format described in IEEE P802.11be/D1.5,
9.4.2.311.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
9b7202d665 EHT: Add capabilities element in AP mode Management frames
Add EHT Capabilities element in Beacon, Probe Response, and
(Re)Association Response frames.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:40 +03:00
Aloka Dixit
a7ea721889 EHT: Add configuration options for beamforming capabilities
Add configuration options to set EHT SU/MU beamforming capabilities.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:39 +03:00
Aloka Dixit
8db3881c76 EHT: Add operating channel width configuration
Add new configuration options to configure EHT operating channel
width and center frequency.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:39 +03:00
Aloka Dixit
8dcc2139ff EHT: AP mode configuration options to enable/disable the support
Add compilation support for IEEE 802.11be along with options to enable
EHT support per radio and disable per interface.

Enabling HE is mandatory to enable EHT mode.

Tested-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:28:39 +03:00
Aloka Dixit
9f7da264bd nl80211: Pass station's EHT capabilities to the driver in sta_add()
Pass non-AP STA's EHT capabilities to the driver using the
NL80211_ATTR_EHT_CAPABILITY attribute.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 17:27:52 +03:00
Aloka Dixit
0c8a9aa5d2 nl80211: Parse EHT capabilities from the driver
Add nl80211 support to parse the EHT capabilities passed by the kernel
using new attributes added in NL80211_BAND_ATTR_IFTYPE_DATA.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 15:31:07 +03:00
Aloka Dixit
c08b735fdb EHT: Define EHT elements
Define the following fields described in IEEE P802.11be/D1.5:
- 9.4.2.311 EHT Operation element
- 9.4.2.313 EHT Capabilities element

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-29 15:13:08 +03:00
Jouni Malinen
86310c2202 Set hostapd hw_mode automatically based on 6 GHz op_class
Allow hostapd configuration to specify use of the 6 GHz band with the
specific op_class values without having to set the hw_mode=a parameter
explicitly.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-29 11:19:43 +03:00
Jouni Malinen
664fd83d59 nl80211: Increase the buffer length for debug printing channels
The previously used buffer was not large enough to be able to print out
all 6 GHz channels, so use a larger buffer to avoid leaving out
supported channels from the debug print.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-28 21:15:41 +03:00
Gururaj Pandurangi
563162a5f5 QCA vendor attribute to allow eMLSR HW mode
Add QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_11BE_EMLSR_MODE value to allow
or disallow eMLSR hardware mode for IEEE 802.11be MLO capable devices.
If this attribute is set to 1, and if the firmware supports this
capability too, the STA advertises this capability to the AP over
Association Request frame. This attribute will not have any effect on
legacy devices with no IEEE 802.11be support.

Signed-off-by: Gururaj Pandurangi <quic_panduran@quicinc.com>
2022-04-28 21:09:41 +03:00
Jouni Malinen
1e34bc49cd OpenSSL: Track SSL_SESSION ex data separately
It looks like the OpenSSL callbacks for SSL_SESSION can end up calling
the remove callback for multiple SSL_SESSION entries that share the same
ex data. This could result in double freeing the session data on the
server side.

Track the SSL_SESSION ex data in a separate list and free the
allocations only if they are pointing to a valid allocated wpabuf
pointer.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-27 20:43:41 +03:00
Jouni Malinen
284e3ad196 Determine whether Beacon frame information is newer in scan results
It can be helpful to know whether the information elements from the
Beacon frame or the Probe Response frame are newer when using BSS table
entries, so make this information known, if available. This allows the
Beacon frame elements to be preferred over the Probe Response frame
elements when desired.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-24 12:08:28 +03:00
Ben Greear
f1686d7761 hostapd: Allow enabling background radar
This feature does not work on all radios that advertise this feature
with the current driver implementation, and possibly some users don't
want to use it even if it works fine, so disable it by default for now,
but let users enable it as desired with enable_background_radar=1.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2022-04-23 23:38:58 +03:00
Jouni Malinen
08d7738bb2 wolfSSL: Speed up crypto_ec_point_compute_y_sqr()
Optimize the calculation by computing (x^2 + a) first to get rid of one
separate multiplication by x.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 16:12:49 +03:00
Jouni Malinen
f50d5c9a83 wolfSSL: Fix crypto_ec_point_compute_y_sqr() error case processing
The result (y2) was cleared and freed in error cases, but the pointer
itself was not cleared to NULL, so the error path would have returned a
pointer to freed memory. Fix this by properly clearing the return value
in error cases. In addition, simplify the function to avoid tracking
success case separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 16:04:49 +03:00
赵军涛
7302aa7614 wolfSSL: Fix the memory leak of crypto_ec_point_compute_y_sqr()
Local variable "t" needs to be cleared whether "calced" is 0 or 1.

Signed-off-by: 赵军涛 <d2014zjt@163.com>
2022-04-23 15:55:06 +03:00
Jouni Malinen
e7dd0fff1d wolfSSL: Use wc_HmacInit() to avoid potential use of uninitialized values
wc_HmacSetKey() seems to initialize everything that is needed for the
actual operation, but at least valgrind is reporting use of
uninitialized values when this was done on a data structure that was not
explicitly cleared.

Call wc_HmacInit() before wc_HmacSetKey() to avoid any unexpected
behavior from potentially uninitialized values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 15:45:31 +03:00
Jouni Malinen
f7be558d69 OpenSSL: Fix build with BoringSSL
SSL_CTX_set_dh_auto() is not available in BoringSSL even though it
claims to be based on OpenSSL 1.1.1 in OPENSSL_VERSION_NUMBER.

Fixes: ebb3055e13 ("OpenSSL: Generate DH parameters automatically if not set with dh_file")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 13:05:49 +03:00
Jouni Malinen
6d33ef362e OpenSSL: Remove compatibility options for older versions than 1.0.2
Anything older than OpenSSL 1.0.2 should not be used anymore, so drop
the build compatibility options for those old versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 13:02:37 +03:00
Jouni Malinen
78c2a4cd07 OpenSSL: Drop compatibility options for LibreSSL older than 2.7
Compilation was failing even with LibreSSL 2.7 versions, so there is no
point in maintaining these old compatibility options for older versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 12:52:27 +03:00
Jouni Malinen
b062507670 OpenSSL: Implement crypto_ecdh routines without EC_KEY for OpenSSL 3.0
OpenSSL 3.0 has deprecated the low-level EC_KEY functionality, so use
the EVP API (EVP_EC_gen() and EV_PKEY_derive()) for the crypto_ecdh
wrappers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 12:46:17 +03:00
Jouni Malinen
fc96f6802e OpenSSL: Use new name for the EC_POINT set/get coordinate functions
OpenSSL 1.1.1 deprecated the function names with the _GFp postfix, so
move to the new function name. Add backwards compatibility wrappers for
older versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-23 11:09:28 +03:00
Alan T. DeKok
f942149684 wpa_ctrl: Wait for a total of 10 seconds, not 10 seconds per iteration
EINTR will cause the loop to restart, which means that the total
time could be significantly longer than 10 seconds.

Signed-off-by: Alan DeKok <aland@deployingradius.com>
2022-04-18 17:18:40 +03:00
Jouni Malinen
0d9be88551 wolfSSL: Fix certificate commonName checking
wolfSSL_X509_NAME_get_index_by_NID() uses NID_* to identify the entry.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 16:45:42 +03:00
Jouni Malinen
94e0f39d97 wolfSSL: Use wolfSSL_export_keying_material() when available
This is needed to work with TLS 1.3 key derivation. It looks the needed
functionality was added in wolfSSL 4.7.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 16:27:47 +03:00
Jouni Malinen
c31fc7a64c wolfSSL: Fix crypto_dh_init() and dh5_init()
priv_sz and pub_sz needs to be initialized to the buffer size before the
wc_DhGenerateKeyPair() call. The previous version happened to work in
some cases where a separate handled prime length was used, but not for
the generic case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 11:03:55 +03:00
Jouni Malinen
d7b8c6eef2 wolfSSL: Fix crypto_ecdh_* with ECC_TIMING_RESISTANT
It looks like crypto_ecdh_set_peerkey() had started failing at some
point with a wolfSSL update due to ECC_TIMING_RESISTANT from
--enable-harden requiring RNG to be set.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-18 00:54:37 +03:00
Jouni Malinen
ae1fb64550 EAP-EKE server: Fix a memory leak on an error path
The allocated Response/Commit message was not freed if DH initialization
failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-17 23:37:50 +03:00
Juliusz Sosinowicz
166acab4e6 wolfSSL: TLS session caching
Add support for EAP server to cache TLS sessions (see hostapd
configuration parameter tls_session_lifetime).

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Juliusz Sosinowicz
12dee16d71 wolfSSL: Add a debug logging callback
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:55 +03:00
Juliusz Sosinowicz
a5d190650b wolfSSL: Implement tls_get_tls_unique()
This is needed for EAP-TEAP. This needs wolfSSL 5.0.0 or newer.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:50 +03:00
Juliusz Sosinowicz
a419fef367 wolfSSL: Implement tls_connection_get_cipher_suite()
This is needed for EAP-TEAP.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:41 +03:00
Juliusz Sosinowicz
364876b7da wolfSSL: Implement tls_connection_get_peer_subject()
This is needed for EAP-TEAP server implementation.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:36 +03:00
Juliusz Sosinowicz
d9c7164001 wolfSSL: Implement tls_connection_get_own_cert_used()
This is needed for EAP-TEAP client implementation. This needs wolfSSL
5.0.0 or newer.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 22:02:28 +03:00
Juliusz Sosinowicz
d677b9dc65 wolfSSL: Conditional build for aes_wrap/aes_unwrap()
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-17 21:47:43 +03:00
Nicolas Escande
3a759dcc8c ACS: Honor acs_exclude_dfs with hostapd's ACS implementation
The acs_exclude_dfs parameter is documented as a way to exclude DFS
channels when performing ACS without disabling DFS altogether. The
problem is this parameter is only enforced when ACS is offloaded to the
driver (WPA_DRIVER_FLAGS_ACS_OFFLOAD). So from now on, lets also check
acs_exclude_dfs in the internal ACS implementation to exclude channels
marked with radar detection.

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
2022-04-17 19:50:23 +03:00
Jouni Malinen
f5c711c855 OpenSSL: Unload providers only at process exit
The previous mechanism of unloaded the providers from tls_deinit() did
not work correctly for some cases. In particular, it was possible for
hostapd to end up unloading both providers and not being able to recover
from this if TLS server was not enabled.

Address this more cleanly by introducing a new crypto_unload() function
that will be called when the process is exiting.

Fixes: 097ca6bf0b ("OpenSSL: Unload providers on deinit")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 18:51:32 +03:00
John Crispin
33c4dd26cd BSS coloring: Handle the collision and CCA events coming from the kernel
This commit activates the functionality of the previous commits by
handling the actual events that will trigger the CCA process.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:30:30 +03:00
John Crispin
27b4cc712f nl80211: Handle driver events for BSS coloring
Process the color collision and color change related events.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:30:30 +03:00
John Crispin
399d6e64d9 nl80211: Add the switch_color() handler for BSS color changes
To start the CCA process we need to send NL80211_CMD_COLOR_CHANGE to the
kernel. This commit adds the required code.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:30:09 +03:00
John Crispin
86bd90eb37 BSS coloring: Disable BSS color during CCA
While we are doing CCA the BSS Color Disabled field inside the HE
Operation Parameters field needs to be set.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:13:51 +03:00
John Crispin
f7d0b740e7 BSS coloring: BSS Color Change Announcement element generation
This information element is similar to the CSA one. It contains a
counter and the target color. Once the counter expired, the change to
the new color happens.

Just note the current implementation is based on CCA counter attributes
that only take Beacon and Probe Response framesinto account.
(Re)Association Response frames do not currently have kernel APIs to
decrement the CCA counter since mediatek mcu firmware does not support
it yet and it will be added in future firmware release.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:13:08 +03:00
John Crispin
654d2395dd BSS coloring: Handling of collision events and triggering CCA
Add the core code for handling BSS color collision events and triggering
CCA inside the kernel. The caller of hostapd_switch_color() will be
added in the following commits.

Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
2022-04-16 17:06:06 +03:00
Jouni Malinen
6a2a60f1db OpenSSL: Do not use the deprecated RSAPrivateKey function
Comment out the call to SSL_use_RSAPrivateKey_ASN1() function when using
OpenSSL 3.0 since that function was deprecated and there does not seem
to be any significant use case for supporting DER encoded RSAPrivateKey
structure in the private key blob.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 12:45:32 +03:00
Jouni Malinen
ebb3055e13 OpenSSL: Generate DH parameters automatically if not set with dh_file
This is the recommended way of using DH in OpenSSL TLS handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 11:38:44 +03:00
Jouni Malinen
bcd299b326 OpenSSL: Convert DH/DSA parameter loading to new API
OpenSSL 3.0 has deprecated low-level DH/DSA functions. Convert this
loading of the dh_file parameter to use newer API.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 11:32:21 +03:00
Jouni Malinen
28c1c91d03 Remove unused dh_blob parameter
This was used earlier in the wpa_supplicant configuration, but there was
no real use for that, so remove the now completely unused parameter to
simplify implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-16 10:45:17 +03:00
Jouni Malinen
4a774cf317 Remove useless DH file configuration from TLS library wrappers
These operations do not really have any effect since
tls_connection_set_params() is used only in the TLS client case and the
client receives the DH parameters from the server instead of local
configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00
Jouni Malinen
65652c67f5 Remove DH file configuration from TLS client functionality
The DH file parameters are applicable only for the TLS server, so this
parameter did not really have any impact to functionality. Remove it to
get rid of useless code and confusing documentation for the network
block configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00
Jouni Malinen
b94371af84 RADIUS attributes for EAPOL-Key message details
Use vendor specific RADIUS attributes for sending ANonce and EAPOL-Key
msg 2/4 for the wpa_psk_radius=3 case. The vendor specific attributes
for this are defined in FreeRADIUS as follows:

BEGIN-VENDOR    FreeRADIUS      format=Extended-Vendor-Specific-5
ATTRIBUTE       FreeRADIUS-802.1X-Anonce        1       octets[32]
ATTRIBUTE       FreeRADIUS-802.1X-EAPoL-Key-Msg 2       octets
END-VENDOR      FreeRADIUS

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 18:40:55 +03:00
Jouni Malinen
24763e3cd0 RADIUS: Attributes with Extended Types (RFC 6929)
Supported extended types for RADIUS attributes for the cases defined in
RFC 6929.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 18:40:55 +03:00
Jouni Malinen
feed2f9e75 BoringSSL: Use accessor functions for X509 key usage flags
BoringSSL commit dddb60eb9700110835ff6e2b429de40a17006429 ("Make most of
crypto/x509 opaque.") broke the direct access to these variables, so use
the accessor functions instead.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:00:26 +03:00
Jouni Malinen
80be88a089 BoringSSL: Replace stack-allocated X509_STORE_CTX with heap one
BoringSSL commit dddb60eb9700110835ff6e2b429de40a17006429 ("Make most of
crypto/x509 opaque.") broke the stack-allocated version, so move to
using X509_STORE_CTX_new() to get an opaque pointer to X509_STORE_CTX
instead.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:00:26 +03:00
Jouni Malinen
b95ed17f6b OpenSSL: Fix build with BoringSSL and LibreSSL 3.3.x and older
Define the EC_GROUP_get_curve() wrapper for the older versions.

Fixes: 3c61f4db4c ("OpenSSL: Replace EC_GROUP_get_curve_GFp() calls with EC_GROUP_get_curve()")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 13:00:08 +03:00
Jouni Malinen
ae0f6ee97e OpenSSL: CMAC using the OpenSSL library for non-FIPS cases as well
Commit 0b5e98557e ("FIPS: Use OpenSSL CMAC implementation instead of
aes-omac1.c") added this implementation initially only for the FIPS
builds. However, there does not seem to be any remaining need to avoid
depending on the OpenSSL library implementation for builds, so move to
that implementation unconditionally to reduce the binary size a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 12:00:10 +03:00
Jouni Malinen
0c61f6234f OpenSSL: Implement CMAC using the EVP_MAC API
OpenSSL 3.0 deprecated the low-level CMAC functions, so use the new
EVP_MAC API for this. Maintain the CMAC API variant for older versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 12:00:10 +03:00
Jouni Malinen
4fcd296608 OpenSSL: Extend CMAC to support 192-bit AES
This is used with DPP and SAE when using P-384, so prepare the OpenSSL
implementation to support these cases to allow the internal CMAC
implementation in aes-omac1.c to be replaced.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 12:00:10 +03:00
Jouni Malinen
1176178437 OpenSSL: Remove now unused compatibility wrapper for RSA_bits()
This function is not used anymore, but the compatibility wrapper for
older OpenSSL versions was forgotten to be removed.

Fixes: 09c62aaf11 ("OpenSSL: Determine RSA key size without low-level routines")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 11:58:34 +03:00
Jouni Malinen
b0769ce61c DPP: Allow a list of supported curves to be used in bootstrapping URI
The new DPP_BOOTSTRAP_GEN command parameter supported_curves can be used
to specify a colon separated list of supported curves. Information from
a parsed URI shows this information with a new supp_curves line in the
DPP_BOOTSTRAP_INFO output.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-14 16:57:11 +03:00
Sumit Agre
ef85328a67 QCA vendor command support to reset configuration for eLNA bypass
Add support to reset eLNA bypass configuration to default behavior.
If value of 2 is configured, the driver can choose either to
disable/enable eLNA bypass control and there is no enforcement
from userspace.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-11 23:25:48 +03:00
Jouni Malinen
7008c50fa9 OpenSSL: Implement DH using the EVP API
OpenSSL 3.0 deprecated the low-level DH functions, so use the EVP API
for this. Maintain the DH API variant for older versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-10 18:19:58 +03:00
Jouni Malinen
e31500adea OpenSSL: Implement HMAC using the EVP_MAC API
OpenSSL 3.0 deprecated the low-level HMAC functions, so use the EVP_MAC
API for this. Maintain the HMAC API variant for older versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-10 00:39:43 +03:00
Jouni Malinen
097ca6bf0b OpenSSL: Unload providers on deinit
This frees up the allocated resources and makes memory leak detection
more convenient without the known allocations being left behind.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-10 00:19:54 +03:00
Jouni Malinen
092efd45a6 OpenSSL: Implement AES keywrap using the EVP API
OpenSSL 3.0 deprecated the low-level encryption functions, so use the
EVP API for this. Maintain the previous version for BoringSSL and
LibreSSL since not all versions seem to have the EVP_aes_*_wrap()
functions needed for the EVP API.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-09 21:11:10 +03:00
Jouni Malinen
7e4984d9ca OpenSSL: Use a correct EVP_CIPHER_CTX freeing function on an error path
aes_encrypt_init() used incorrect function to free the EVP_CIPHER_CTX
allocated within this function. Fix that to use the OpenSSL function for
freeing the context.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-09 20:42:36 +03:00
Jouni Malinen
dacb6d278d Update IEEE P802.11ax draft references to published amendment
Get rid of the old references to drafts since the amendment has been
published.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-08 19:50:32 +03:00
Pradeep Kumar Chitrapu
8128ea76af Add Transmit Power Envelope element in 6 GHz
Add Transmit Power Envelope element for 6 GHz per IEEE Std
802.11ax-2021.

Currently, this uses hard coded EIRP/PSD limits which are applicable to
6 GHz operation in United states, Japan, and Korea. Support to extract
power limits from kernel data will be added after complete regulatory
support is added for the 6 GHz band.

Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-08 19:50:26 +03:00
Pradeep Kumar Chitrapu
bc3dc72a3a Extend 6 GHz Operation Info field in HE Operation element
Add new field definitions for the 6 GHz Operation Information field in
the HE Operation element per IEEE Std 802.11ax-2021, 9.4.2.249. These
will be used for TPC operation in the 6 GHz band.

Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-08 13:22:31 +03:00
Pradeep Kumar Chitrapu
0eb686637d hostapd: Add config option to specify 6 GHz regulatory AP type
IEEE Std 802.11ax-2021 introduces Regulatory Info subfield to specify
the 6 GHz access point type per regulatory. Add a user config option for
specifying this.

When not specified, Indoor AP type is selected for the 6 GHz AP by
default.

Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-08 13:19:10 +03:00
Pradeep Kumar Chitrapu
ee06165e96 hostapd: Extend Country element to support 6 GHz band
Add support for the Country element for the 6 GHz band per IEEE Std
802.11ax-2021, 9.4.2.8 (Country element).

Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
2022-04-08 12:57:46 +03:00
Jouni Malinen
f5ad972455 PASN: Fix build without CONFIG_TESTING_OPTIONS=y
force_kdk_derivation is defined within CONFIG_TESTING_OPTIONS, so need
to use matching condition when accessing it.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:47:31 +03:00
Jouni Malinen
0482251a6d EAP-TLS: Allow TLSv1.3 support to be enabled with build config
The default behavior in wpa_supplicant is to disable use of TLSv1.3 in
EAP-TLS unless explicitly enabled in network configuration. The new
CONFIG_EAP_TLSV1_3=y build parameter can be used to change this to
enable TLSv1.3 by default (if supported by the TLS library).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:45:40 +03:00
Jouni Malinen
7114e56060 EAP-TLS: Testing functionality to skip protected success indication
This server side testing functionality can be used to test EAP-TLSv1.3
peer behavior.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-07 00:43:12 +03:00
Jouni Malinen
95fd54b862 Disconnect STA on continuous EAP reauth without 4-way handshake completion
It could have been possible to get into an endless loop of retried EAP
authentication followed by failing or not completed 4-way handshake if
there was a different interpretation of EAP authentication result
(success on AP, failure on STA). Avoid this by limiting the number of
consecutive EAPOL reauth attempts without completing the following 4-way
handshake.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-06 15:28:49 +03:00
Jouni Malinen
9e11e746fa EAP-TLS: Do not allow TLSv1.3 success without protected result indication
RFC 9190 requires protected result indication to be used with TLSv1.3,
so do not allow EAP-TLS to complete successfully if the server does not
send that indication.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-06 15:28:49 +03:00
Jouni Malinen
88ab59d71b EAP-TLS: Replace the Commitment Message term with RFC 9190 language
While the drafts for RFC 9190 used a separate Commitment Message term,
that term was removed from the published RFC. Update the debug prints to
match that final language.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-05 23:05:45 +03:00
Jouni Malinen
63f311b107 EAP-TLS: Update specification references to RFC 5216 and 9190
The previously used references were pointing to an obsoleted RFC and
draft versions. Replace these with current versions.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-05 22:57:51 +03:00
Veerendranath Jakkam
b746cb28bc Add support for not transmitting EAPOL-Key group msg 2/2
To support the STA testbed role, the STA has to disable transmitting
EAPOL-Key group msg 2/2 of Group Key Handshake. Add test parameter to
disable sending EAPOL-Key group msg 2/2 of Group Key Handshake.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-04-05 17:06:32 +03:00
Karthikeyan Kathirvel
d27f7bd946 FILS: Fix config check to allow unsolicited broadcast Probe Response
Unsolicited broadcast Probe Response frame configuration did not work in
hostapd due fils_discovery_min_int being used by mistake where
fils_discovery_max_int should have been used in checking for conflicting
configuration. The latter is the one used to decide whether FILS
discovery is enabled or not.

Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
2022-04-05 00:33:33 +03:00
Jouni Malinen
65a3a273cd OWE: Reuse own DH private key in AP if STA tries OWE association again
This is a workaround for mac80211 behavior of retransmitting the
Association Request frames multiple times if the link layer retries
(i.e., seq# remains same) fail. The mac80211 initiated retransmission
will use a different seq# and as such, will go through duplicate
detection. If we were to change our DH key for that attempt, there would
be two different DH shared secrets and the STA would likely select the
wrong one.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 17:52:50 +03:00
Masashi Honma
1f5b6085c1 Fix SIGSEGV of eapol_test
Running eapol_test to FreeRADIUS 3.0.25 causes trailing SIGSEGV.

WPA_TRACE: eloop SIGSEGV - START
[1]: ./eapol_test(+0x67de6) [0x55b84fa4ade6]
     eloop_sigsegv_handler() ../src/utils/eloop.c:123
[2]: /lib/x86_64-linux-gnu/libc.so.6(+0x430c0) [0x7fec94ad20c0]
[3]: ./eapol_test(dpp_tcp_conn_status_requested+0x4) [0x55b84fa7e674]
     dpp_tcp_conn_status_requested() ../src/common/dpp_tcp.c:2246
[4]: ./eapol_test(wpas_dpp_connected+0x3c) [0x55b84fa816dc]
     wpas_dpp_connected() dpp_supplicant.c:437
[5]: ./eapol_test(wpa_supplicant_set_state+0x48d) [0x55b84fc12c9d]
     wpa_supplicant_set_state() wpa_supplicant.c:1067
[6]: ./eapol_test(eapol_sm_step+0x4b4) [0x55b84fb3b994]
     sm_SUPP_PAE_Step() ../src/eapol_supp/eapol_supp_sm.c:419
     eapol_sm_step() ../src/eapol_supp/eapol_supp_sm.c:989
[7]: ./eapol_test(eapol_sm_rx_eapol+0x190) [0x55b84fb3c060]
     eapol_sm_rx_eapol() ../src/eapol_supp/eapol_supp_sm.c:1293
[8]: ./eapol_test(+0x24760f) [0x55b84fc2a60f]
     ieee802_1x_decapsulate_radius() eapol_test.c:834
     ieee802_1x_receive_auth() eapol_test.c:945
[9]: ./eapol_test(+0x248d46) [0x55b84fc2bd46]
     radius_client_receive() ../src/radius/radius_client.c:937
[10]: ./eapol_test(+0x68323) [0x55b84fa4b323]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:606
[11]: ./eapol_test(eloop_run+0x251) [0x55b84fa4be51]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:597
     eloop_run() ../src/utils/eloop.c:1234
[12]: ./eapol_test(main+0x8cf) [0x55b84fa30d6f]
     main() eapol_test.c:1517
WPA_TRACE: eloop SIGSEGV - END
Aborted (core dumped)

Fixes: 33cb47cf01 ("DPP: Fix connection result reporting when using TCP")
Reported-by: Alexander Clouter <alex+hostapd@coremem.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2022-04-02 17:52:50 +03:00
Jouni Malinen
576662d277 ieee802_11_auth: Coding style cleanup - NULL comparison
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 17:52:50 +03:00
Jouni Malinen
945acf3ef0 ieee802_11_auth: Coding style cleanup - no string constant splitting
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 17:52:50 +03:00
Jouni Malinen
1c3438fec4 RADIUS ACL/PSK check during 4-way handshake
Add an alternative sequence for performing the RADIUS ACL check and PSK
fetch. The previously used (macaddr_acl=2, wpa_psk_radius=2) combination
does this during IEEE 802.11 Authentication frame exchange while the new
option (wpa_psk_radius=3) does this during the 4-way handshake. This
allows some more information to be provided to the RADIUS authentication
server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 17:52:32 +03:00
Jouni Malinen
5b5c954c04 Fix AP config check to recognize all PSK AKMs
The check for PSK/passphrase not being present was considering only the
WPA-PSK AKM, but the same check should be applied for all other AKMs
that can use a PSK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-02 16:26:02 +03:00
Kiran Kumar Lokere
c5d9f9064b QCA vendor attribute to indicate NDP interface managemtn using nl80211
Add a QCA_WLAN_VENDOR_FEATURE_USE_ADD_DEL_VIRTUAL_INTF_FOR_NDI
flag to indicate that the driver requires add/del virtual interface
path using the generic nl80211 commands for NDP interface create/delete
and to register/unregister of netdev instead of creating/deleting
the NDP interface using vendor commands.

With the latest Linux kernel (5.12 version onward), interface
creation/deletion is not allowed using vendor commands as it leads to a
deadlock while acquiring the RTNL_LOCK during the register/unregister of
netdev. Create and delete NDP interface using NL80211_CMD_NEW_INTERFACE
and NL80211_CMD_DEL_INTERFACE commands respectively if the driver
advertises this capability.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-01 18:57:09 +03:00
Jouni Malinen
0c88d1487c Debug print on CONFIG_NO_TKIP=y prevent RSNE with TKIP as group cipher
This makes the debug log clearer for one of the more likely cases of
"invalid group cipher" preventing RSNE parsing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-04-01 11:13:10 +03:00
Sreeramya Soratkal
d5a9331f97 P2P: Copy only valid opclasses while filtering out 6 GHz channels
Copy channels from only valid operating classes in the source channel
list while preparing a non-6 GHz channel/op-classes list when the 6 GHz
band is not used for P2P GO negotiation.

Earlier, during preparation of P2P channels for GO negotiation, a union
of the GO channels and the P2P Client channels is used. While generating
the union in p2p_channels_union_inplace() as the first list itself has
P2P_MAX_REG_CLASSES number of entries, the operating classes from the
second list which are not in the first list were not getting considered.

Fix this by not setting the dst->reg_classes to too large a value.

Fixes: f7d4f1cbec ("P2P: Add a mechanism for allowing 6 GHz channels in channel lists")
Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com>
2022-03-30 20:42:14 +03:00
Jouni Malinen
99c91beaad Sync with wireless-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2022-03-11.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-28 19:40:23 +03:00
Chaoli Zhou
fd0d738ff4 Add return value to ACL functions
While these do not return error code within the current hostapd
implementation, matching functions in wpa_supplicant AP functionality
will have an error case and using consistent return type will make the
control interface code more consistent.

In addition, export hostapd_set_acl() in preparation for the
wpa_supplicant control interface implementation extension.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-03-24 20:53:28 +02:00
Chaoli Zhou
f5ac428116 Move ACL control interface commands into shared files
This is a step towards allowing these commands to be used from
wpa_supplicant.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-03-24 14:22:24 +02:00
Chaoli Zhou
9306956626 Add BSS-TM-QUERY event to indicate reception of BSS TM Query
This allows upper layers to learn about associated stations requesting
BSS transition management from the AP.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-03-24 00:56:53 +02:00
Chaoli Zhou
0f8c6e9955 Move BTM control interface commands into shared file
This is a step towards allowing these commands to be used from
wpa_supplicant.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-03-24 00:56:53 +02:00
Chaoli Zhou
e059d8ece8 Update the Extended Capability element to struct sta_info
Only the SME-in-hostapd case updated sta->ext_capability while the
SME-in-the-driver case updated sta->qos_map_enabled, but not other items
related to the extended capabilities. This resulted in reduced
information being available through the control interface.

Use the shared helper function for both cases to get matching
information available regardless of the SME architecture.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
2022-03-24 00:56:53 +02:00
Jouni Malinen
30ecf0181d DPP: Update Controller parameters when it was already started
dpp_configurator_params changes were taken into use in the
non-TCP/Controller case immediately on change, but that was not the case
for the Controller where this was updated only when explicitly starting
it. Change this to update dpp_configurator_params for the Controller as
well even if it is already running.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-24 00:56:53 +02:00
Jouni Malinen
b93d1083ee DPP: Fix msg_ctx for PKEX over TCP as Controller/Responder
PKEX Exchange Request handling in Controller used incorrect msg_ctx
pointer and that could result in event messages causing unexpected
behavior. Fix this by registering the correct msg_ctx pointer for these
cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-24 00:56:53 +02:00
Jouni Malinen
ce86f2446f DFS: Remove unnecessary variable
This was not used for anything else than checking the value returned by
the called function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 21:23:54 +02:00
Lorenzo Bianconi
760a5ae26b DFS: Switch to background radar channel if available
On radar detection on the main chain switch to the channel monitored
by the background chain if we have already performed the CAC there.
If a radar pattern is reported on the background chain, just select a
new random channel according to the regulations for monitoring.

Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2022-03-13 21:23:10 +02:00
Lorenzo Bianconi
b63d953feb DFS: Enable CSA for background radar detection
Rely on hostapd_dfs_request_channel_switch() to enable CSA for
background radar detection switching back to the selected channel.

Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2022-03-13 21:15:48 +02:00
Lorenzo Bianconi
25663241c5 DFS: Introduce hostapd_dfs_request_channel_switch()
This is a preliminary patch to add Channel Switch Announcement for
background radar detection.

Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2022-03-13 21:12:43 +02:00
Lorenzo Bianconi
316a9dc63b DFS: Configure background radar/CAC detection
Introduce the capability to perform radar/CAC detection on an offchannel
radar chain available on some hardware (e.g., mt7915). This feature
allows to avoid CAC downtime switching on a different channel during CAC
detection on the selected radar channel.

Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2022-03-13 21:06:51 +02:00
Lorenzo Bianconi
bad12effe8 nl80211: Radar background flag setting
Allow background radar detection flag to be set when specifying a
channel. This is a preliminary change to introduce radar/CAC background
detection support.

Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2022-03-13 20:48:06 +02:00
Lorenzo Bianconi
effd6111b8 DFS: Rely on channel_type in dfs_downgrade_bandwidth()
Add the capability to specify all 3 channel type possibilities in
dfs_downgrade_bandwidth(). This is a preliminary change to introduce
radar/CAC background detection support.

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2022-03-13 18:30:56 +02:00
Jouni Malinen
f9ba3d5c89 OpenSSL 3.0: Set SSL groups using SSL_set1_groups()
The mechanism using SSL_set_tmp_ecdh() has been obsoleted and
SSL_set1_groups() takes care of it instead.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 11:27:15 +02:00
Jouni Malinen
09c62aaf11 OpenSSL: Determine RSA key size without low-level routines
RSA low-level routines were deprecated in OpenSSL 3.0.
EVP_PKEY_get_bits(), or its older and more backwards compatible name
EVP_PKEY_bits() can be used here instead.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 11:27:12 +02:00
Jouni Malinen
b700a56e14 OpenSSL 3.0: Determine the prime length for an EC key group using EVP_PKEY
EVP_PKEY_get0_EC_KEY() and EC_KEY_get0_group() were deprecated in
OpenSSL 3.0. Add a version of this by determining the group without
fetching the EC_KEY itself from an EVP_PKEY.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 11:26:55 +02:00
Jouni Malinen
3c61f4db4c OpenSSL: Replace EC_GROUP_get_curve_GFp() calls with EC_GROUP_get_curve()
EC_GROUP_get_curve_GFp() was deprecated in OpenSSL 3.0.
EC_GROUP_get_curve() can be used to do the exact same thing. Add a
backwards compatibility wrapper for older OpenSSL versions to be able to
use this newer function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 11:26:47 +02:00
Jouni Malinen
e2cb0ca1ac OpenSSL 3.0: Implement crypto_ec_key_group() with new API
Get rid of the now deprecated EVP_PKEY_get0_EC_KEY() and
EC_KEY_get0_group() calls.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-13 11:26:36 +02:00
Jouni Malinen
f6a53f64af OpenSSL: Replace EVP_PKEY_cmp() with EVP_PKEY_eq() when available
OpenSSL 3.0 deprecated EVP_PKEY_cmp() and replaced it with EVP_PKEY_eq()
which is not available in older versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-03-12 10:54:48 +02:00
Nicolas Escande
56a14cc720 DFS: Don't let cac_time_left_seconds overflow
There can be some discrepancy between the theorical dfs cac end (as
computed with the cac duration and cac start) and the actual cac end as
reported by the driver. During that window, the value of remaining time
outputed by the status command on the socket control interface will
display an overflowed, invalid value.
To mitigate this lets compute the remaining time as signed and display
it only when positive, otherwise defaulting it to 0.

Status command shows something like that when polling every seconds:

state=DFS
cac_time_seconds=60
cac_time_left_seconds=1
...
state=DFS
cac_time_seconds=60
cac_time_left_seconds=0
...
state=DFS
cac_time_seconds=60
cac_time_left_seconds=4294967294
...
state=DFS
cac_time_seconds=60
cac_time_left_seconds=4294967293
...
state=DFS
cac_time_seconds=60
cac_time_left_seconds=4294967292
...
state=ENABLED
cac_time_seconds=60
cac_time_left_seconds=N/A

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
2022-03-12 10:39:43 +02:00
Alasdair Mackintosh
ae512c30a1 DPP: Fix uninitialised variable on error path
The current code generates a warning when compiled by Clang, because if
we goto 'fail:', password_len can be uninitialised when we pass it in to
bin_clear_free().

Note that the actual usage is safe, because bin_clear_free() ignores
the second argument if the first argument is NULL, but it still seems
worth cleaning up.

Signed-off-by: Alasdair Mackintosh <alasdair at google.com>
2022-03-12 10:36:03 +02:00
Jouni Malinen
5eaf596e14 HTTP: Make URL available to the cert_cb
This makes it easier for non-SOAP cases to validate HTTP server name
(from the URL) match against the certificate.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-11 19:46:23 +02:00
Sumit Agre
1fee1c40c3 Enhance QCA vendor interface to indicate TWT required capability of AP
Add QCA_WLAN_TWT_NOTIFY command type to send event to userspace when AP
changes TWT required bit field in its capabilities.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 19:36:37 +02:00
Jhalak Naik
a192305a41 Add QCA vendor attributes for AFC support in external ACS
Add support for new QCA nested attributes to pass the AFC channel
information as part of the external ACS request command,
EXTERNAL_ACS_EVENT_CHAN_INFO.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 19:31:49 +02:00
Jouni Malinen
de5939ef52 DPP: Allow Configurator net_access_key_curve to be changed
This is mainly for testing purposes to allow a Configurator to the curve
between provisioning cases. This would not work for real deployement
cases unless every Enrollee were reconfigured.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-10 01:30:33 +02:00
Jouni Malinen
9638452a62 DPP: Update Configurator to require same netAccessKey curve to be used
DPP network introduction requires all devices to use the same curve for
netAccessKey. Enforce that this happens based on hardcoding the curve
based on the first successful configuration object generation if no
explicit configuration of the curve was used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-09 23:08:06 +02:00
Jouni Malinen
2b406eecee DPP: Update Auth-I derivation operations
This is not properly defined in the technical specification and will
need to be clarified there. Change the implementation to use a design
that is more likely to be used in the cleaned up tech spec.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-09 20:50:56 +02:00
Jouni Malinen
de64dfe98e DPP: Curve change for netAccessKey
Allow the Configurator to be configured to use a specific curve for the
netAccessKey so that it can request the Enrollee to generate a new key
during the configuration exchange to allow a compatible Connector to be
generated when the network uses a different curve than the protocol keys
used during the authentication exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-09 01:07:59 +02:00
Jouni Malinen
fd2eb7a41e DPP: Fix a memory leak on error path
The encoded CSR could have been leaked if another memory allocation were
to fail in this function. Use a shared return path to free the allocated
temporary buffers to avoid this.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-08 00:28:10 +02:00
Jouni Malinen
e9551efe05 DPP: Missing/invalid Protocol Version in Reconfig Auth Req
Extend dpp_test testing functionality to allow the Protocol Version
attribute to be removed or modified to invalid value in Reconfig
Authentication Request.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-07 23:40:27 +02:00
Jouni Malinen
eeb72e7c9a DPP: Extend DPP_PKEX_ADD ver=<1/2> to cover Responder role
Allow PKEX v1-only or v2-only behavior to be specific for the Responder
role. This is mainly for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-07 21:37:40 +02:00
Jhalak Naik
6c3c431bbd Add QCA vendor attribute to enable Spectral FFT recapture
Add a QCA vendor attribute to enable FFT recapture on user trigger.
Enable FFT recapture only when spectral scan period is greater than 52
us.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-04 22:35:33 +02:00
Mario Hros
fcbdaae8a5 SAE: Add support for RADIUS passphrase as the SAE password
Allow the first Tunnel-Password RADIUS entry to be used for SAE in
addition to the sae_password entries and wpa_passphrase parameters from
the static configuration file.

Signed-off-by: Mario Hros <git@reversity.org>
2022-03-04 12:25:14 +02:00
Baligh Gasmi
3d86fcee07 cleanup: Remove unreachable code
There is no need for unreachable code in these places, so remove it.

Signed-off-by: Baligh Gasmi <gasmibal@gmail.com>
2022-03-04 12:07:46 +02:00
Yegor Yefremov
9683195ee5 qca-vendor: Fix typos
Fix typos found with codespell utility.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2022-03-04 12:04:54 +02:00
Yegor Yefremov
4c9ef9322a brcm_vendor: Fix typos
Fix typos found with codespell utility.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2022-03-04 12:04:54 +02:00
Yegor Yefremov
d65285ab8f src/drivers: Fix typos
Fix typos found with codespell utility.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2022-03-04 12:04:51 +02:00
Lorenzo Bianconi
203a027b28 nl80211: Report background radar/CAC detection capability
Report background radar/CAC detection capability if supported
by the underlying driver/hardware.

Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2022-03-04 01:17:02 +02:00
Lorenzo Bianconi
0a73649b64 DFS: Add capability to select radar-only channels
Introduce type parameter to dfs_get_valid_channel() routine to allow
selection of a radar-only channel where the CAC detection has not been
performed yet. This is a preliminary patch to enable background
radar/CAC detection.

Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2022-03-04 01:16:01 +02:00
Lorenzo Bianconi
f39765369a DFS: Introduce dfs_set_valid_channel() utility routine
This is a preliminary change to introduce radar/CAC background detection
support.

Tested-by: Owen Peng <owen.peng@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2022-03-04 00:22:15 +02:00
Jouni Malinen
dec626109e HE: Fix invalid length checking for HE Capability element
Do not use the first octet of the PPE Thresholds field without
explicitly confirming that that octet was included in the element.
Furthermore, allow the received element to have additional octets in the
end since IEEE Std 802.11ax-2021 defines this to be an extensible
element and new fields could be added to the end of it in the future.

Fixes: 0497e41481 ("HE: Fix HE Capabilities element size")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-03-03 01:31:39 +02:00
Shiva Sankar Gajula
53be64f7d9 HE: Fix calculation of the PPE Threshold field length
The previously used calculation was not correct for the cases where the
extra padding field was needed. Fix this by properly calculating the
number of full octets in the field.

Fixes: 0497e41481 ("HE: Fix HE Capabilities element size")
Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
2022-03-03 01:31:39 +02:00
Jouni Malinen
738fef2f0b Clear PSK explicitly from memory in couple more cases on deinit
Couple of the WPS/P2P/RADIUS-PSK cases were freeing heap memory
allocations without explicitly clearing the PSK value. Add such clearing
for these to avoid leaving the PSK in memory after it is not needed
anymore.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Jouni Malinen
567b9764fb Clear PMK explicitly even without FT support in AP build
Unlike the other keys that were cleared here, the PMK is available
without FT support built into hostapd and as such, should be cleared in
all cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Jouni Malinen
0bd29c1768 Remove duplicated pointer check
The following if statement verifies the exact same thing here.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Jouni Malinen
007fd6111d Clear temporary results from stack in PBKDF2-SHA1
Force stack memory to be cleared of temporary values that might contain
keying material.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Jouni Malinen
1364f322bf Remove GTK/IGTK/BIGTK from memory explicitly in AP mode
Make sure these keys do not remain in memory beyond the time they are
needed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Jouni Malinen
af1f0694e1 Clear last set keys (for testing purposes) from memory explicitly
This makes it easier to scan process memory for key information that is
not supposed to remain there after the last use.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Jouni Malinen
6c850a1c06 nl80211: Clear bss->freq when stopping AP mode
The current operating frequency information was already cleared when
stopping other modes, but the cases for stopping AP mode were not
covered. Clear bss->freq in wpa_driver_nl80211_del_beacon() to cover
these cases. In addition, move clearing of bss->beacon_set there to
avoid having to clear that in all callers separately.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-26 19:12:11 +02:00
Ajit Vaishya
a44fa15cb1 Define a vendor specific NDP attribute for NAN service id
Add a NAN NDP attribute QCA_WLAN_VENDOR_ATTR_NDP_SERVICE_ID which
indicates service id with 6 bytes of length and it's derived from the
SHA-256 hash of the NAN service name. As per Wi-Fi Aware Specfication
version 3.2, this service ID is used to calculate the NAN PMK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-24 01:47:53 +02:00
leiwei
7e941e7a15 macsec_linux: Support cipher suite configuration
Set the cipher suite for the link. Unlike the other parameters, this
needs to be done with the first rtnl_link_add() call (NLM_F_CREATE))
instead of the update in try_commit() since the kernel is rejecting
changes to the cipher suite after the link is first added.

Signed-off-by: leiwei <quic_leiwei@quicinc.com>
2022-02-17 01:05:08 +02:00
leiwei
46c635910a MACsec: Support GCM-AES-256 cipher suite
Allow macsec_csindex to be configured and select the cipher suite when
the participant acts as a key server.

Signed-off-by: leiwei <quic_leiwei@quicinc.com>
2022-02-16 22:54:49 +02:00
Jouni Malinen
42944de69b nl80211: Do not store no-wait TX frame cookies to be cancelled
If the TX frame operation does not request any wait time, there is not
going to be any pending wait that could be cancelled later. As such,
there is no need to store the cookie value for these cases. This removes
unnecessary cancel-TX-wait operations that would result in some extra
latency and confusing debug log entries.

This was found with the following hwsim test case sequence where the
second test was failing due to the extra latency and this commit gets
rid of that failure:
rrm_ftm_range_req_timeout dpp_qr_code_auth_neg_chan

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-16 21:09:57 +02:00
Jouni Malinen
7e6f59c702 nl80211: Clear the last saved TX frame cookie on wait expiration
drv->send_frame_cookies[] was already cleared, but
dev->send_frame_cookie was not. This resulted in unnecessary attempts of
canceling the TX wait for a wait that had already expired. While this
does not really result in real issues, it is cleaner to get rid of the
error messages from the debug log by skipping the unnecessary
operations.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-15 16:24:43 +02:00
Sreeramya Soratkal
9d5fd33282 Update QCA vendor attribute to indicate maximum PCL attributes
Add the enum qca_wlan_vendor_attr_pcl elements to mark the maximum value
of the defined attributes for the preferred channel list. This is
helpful for nla_parse().

Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com>
2022-02-10 17:57:23 +02:00
Jouni Malinen
19169a53aa atheros: Do not include p2p.h
That wpa_supplicant header file is not needed for driver_atheros.c and
maybe was never really needed, so do not include it here to avoid
potentially conflicting C preprocessor defines.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-10 17:54:43 +02:00
Jouni Malinen
f43d31dda7 nl80211: Debug print association comeback event data
This is helpful for understanding why an assocation attempt takes
unexpectedly long time to complete.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-09 20:43:53 +02:00
Narasimha Rao PVS
a91072503c OCV: Don't start SA Query timer on CSA when SA Query is offloaded
Check driver support for SA Query offload in AP mode and skip starting
SA Query timer on CSA for OCV enabled STAs when the driver indicates
support for offloading SA Query procedures.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-09 20:32:17 +02:00
Jouni Malinen
f5c8697c04 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2022-01-04. In addition, update
nl80211_command_to_string() to cover the new defined commands.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-02-09 20:25:30 +02:00
Liangwei Dong
ac1e3a7f0e Add QCA vendor MCC channel quota command and event
Add QCA_NL80211_VENDOR_SUBCMD_MCC_QUOTA. When two or more interfaces are
active on the same band and two different home channels (MCC), the
target may allocate quota of "on channel" time for each home channel.
The target will indicate the quota information to application layer with
this event. Application may do TX bitrate control based on the
information. The user may also set the MCC quota for an interface by
using this command.

Signed-off-by: Liangwei Dong <quic_liangwei@quicinc.com>
Signed-off-by: Madhvapathi Sriram <quic_msriram@quicinc.com>
2022-02-04 18:58:55 +02:00
Jouni Malinen
1d1e3184b9 Whitespace/coding style cleanup for QCA vendor attribute definitions
Use more consistent style with whitespace around enums.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-04 18:23:47 +02:00
Jayachandran Sreekumaran
1646883f43 Vendor command to configure rate mask
Introduce a new vendor command
QCA_NL80211_VENDOR_SUBCMD_RATEMASK_CONFIG. This is used to set the rate
mask config to be used in MCS rate selection per PHY type.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-04 18:23:41 +02:00
Nirav Shah
2faaa193f3 Rename moderate latency level to XR latency level in vendor attributes
Currently the moderate latency level is not used. Rename the moderate
latency level to XR latency level to be used in XR (extended reality)
applications.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-04 18:10:23 +02:00
Jouni Malinen
f9905f8d94 nl80211: Clear frequency information on leaving mesh
Not doing this was resulting in test failures with many sequences of a
mesh test case (e.g., wpas_mesh_peer_connected) followed by
ap_csa_1_switch which was checking the driver wrapper frequency
information at the beginning.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-04 12:15:41 +02:00
Jouni Malinen
07e26b2926 GAS server: Increase query timeout to 60 seconds for DPP
DPP Enrollee might wait for the configuration for 60 seconds, so
increase the DPP Configurator timeout for the GAS server operation to 60
seconds to cover that full wait time. This is needed for cases where
user interaction can take significant amount of time before the
configuration response can be generated.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-04 12:15:30 +02:00
Jouni Malinen
da65e71360 nl80211: Add a handler for NL80211_CMD_FRAME_WAIT_CANCEL events
This can be helpful in figuring out when the driver has stopped waiting
on a specific channel and would need a remain-on-channel command to
continue listening on that channel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-04 00:13:12 +02:00
Jouni Malinen
033ad6ffaa DPP: Allow Configurator parameters to be provided during config exchange
This provides an alternative mechanism for upper layer components to
control configuration parameters to be used by the local Configurator.
Instead of the previously used design where the Configurator parameters
had to be provided before initiating the DPP Authentication exchange,
the new alternative approach allows the DPP Authentication exchange to
be started before any Configurator parameters have been determined and
wpa_supplicant will then request the parameters once the DPP
Configuration Request has been received from the Enrollee. This allows
the Config Request information to be used at upper layers to determine
how the Enrollee should be configured.

For example for an Initiator:

CTRL: DPP_QR_CODE <URI from Responder/Enrollee>
CTRL: DPP_AUTH_INIT peer=1 conf=query
<3>DPP-CONF-NEEDED peer=1 src=02:00:00:00:00:00 net_role=sta name="Test" opclass=81,82,83,84,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130 mud_url=N/A
(upper layer processing; potentially including user interaction)
CTRL: DPP_CONF_SET peer=1 conf=sta-sae ssid=736165 pass=70617373776f7264
<3>DPP-CONF-SENT

For example for a Responder:

CTRL: SET dpp_configurator_params conf=query
CTRL: DPP_LISTEN 2412 role=configurator
<3>DPP-CONF-NEEDED peer=2 src=02:00:00:00:01:00 net_role=sta name="Test" opclass=81,82,83,84,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130 mud_url=N/A
(upper layer processing; potentially including user interaction)
CTRL: DPP_CONF_SET peer=2 conf=sta-sae ssid=736165 pass=70617373776f7264
<3>DPP-CONF-SENT

For example for an Initiator that can act both as a Configurator and an
Enrollee in a case where the Initiator becomes the Enrollee:

CTRL: DPP_AUTH_INIT peer=1 role=either conf=query
<3>DPP-CONF-RECEIVED

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-03 00:35:49 +02:00
Jouni Malinen
d4961a7755 GAS server: Asynchronous request handler comeback time indication
Extend the GAS server functionality to allow a request handler to return
the initial comeback delay with a later callback instead of having to
indicate the comeback delay when returning from the handler function.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-02 16:59:59 +02:00
Jouni Malinen
9a90aab12b DPP: Store Enrollee config request information
This information can be helpful for upper layers in deciding how to
configure the Enrollee.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-02 16:59:59 +02:00
Jouni Malinen
6751fb0604 DPP: Make dpp_netrole_str() non-static
This function is going to be needed outside dpp.c.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-02 16:59:59 +02:00
Jouni Malinen
34575ad72e EAP-pwd: Fix the prefix in a debug message
This was copied from sae.c, but the debug message prefix was not changed
to match the use here.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-01 19:58:40 +02:00
Jouni Malinen
e07000e748 nl80211: Partial support for radio_disable
This is for testing purposes to allow a station mode associated to be
dropped without sending the AP a Deauthentication frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-02-01 19:53:08 +02:00
Jouni Malinen
33cb47cf01 DPP: Fix connection result reporting when using TCP
The TCP code path did not handle the postponed connection attempt on TX
status and the following result message from the Enrollee to the
Configurator. Fix this by adding TCP-versions of these operations to
match the way wpa_supplicant implemented this for the Public Action
frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-28 17:28:49 +02:00
Jouni Malinen
1822bd3789 DPP: Testing capability for invalid Protocol Version in Network Intro
This extends dpp_test functionality to allow DPP Network Introduction
exchanges to use an incorrect value in the Protocol Version attribute.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-27 18:44:07 +02:00
Jouni Malinen
d7be749335 DPP3: PKEX over TCP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2022-01-26 00:40:09 +02:00
Jouni Malinen
bdcccbc275 DPP: Change PKEX version configuration design
Use a separate ver=<1|2> parameter to DPP_PKEX_ADD instead of
overloading init=1 with version indication. This allows additional
options for forcing v1-only and v2-only in addition to automatic mode
(start with v2 and fall back to v1, if needed).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-25 20:32:48 +02:00
Jouni Malinen
9d3f347a2b DPP3: Add PKEX initiator retries and fallback from v2 to v1 for hostapd
This extends hostapd with the design used in wpa_supplicant for PKEX
initiator retries and automatic version fallback from v2 to v1 (the
latter is enabled only with CONFIG_DPP3=y).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-24 22:58:38 +02:00
Jouni Malinen
3f67ab5871 DPP: Handle TX status events for broadcast DPP messages
Report TX status for DPP messages even if the destination address was
broadcast. This is needed to get appropriate trigger for PKEX retries.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-24 22:58:38 +02:00
Qiwei Cai
f32f99df11 P2P: Send response frame on channel where the request is received
The rx_freq of Public Action frame was not maintained by the GO and the
GO always sent the response on the operating channel. This causes
provision discovery failure when a P2P Device is sending a PD Request on
a 2.4 GHz social channel and the GO is responding on a 5 GHz operating
channel.

Save the rx_freq and use it for GO to sent the response. This extends
commit c5cc7a59ac ("Report offchannel RX frame frequency to hostapd")
to cover additional frame types.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-17 20:27:37 +02:00
Madhvapathi Sriram
b678a3aa32 Extend QCA_NL80211_VENDOR_SUBCMD_PEER_FLUSH_PENDING
Extend the peer queue flush command with following attributes
1. Enable to flush per TID peer queue
2. Enable to configure when to flush the peer/TID queue

Signed-off-by: Madhvapathi Sriram <quic_msriram@quicinc.com>
2022-01-17 20:16:21 +02:00
Arowa Suliman
fc4bc342e5 Replace "blacklist" with "denylist" in vendor interface definition
Replace the word "blacklist" with the inclusive word "denylist" and add
aliases for backward compatibility.

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2022-01-17 17:30:28 +02:00
Arowa Suliman
bc9fd8adc0 Replace "whitelist" with "allowlist" in vendor interface definition
Replace the word "whitelist" with the inclusive word "allowlist" and add
aliases for backward compatibility.

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2022-01-17 17:30:00 +02:00
Jouni Malinen
c765450339 The main branch is now used for v2.11 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-01-17 00:03:42 +02:00
Jouni Malinen
cff80b4f7d Preparations for v2.10 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.9 and v2.10.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-01-16 22:51:29 +02:00
Jouni Malinen
9b14aed908 crypto: Remove unused crypto_ec_point_solve_y_coord()
This wrapper function is not used anymore, so remove it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-01-11 20:15:36 +02:00
Jouni Malinen
8c502336d4 EAP-pwd: Derive the y coordinate for PWE with own implementation
The crypto_ec_point_solve_y_coord() wrapper function might not use
constant time operations in the crypto library and as such, could leak
side channel information about the password that is used to generate the
PWE in the hunting and pecking loop. As such, calculate the two possible
y coordinate values and pick the correct one to use with constant time
selection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-01-11 20:15:36 +02:00
Jouni Malinen
6c380f4c87 SAE: Derive the y coordinate for PWE with own implementation
The crypto_ec_point_solve_y_coord() wrapper function might not use
constant time operations in the crypto library and as such, could leak
side channel information about the password that is used to generate the
PWE in the hunting and pecking loop. As such, calculate the two possible
y coordinate values and pick the correct one to use with constant time
selection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-01-11 20:15:36 +02:00
Jouni Malinen
8ebd8aacc2 SAE: Move sqrt() implementation into a helper function
This implementation within SSWU can be helpful for other users of the
dragonfly design, so move it into a shared helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-01-11 20:15:36 +02:00
Vishal Miskin
41c7f3f20e Defined a driver interface for periodic TSF sync feature
Add a QCA vendor netlink interface to start/stop periodic TSF sync
feature and also support configuration of interval value as part of TSF
sync start command. In addition, improve documentation for the related
attributes and values.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-11 18:37:52 +02:00
Veerendranath Jakkam
5758d09294 Add a QCA vendor attribute to indicate ACS over EHT
Add QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED flag attribute to conduct ACS
for EHT mode. The driver can consider EHT specific parameters such as
puncture pattern for ACS when this flag attribute is indicated by
userspace.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-01-11 18:30:24 +02:00
Jouni Malinen
58bbcfa31b OpenSSL: Update security level drop for TLS 1.0/1.1 with OpenSSL 3.0
OpenSSL 3.0 dropped these older TLS versions from the security level 2
to 1, so need to drop the security level all the way to 0 if TLS v1.0 or
v1.1 is explicitly enabled.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-11 17:42:55 +02:00
Jouni Malinen
682fce579f OpenSSL: Fix compressed form encoding for subjectPublicKey with 3.0
It looks like EC_KEY_set_conv_form() for the EC_KEY within the EVP_PKEY
does not take effect for i2d_PUBKEY() with OpenSSL 3.0, so allocate a
new wrapper EVP_PKEY after the conversion format change to be able to
return the correctly encoded (compressed) value here. This is required
for DPP to work correctly.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-11 17:40:06 +02:00
Jouni Malinen
ff2eccbdf9 OpenSSL: Load legacy provider when needed for OpenSSL 3.0
Number of the older algorithms have now been moved into a separate
provider in OpenSSL 3.0 and they are not available by default.
Explicitly load the legacy provider when such an algorithm is needed for
the first time.

In addition, at least for now, load the legacy providers when initiating
TLS context to maintain existing functionality for various private key
formats.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-11 17:40:06 +02:00
Jouni Malinen
ddcdd62866 OpenSSL: Clean up EVP_PKEY_get{0,1}_EC_KEY() use
Use get1 whenever actually modifying the EC_KEY parameters and mark the
variable used with get0 const to be compatible with OpenSSL 3.0.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-01-11 17:40:06 +02:00
Jouni Malinen
384aa245ef OpenSSL: Speed up crypto_ec_point_compute_y_sqr()
Optimize the calculation by computing (x^2 + a) first to get rid of one
separate multiplication by x.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-01-11 17:40:06 +02:00
Mukul Sharma
43f600a1f7 Add new vendor attributes to avoid coex unsafe frequencies
Add additional attributes in
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT vendor sub command to
avoid usage of unsafe frequencies on wifi interfaces sent from userspace
to the driver/firmware. The driver/firmware shall use restrictions and
power cap accordingly to restrict the usage of these frequencies on
operating interface(s).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-21 00:04:26 +02:00
peterhuang
bc24a8a09e Update supported channel width set (HT40) after channel switch
hostapd should update Supported Channel Width Set of HT Capability
Information field after channel switching done. Otherwise, it would
continue to use the old setting.

Signed-off-by: peterhuang <peterhuang@realtek.com>
2021-12-12 22:53:22 +02:00
peterhuang
ff7e403f06 Fix channel switch wrapper when switching from HT to VHT/HE
Because ieee80211ac and ieee80211ax were not updated before channel
switch is done, hostapd didn't build the Channel Switch Wrapper element
when it switched from HT to bandwidth more than 40 MHz of VHT/HE. fix
this by allowing hostapd_eid_wb_chsw_wrapper() to determine internally
when the element needs to be added based on the new channel instead of
the old configuration.

Signed-off-by: peterhuang <peterhuang@realtek.com>
2021-12-12 22:42:59 +02:00
peterhuang
5606ede121 Update ieee80211ac when channel switching
hostapd will build wrong beacon_after in hostapd_fill_csa_settings() if
it doesn't update ieee80211ac when channel switching.

Signed-off-by: peterhuang <peterhuang@realtek.com>
2021-12-12 22:36:51 +02:00
Daniel Golle
e6db1bc5da mesh: Make forwarding configurable
Allow mesh_fwding (dot11MeshForwarding) to be specified in a mesh BSS
config, pass that to the driver (only nl80211 implemented for now) and
announce forwarding capability accordingly.

Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-12-12 22:31:13 +02:00
Alan Young
5ef9277d0b ACS/DFS: Support min_tx_power configuration
If min_tx_power is specified (default 0 dBm, i.e., no constraint), ACS
and DFS will not consider channels whose available max_tx_power is less
than the configured value.

This may be useful to exclude SRD (Short Range Device) channels which
may be limited to 13.9 dBm (25 mW) in some regulatory domains.

Signed-off-by: Alan Young <consult.awy@gmail.com>
2021-12-12 22:20:18 +02:00
Matthew Wang
7db757aac4 Revert "Extract BSS coex 40 MHz check into a separate function"
This reverts commit 3af78a4e04.

This commit prepares a refactor for another patch, which is being
reverted.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2021-12-11 13:06:37 +02:00
Jouni Malinen
b57273d069 DPP2: PKEXv2 core protocol changes
Add support for PKEXv2 core protocol. This defines a new PKEX Exchange
Request message type with protocol negotiation and different rules for
key derivation with PKEXv2 or newer is used.

This does not change existing behavior for PKEX, i.e., the PKEXv1
variant will still be used by default.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-07 23:26:29 +02:00
Jouni Malinen
b21b310148 DPP: Testing functionality to omit Protocol Version from Peer Discovery
Allow the dpp_test parameter to be used to request the Protocol Version
attributed to be omitted from the Peer Discovery Request/Response
message.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
341e7cd664 DPP3: Verify version match during Network Introduction
Verify that the Protocol Version attribute is used appropriate in Peer
Discovery Request/Response messages in cases where the signed Connector
includes the version information.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
f26fd5ee6c DPP3: Use Connector version instead of current version in Peer Discovery
Generate Peer Discovery Request/Response messages using the protected
version from the Connector, if present, instead of the currently
supported protocol version which might be higher than the one that got
included into the signed Connector during provisioning earlier.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
0cfb726895 DPP3: Add version member to Connector
Indicate the protocol version number that the Enrollee used during the
DPP exchange that resulted in the generation of the Connector.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Jouni Malinen
77ddd38b66 DPP3: Add build option for version 3 functionality
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2021-12-03 21:24:59 +02:00
Aditya Sathish
147932addd Add a QCA vendor attribute to indicate puncture pattern in ACS
Add a QCA vendor attribute to indicate the puncture pattern derived
by the automatic channel selection algorithm.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-11-18 23:07:12 +02:00
Aloka Dixit
b16b88acdb RNR: Do not allow FILS Discovery and unsolicited Probe Response simultaneously
Reduced neighbor report has a field to indicate whether unsolicited
Probe Response transmission is active. Add a check to return failure if
both FILS discovery and unsolicited Probe Response are enabled at the
same time to ensure that RNR includes valid data.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-09 18:02:02 +02:00
Muna Sinada
15f099ec70 RNR: Allow Probe Response frame for a colocated 6 GHz AP
When a Probe Request frame from a station includes an SSID matching that
of a co-located 6 GHz AP, AP should respond with a Probe Response frame
that includes Reduced Neighbor Report element containing information
regarding the requested BSS.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-09 17:55:45 +02:00
Aloka Dixit
f17f7ca4e0 RNR: Update Beacon frames for 6 GHz colocation
Update 2.4/5 GHz Beacon frames every time Beacon frames for co-located 6
GHz AP(s) are set. This is required for 6 GHz out-of-band discovery so
that lower band Beacon frames will include RNR element with 6 GHz AP
information irrespective of the AP bring-up order. Similarly, RNR is
included in FILS Discovery frames by default in 6 GHz-only mode,
updating the Beacon frames will remove it when co-located 2.4/5 GHz
interfaces are brought up.

This change also ensures that the changes in 6 GHz AP configuration such
as new channel and bandwidth get reflected in the lower bands Beacon
frames.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-09 17:50:02 +02:00
John Crispin
01efcc2929 RNR: Addition in Beacon, Probe Response, and FILS Discovery frames
Add Reduced Neighbor Report element in Beacon, Probe Response, and FILS
Discovery frames.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-09 17:44:45 +02:00
John Crispin
0c9457ee23 RNR: Additions for a 6 GHz AP
Include Reduced Neighbor Report element in Beacon and Probe Response
frames by default if the reporting AP is 2.4/5 GHz and it is co-located
with a 6 GHz AP. Similarly, include RNR by default in FILS Discovery
frames if the AP is a standalone 6 GHz AP.

Signed-off-by: John Crispin <john@phrozen.org>
Co-developed-by: Aloka Dixit <alokad@codeaurora.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-09 17:33:14 +02:00
John Crispin
b2bbedcb21 RNR: Add co-located BSSes
Calculate the length and include data for the BSSes active on the same
radio as the reporting BSS in the Reduced Neighbor Report element. This
element is included in Beacon and Probe Response frames.

Signed-off-by: John Crispin <john@phrozen.org>
Co-developed-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
Co-developed-by: Muna Sinada <msinada@codeaurora.org>
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Co-developed-by: Aloka Dixit <alokad@codeaurora.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-09 00:21:29 +02:00
John Crispin
a7c152d6b8 RNR: Add data from neighbor database
Include data from the existing neighbor database in the Reduced Neighbor
Report element in Beacon frames if the configuration option 'rnr' is
enabled for the BSS.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Co-developed-by: Aloka Dixit <alokad@codeaurora.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-09 00:16:12 +02:00
John Crispin
847f76760a RNR: Add configuration option
Adds configuration option 'rnr' to enable the reduced neighbor report
elements in Beacon and Probe Response frames.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-08 23:57:43 +02:00
John Crispin
3db24e4eef RNR: Define element format
Add definitions for the fields described in IEEE Std 802.11-2020 and
IEEE Std 802.11ax-2021, 9.4.2.170 Reduced Neighbor Report element.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-08 23:56:04 +02:00
John Crispin
1b8eb39757 RNR: Add bss_parameters to the neighbor_db
Add a new field to include BSS Parameter subfield in the neighbor
database as described in IEEE Std 802.11ax-2021, Figure 9-632a (BSS
Parameters subfield format). This field holds information related to
multiple BSSID, access point co-location, and 20 TU probe response
active/inactive state.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-08 23:39:46 +02:00
John Crispin
9d0948ecc9 RNR: Short SSID assignment
Calculate and store short SSID in hostapd_data context during config
load time and in neighbor report.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-11-08 23:34:02 +02:00
Will Huang
f969bd22d7 Add QCA vendor attribute to configure ARP/NS offload feature
Add a QCA vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_ARP_NS_OFFLOAD to
configure ARP/NS offload feature.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-11-04 20:35:33 +02:00
Jouni Malinen
8f4d7e8f06 OpenSSL: Fix build with OpenSSL 1.0.2
OpenSSL 1.0.2 did not define the 'bytes' argument to
X509_NAME_add_entry_by_NID() to be const like it did for the previously
used X509_NAME_add_entry_by_txt(). Add a backwards compatible version of
this call to avoid compilation issues.

Fixes: d51939f2c4 ("DPP: Move CSR routines to use crypto.h")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-11-03 16:02:07 +02:00
Cedric Izoard
2086ae46b3 DPP: Replace dpp_bootstrap_key_der() with crypto_ec_key_get_subject_public_key()
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().

The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-11-03 15:45:00 +02:00
Cedric Izoard
e9f8f81a82 DPP: Use ECDH from crypto.h
Use crypto.h API to implement ECDH in DPP. This needs a new
initialization function in crypto.h to initialize an ECDH with a given
EC key.

Using crypto_ecdh_set_peerkey() to generate the ECDH secret in an
intermediate and dynamically allocated buffer removed the need for the
DPP-specific workaround for inconsistent length returned by
EVP_PKEY_derive() since that crypto_ecdh_set_peerkey() implementation
already had functionality for covering the changing secret_len value
from commit d001fe31ab ("OpenSSL: Handle EVP_PKEY_derive() secret_len
changes for ECDH").

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-11-03 13:52:52 +02:00
Cedric Izoard
4aed5668b4 OpenSSL: Clear the correct flag in crypto_ec_key_get_ecprivate_key()
In case the public key was not included in the EC private key ASN.1
sequence, the flag that was cleared was not the right one. Fix this by
using EC_KEY_set_enc_flags() for both setting and clearing the
EC_PKEY_NO_PUBKEY flag instead of trying to clear that with the
unrelated EC_KEY_clear_flags() function.

Fixes: 2d5772e691 ("DPP: Factorize conversion to ASN.1 ECPrivateKey")
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-11-03 13:35:36 +02:00
Masashi Honma
726eda65fb wolfSSL: Fix a link error when WPS NFC is disabled
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/src/wps/wps.o: in function `wps_deinit':
/home/honma/git/hostap/wpa_supplicant/../src/wps/wps.c:184: undefined reference to `dh5_free'
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/src/wps/wps_common.o: in function `wps_derive_keys':
/home/honma/git/hostap/wpa_supplicant/../src/wps/wps_common.c:83: undefined reference to `dh5_derive_shared'
/usr/bin/ld: /home/honma/git/hostap/wpa_supplicant/../src/wps/wps_common.c:84: undefined reference to `dh5_free'
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/src/wps/wps_attr_build.o: in function `wps_build_public_key':
/home/honma/git/hostap/wpa_supplicant/../src/wps/wps_attr_build.c:68: undefined reference to `dh5_free'
/usr/bin/ld: /home/honma/git/hostap/wpa_supplicant/../src/wps/wps_attr_build.c:69: undefined reference to `dh5_init'
collect2: error: ld returned 1 exit status
make: *** [Makefile:1892: wpa_supplicant] Error 1

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2021-11-03 13:04:16 +02:00
Cedric Izoard
b8402ab085 DPP: Use crypto_ec_key_get_subject_public_key() when possible
Keep the locally defined ASN.1 sequence DPP_BOOTSTRAPPING_KEY for now to
avoid losing a workaround for BoringSSL from commit 746c1792ac ("DPP:
Build bootstrapping key DER encoding using custom routine").

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-28 00:45:07 +03:00
Cedric Izoard
d51939f2c4 DPP: Move CSR routines to use crypto.h
Add basic CSR API in crypto.h.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-28 00:39:56 +03:00
Cedric Izoard
d56352b551 DPP: Move dpp_pkcs7_certs() into crypto_pkcs7_get_certificates()
Move implementation of dpp_pkcs7_certs() into OpenSSL specific files.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-28 00:05:42 +03:00
Cedric Izoard
b89176fa6f DPP: Move debug print of EC key to crypto.h
Move the crypto lib specific print of an EC key in dpp_debug_print_key()
to crypto.h.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 23:50:23 +03:00
Cedric Izoard
87f2fb8863 DPP: Remove direct call to OpenSSL in dpp_test_gen_invalid_key()
Instead of generating EC point with random coordinates, generate a
valid EC point and then corrupt the coordinates after exporting them
in binary format.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 23:41:32 +03:00
Cedric Izoard
c88b7fcaef DPP: Add crypto_ec_key_cmp() in crypto.h and use it
This gets rid of one more direct OpenSSL call in the DPP implementation.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 23:33:54 +03:00
Cedric Izoard
984faf9634 DPP: Use crypto_ec_key_group() to compare EC key's group
Remove one more direct call to OpenSSL using crypto_ec_key_group() to
compare group of c-sign-key and ppKey when creating Configurator from
backup data.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 23:29:00 +03:00
Cedric Izoard
f5334f9b5b DPP: Use crypto API for reconfig part
Rewrite functions related to reconfig feature using EC point/bignum
primitives defined in crypto.h API.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 23:24:20 +03:00
Cedric Izoard
eac41656ee DPP: Update connector signing to use crypto.h
Add two new functions in crypto.h that "wrap" around already defined
signing function with (r,s) interface instead of DER Ecdsa-Sig-Value.

Using those functions implies to compute the hash to sign manually
before.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-27 00:08:36 +03:00
Cedric Izoard
da63d30997 DPP: Remove unused EVP_PKEY_CTX variable
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 23:42:01 +03:00
Cedric Izoard
4767de3a42 DPP: Use crypto.h for authentication computation
Rewrite dpp_auth_derive_l_responder/initiator() using EC point/bignum
primitives defined in crypto.h API.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 23:41:48 +03:00
Cedric Izoard
0d1d74107b DPP: Update PKEX part to use crypto.h API
Rewrite EC point/bignum computation done in PKEX protocol using EC
point/bignum primitives already defined in crypto.h and couple of small
new helper functions.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 23:20:57 +03:00
Cedric Izoard
50708770f0 DPP: Use crypto_ec_key_parse_priv() when possible
Function crypto_ec_key_parse_priv() already parses ASN.1 ECPrivateKey so
use it when possible.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 22:49:44 +03:00
Cedric Izoard
e294a73d0c DPP: Use crypto_ec_key_parse_pub() in dpp_get_subject_public_key()
The extra validation steps through the OpenSSL X509 API are not really
necessary here and they most duplicate checks that happen implicitly
within d2i_PUBKEY() and the EVP_PKEY_get0_EC_KEY() checks in
crypto_ec_key_parse_pub().

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 20:44:17 +03:00
Cedric Izoard
9c1632908d DPP: Move dpp_set_pubkey_point_group() to crypto.h
Move code of dpp_set_pubkey_point_group() into crypto.h API. This
function initializes an EC public key using coordinates of the EC point
in binary format.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 19:50:54 +03:00
Cedric Izoard
e84b143e1a OpenSSL: Add Brainpool curves to crypto_ec_key_group()
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 18:07:16 +03:00
Cedric Izoard
c6f2103cac DPP: Replace dpp_get_pubkey_point() with crypto_ec_key_get_pubkey_point()
Move code of dpp_get_pubkey_point() to a crypto library specific
function crypto_ec_key_get_pubkey_point().

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 18:06:32 +03:00
Cedric Izoard
2d5772e691 DPP: Factorize conversion to ASN.1 ECPrivateKey
Add crypto_ec_key_get_ecprivate_key() function in crypto.h and use it
when possible in DPP code.

This function converts a struct crypto_ec_key into a DER encoded ASN.1
ECPrivateKey.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 17:08:39 +03:00
Cedric Izoard
63bf3d25ab OpenSSL: Mark crypto_ec_key_gen() key compressed
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 16:51:49 +03:00
Cedric Izoard
86cde01cbd DPP: Move dpp_gen_keypair() to crypto
Move code in dpp_gen_keypair() to function crypto_ec_key_gen() in
crypto.h.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 16:50:42 +03:00
Cedric Izoard
0517948d77 DPP: Replace EVP_PKEY by struct crypto_ec_key
To remove direct dependency to OpenSSL in DPP replace EVP_PKEY
by struct crypto_ec_key in all structures and function prototypes.

All direct calls to EVP_PKEY_free() are replaced by calls to
crypto_ec_key_deinit().

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 15:57:31 +03:00
Cedric Izoard
cd0c1d2561 OpenSSL: Use EVP_PKEY as struct crypto_ec_key
Remove definition of struct crypto_ec_key and directly cast struct
crypto_ec_key * to EVP_PKEY * (and vice versa).

Indeed EVP_PKEY already has a pointer to EC_KEY and removing this
intermediate structure allows smoother transition in removing direct
OpenSSL dependency in DPP.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 15:34:52 +03:00
Cedric Izoard
15275c53d8 Complete documentation in crypto.h
Add missing documentation for crypto_ecdh and crypt_ec_key functions.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2021-10-26 13:17:31 +03:00
Hu Wang
cb285e80c4 SAE: Fix sm->cur_pmksa assignment
Commit b0f457b619 ("SAE: Do not expire the current PMKSA cache entry")
depends on sm->cur_pmksa to determine if it is the current PMKSA cache
entry, but sm->cur_pmksa was not always correct for SAE in the current
implementation.

Set sm->cur_pmksa in wpa_sm_set_pmk() (which is used with SAE), and skip
clearing of sm->cur_pmksa for SAE in wpa_find_assoc_pmkid(). This latter
case was added by commit c2080e8657 ("Clear current PMKSA cache
selection on association/roam") for driver-based roaming indication and
Suite B, so skipping it for SAE should be fine.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-25 19:03:32 +03:00
Shiva Krishna Pittala
aa5c4f9322 Add QCA vendor attribute to configure priority of vendor scan
Add the attribute QCA_WLAN_VENDOR_ATTR_SCAN_PRIORITY to configure the
priority of vendor scan relative to other scan requests. Add the valid
values that this attribute can take.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-25 12:56:32 +03:00
xinpeng wang
aca4d4963a Fix handling of complex configuration lines with mixed "" and #
The original code wants to remove # comments unless they are within a
double quoted string, but it doesn’t consider the "" after #, for
example in the following line: a=b #"a=c"

Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com>
2021-10-22 17:47:29 +03:00
xinpeng wang
0ae677c7b4 eloop: Extend overflow check in eloop_register_timeout() to cover usec
Processing of usec could result in an additional +1 increment to sec and
that might overflow. Extend the previously used overflow check to cover
this special case as well.

Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com>
2021-10-22 17:24:32 +03:00
David Bauer
979f197165 WNM: Allow specifying dialog token for BSS transition request
Adds the ability to specify the dialog token of a WNM BSS Transition
Management Request frame via the hostapd control interface.

For this, the new 'dialog_token' option can be used with the BSS_TM_REQ
command. It accepts values as an 8 bit unsigned integer. If not
specified, the dialog token is set to 1 like before.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-22 17:11:36 +03:00
Jouni Malinen
2e122945fa DPP2: Do not try to remove Controller TCP connection twice on error
These code paths on the Controller were calling dpp_connection_remove()
twice for the same connection in the error cases. That would result in
double-freeing of the memory, so fix this by remove the
dpp_connection_remove() call from the called function and instead,
remove the connection in dpp_controller_rx() error handling.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-19 00:32:02 +03:00
Jouni Malinen
5bac420e5e DPP2: Clean up Controller on hostapd interface removal
Stop the DPP Controller instance, if one is started, when the hostapd
interface that was used to start that Controller is removed. This is
needed to remove the control pointers that point to the soon-to-be-freed
hostapd structures. This fixes an issue where a Controller operation
with multiple interfaces could have resulted in references to freed
memory if an interface is removed without explicitly stopping the DPP
Controller.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-10-19 00:32:02 +03:00
leiwei
d8b3d08159 macsec_qca: Support macsec secy id getting from driver
Use the new nss_macsec_secy_id_get() function, if available, instead of
the hardcoded ifname to secy_id mapping.

Signed-off-by: leiwei <leiwei@codeaurora.org>
2021-10-18 23:32:34 +03:00
David Bauer
08bdf4f90d proxyarp: Fix compilation with Hotspot 2.0 disabled
The disable_dgaf config field is only available in case hostapd is
compiled with Hotspot 2.0 support (CONFIG_HS20=y), however Proxy-ARP
(CONFIG_PROXYARP=y) does not depend on Hotspot 2.0.

Only add the code related to this config field when Hotspot 2.0 is
enabled to fix compilation with the aformentioned preconditions.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-18 21:24:59 +03:00