Add key configuration parameters needed to support Extended Key ID with
pairwise keys. Add a driver capability flag to indicate support forusing
this.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
wpa_parse_kde_ies(), i.e., the only caller to wpa_parse_generic(),
verifies that there is room for KDE Length field and pos[1] (that
length) octets of payload in the Key Data buffer. The PMKID KDE case
within wpa_parse_generic() was doing an unnecessary separate check for
there being room for the Length, OUI, and Data Type fields. This is
covered by the check in the calling function with the combination of
verifying that pos[1] is large enough to contain RSN_SELECTOR_LEN +
PMKID_LEN octets of payload.
This is confusing since no other KDE case was checking remaining full
buffer room within wpa_parse_generic(). Clean this up by removing the
unnecessary check from the PMKID KDE case so that all KDEs are handled
consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_parse_generic() can now recognize the Key ID KDE that will be needed
to deliver the Key ID of the pairwise key when Extended Key ID is used.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
KEY_FLAG_MODIFY was initial added for the planned Extended Key ID
support with commit a919a26035 ("Introduce and add key_flag") and then
removed with commit 82eaa3e688 ("Remove the not yet needed
KEY_FLAG_MODIFY") to simplify commit e9e69221c1 ("Validity checking
function for key_flag API").
Add it again and update check_key_flag() accordingly.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
The actual TX status (whether ACK frame was received) was not included
in the debug log in AP mode. Add that for all cases. In addition, add
some more details in the debug log to make the log more helpful in
debugging issues related to frame delivery.
Signed-off-by: Jouni Malinen <j@w1.fi>
While 13.7.1 (FT reassociation in an RSN) in P802.11-REVmd/D3.0 did not
explicitly require this to be done, this is implied when describing the
contents of the fourth message in the FT authentication sequence (see
13.8.5). Furthermore, 20/332r2 is proposing an explicit validation step
to be added into 13.7.1.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 5f9b4afd ("Use frequency in HT/VHT validation steps done before
starting AP") modified hostapd_is_usable_edmg() to use freq instead of
channel numbers. Unfortunately, it did not convert the frequency
calculation correctly and this broke EDMG functionality.
Fix the frequency calculation so that EDMG channel 9 works again.
Fixes: 5f9b4afdfa ("Use frequency in HT/VHT validation steps done before starting AP")
Signed-off-by: Hrishikesh Vidwans <hvidwans@codeaurora.org>
Check whether an error is reported from any of the functions that could
in theory fail and if so, do not proceed with the partially filled SAE
commit buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
In theory, hmac_sha256() might fail, so check for that possibility
instead of continuing with undetermined index value that could point to
an arbitrary token entry.
Signed-off-by: Jouni Malinen <j@w1.fi>
The return value from nl80211_send_monitor() is not suitable for use
with strerror(). Furthermore, nl80211_send_monitor() itself is printing
out a more detailed error reason.
Signed-off-by: Jouni Malinen <j@w1.fi>
send_and_recv_msgs() returns a negative number as the error code and
that needs to be negated for strerror().
Fixes: 8759e9116a ("nl80211: Control port over nl80211 helpers")
Signed-off-by: Jouni Malinen <j@w1.fi>
send_auth_reply() could be called with sta == NULL in certain error
conditions. While that is not applicable for this special test
functionality for SAE, the inconsistent checks for the sta pointer could
result in warnings from static analyzers. Address this by explicitly
checking the sta pointer here.
Signed-off-by: Jouni Malinen <j@w1.fi>
mode->he_capab is an array and as such, there is no point in checking
whether it is NULL since that cannot be the case. Check for the
he_supported flag instead. In addition, convert the TWT responder
capability bit into a fixed value 1 to avoid any surprising to the
callers. In practice, neither of these changes results in different
behavior in the current implementation, but this is more robust.
Signed-off-by: Jouni Malinen <j@w1.fi>
There was a copy-paste error in this code that would be adding the
connectorTemplate once that becomes available. In practice, this was not
reachable code, but anyway, this should be ready for potential addition
of connectorTemplate in the future.
Signed-off-by: Jouni Malinen <j@w1.fi>
While there may have initially been cases where the RSNE from
Beacon/Probe Response frames was not available from some drivers, it is
now more valuable to notice if such a case were to be hit with drivers
that are always expected to have such information available. As such,
make it a fatal error if the scan results for the current AP are not
available to check the RSNE/RSNXE in EAPOL-Key msg 3/4.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid printing confusing FT debug entries from wpa_sm_set_ft_params()
when FT is not actually used for the connection.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use the same reason code to indicate that IE different in 4-way
handshake and also print a hexdump of RSNXE in both Beacon/ProbeResp and
EAPOL-Key msg 3/4 in the log.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd configuration parameter rsne_override_eapol can now be
used similarly to the previously added rsnxe_override_eapol to override
(replace contents or remove) RSNE in EAPOL-Key msg 3/4. This can be used
for station protocol testing to verify sufficient checks for RSNE
modification between the Beacon/Probe Response frames and EAPOL-Key msg
3/4.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previous implementation was determining whether the override value was
set based on its length being larger than zero. Replace this with an
explicit indication of whether the parameter is set to allow zero length
replacement, i.e., remove of RSNXE from EAPOL-Key msg 3/4.
In addition, move IE replacement into a more generic helper function to
allow this to be used with other IEs as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
The 4-address frames WDS design in mac80211 uses VLAN interfaces
similarly to the way VLAN interfaces based on VLAN IDs are used. The EAP
authentication case ended up overriding the WDS specific assignment even
when the RADIUS server did not assign any specific VLAN for the STA.
This broke WDS traffic.
Fix this by skipping VLAN assignment to VLAN ID 0 for STAs that have
been detected to use 4-address frames.
Signed-off-by: Jouni Malinen <j@w1.fi>
The resource-load-started cannot be used to replace the older
resource-request-starting signal and as such, the final redirect to the
special http://localhost:12345/ URL did not work. Use the decide-policy
signal for navigation action instead.
Also remove the attempt to modify the request URI from
resource-load-started since that is not going to work either. This is
not really critical for functionality, but could eventually be replaced
with a handler for the WebKitWebPage send-request signal.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_tdls_set_key() did set the key_id to -1 to avoid a useless
NL80211_CMD_SET_KEY call that the updated nl80211 driver no longer
carries out. Remove the no longer required workaround.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
After a radar signal is detected, the AP should switch to another
channel, but in the case of 80+80 MHz, channel switch failed because
hostapd did not select the secondary channel in the process. Fix this by
selecting a secondary channel in the case of 80+80 MHz.
Signed-off-by: Xin Wang <xwangw@codeaurora.org>
Signed-off-by: Pravas Kumar Panda <kumarpan@codeaurora.org>
The initial implementation of the PTK derivation workaround for
interoperability with older OWE implementations forced
WPA_KEY_MGMT_PSK_SHA256 to be used for all of PTK derivation. While that
is needed for selecting which hash algorithm to use, this was also
changing the length of the PTK components and by doing so, did not
actually address the backwards compatibility issue.
Fix this by forcing SHA256 as the hash algorithm in PTK derivation
without changing the PTK length calculation for OWE when
owe_ptk_workaround is enabled.
Fixes: 65a44e849a ("OWE: PTK derivation workaround in AP mode")
Fixes: 8b138d2826 ("OWE: PTK derivation workaround in STA mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Migrate nl80211 driver to key_flag API and add additional sanity checks.
I'm still not sure why we install unicast WEP keys also as default
unicast keys. Based on how I understand how mac80211 handles that it
should be pointless. I just stuck to how we do things prior to the patch
for WEP keys to not break anything. After all other drivers may need it.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Always report an error when NL80211_CMD_SET_KEY can't set a key to
default.
The old ioctl-based design used a single command to add, set, and delete
a key and had to ignore ENOENT for key deletions. It looks like that
special handling was also ported for NL80211_CMD_NEW_KEY and
NL80211_CMD_SET_KEY instead only for NL80211_CMD_DEL_KEY.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Calling NL80211_CMD_NEW_KEY with NL80211_KEY_DEFAULT_TYPES attributes is
pointless. The information is not expected and therefore the kernel
never forwards it to the drivers. That attribute is used with
NL80211_CMD_SET_KEY.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Allow to abort key installations with different error codes and fix one
misleading return code.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Turns out we are sometime providing a seq when deleting the key. Since
that makes no sense on key deletion let's stop forwarding that to the
driver at least.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Add masks for each key type to define which flags can be combined and
add a helper function to validate key_flag values.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
I decided to drop KEY_FLAG_MODIFY instead of allowing flag combinations not
yet used in the code and will simply recreate it with the Extended Key
ID patches once we get there. For that reason I also did not renumber
the flags.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
hostapd_broadcast_wep_set() can be called without a WEP key set.
Don't try to install a default key in that case.
This patch is not critical for the new API. With key_flag we just would
report an (ignored) error and do nothing. With the patch we simply do
nothing.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
The unicast parameter in set_wep_key() is only expected to be set to 0
or 1. Without this patch we set unicast to 0x80 instead of 1. Since
unicast is used as boolean that is working fine but violates the
documented API.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
This clears the AuthorizedMACs advertisement immediately when the
Selected Registrar timeout is hit and no more active PINs are present.
Previously, the AuthorizedMACs advertisement could remain in place
indefinitely since expired PINs were removed only when actually trying
to find a PIN for a new WPS exchange.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it easier to understand what is happening when a new channel
needs to be selected based on a radar detection event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Upon radar detection we used to search channels with the same bandwidth.
This way we might not find any other channels. If there are no channels
available with that bandwidth the AP service will be stopped. To avoid
this problem, also search a suitable channel by downgrading the
bandwidth. This scenario is applicable during CAC as well.
Signed-off-by: Seevalamuthu Mariappan <seevalam@codeaurora.org>
In the normal case hostapd_disable_iface() and hostapd_enable_iface()
will be done while switching to another DFS channel upon radar
detection. In certain scenarios radar detected event can come while
hostapd_disable_iface() is in progress and iface->current_mode will be
NULL in that scenario. Previously, we did not check for this scenario
and proceeded with the radar detection logic which can trigger a
segmentation fault. To fix this, avoid proceeding the radar detection
event if iface->current_mode is NULL.
Signed-off-by: Seevalamuthu Mariappan <seevalam@codeaurora.org>
The commit a34ca59e (SAE: Allow SAE password to be configured separately
(STA)) added sae_password configuration option. We should also consider
sae_password in the wpa_config_write() function which stores the valid
network block details to an external database.
Fixes: a34ca59e4d ("SAE: Allow SAE password to be configured separately (STA)")
Signed-off-by: Sachin Shelke <sachin.shelke@nxp.com>
Signed-off-by: Cathy Luo <xiaohua.luo@nxp.com>
Signed-off-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
There is no support for using the control port for sending out EAPOL
frames through privsep yet, so mask out this capability to fall back to
the l2_packet based design.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add support for element defragmentation as defined in IEEE
P802.11-REVmd/D3.0, 10.28.12 (Element defragmentation).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
IEEE P802.11az/D2.0 renamed the FILS Wrapped Data element,
removing the FILS prefix. Change the code accordingly.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
To support PASN authentication flow, where Authentication frames are
sent by wpa_supplicant using the send_mlme() callback, modify the logic
to also send EVENT_TX_STATUS for Authentication frames.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
PASN authentication can be performed while a station interface is
connected to an AP. To allow sending PASN frames while connected, extend
the send_mlme() driver callback to also allow a wait option. Update the
relevant drivers and wpa_supplicant accordingly.
hostapd calls for send_mlme() are left unchanged, since the wait option
is not required there.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
If the driver requires external SAE authentication, it would result in
registration for all Authentication frames, so even non-SAE
Authentication frames might be forwarded to user space instead of being
handled internally. Fix this by using a more strict match pattern,
limiting the registration to the SAE authentication algorithm only.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
WEP provisioning was removed from WPS v2, so this workaround
functionality has not been applicable. Remove it completely.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was already supported in the offload ACS case and this commit
completes support for this with the internal ACS algorithm.
Signed-off-by: Neo Jou <neojou@gmail.com>
Set iface->current_mode and iface->conf->hw_mode when completing ACS
based on the selected channel in the hw_mode=any case.
Signed-off-by: Neo Jou <neojou@gmail.com>
This is preparation for being able to support hw_mode=any to select the
best channel from any supported mode.
Signed-off-by: Neo Jou <neojou@gmail.com>
Add suitable channel frequencies from all modes into the scan parameters
when a single mode is not specified for ACS. This is preparation for
being able to support hw_mode=any to select the best channel from any
supported mode.
Signed-off-by: Neo Jou <neojou@gmail.com>
This is preparation for being able to support hw_mode=any to select the
best channel from any supported mode.
Signed-off-by: Neo Jou <neojou@gmail.com>
This is preparation for being able to support hw_mode=any to select the
best channel from any supported mode.
Signed-off-by: Neo Jou <neojou@gmail.com>
This is preparation for being able to support hw_mode=any to select the
best channel from any supported mode.
Signed-off-by: Neo Jou <neojou@gmail.com>
This is preparation for being able to support hw_mode=any to select the
best channel from any supported mode.
Signed-off-by: Neo Jou <neojou@gmail.com>
This is preparation for being able to support hw_mode=any to select the
best channel from any supported mode.
Signed-off-by: Neo Jou <neojou@gmail.com>
While the users of os_random() do not really need strong pseudo random
numebrs, there is no significant harm in seeding random() with data from
os_get_random(), i.e., /dev/urandom, to get different sequence of not so
strong pseudo random values from os_random() for each time the process
is started.
Signed-off-by: Jouni Malinen <j@w1.fi>
Since SAE PMK can be updated only by going through a new SAE
authentication instead of being able to update it during an association
like EAP authentication, do not allow PMKSA entries to be used for
caching after the reauthentication threshold has been reached. This
allows the PMK to be updated without having to force a disassociation
when the PMK expires if the station roams between the reauthentication
threshold and expiration timeout.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Since SAE PMK can be updated only by going through a new SAE
authentication instead of being able to update it during an association
like EAP authentication, do not allow PMKSA entries to be used for OKC
after the reauthentication threshold has been reached. This allows the
PMK to be updated without having to force a disassociation when the PMK
expires if the station roams between the reauthentication threshold and
expiration timeout.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
SAE authentication derives PMKID differently from the EAP cases. The
value comes from information exchanged during SAE authentication and
does not bind in the MAC addresses of the STAs. As such, the same PMKID
is used with different BSSIDs. Fix both the hostapd and wpa_supplicant
to use the previous PMKID as is for OKC instead of deriving a new PMKID
using an incorrect derivation method when using an SAE AKM.
This fixes use of opportunistic key caching with SAE.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpa_ctrl.h can be installed separately with libwpa_client, so
utils/common.h won't be available to its users.
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
Add an attribute QCA_WLAN_VENDOR_ATTR_SCAN_DWELL_TIME for specifying
dwell time in the QCA vendor scan command. This is a common value which
applies across all frequencies requested in the scan.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This attribute enables/disables the host driver to send roam reason
information in the Reassociation Request frame to the AP in the same
ESS.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Couple of the attributes were defined with inconsistent prefix in the
name (missing "CONFIG_"). Fix these to use the common prefix for all
enum qca_wlan_vendor_attr_config values. Add defined values for the
incorrect names to avoid issues with existing users.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new capability flag based on the nl80211 feature advertisement and
start using the new default key type for Beacon protection. This enables
AP mode functionality to allow Beacon protection to be enabled. This is
also enabling the previously added ap_pmf_beacon_protection_* hwsim test
cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The cookie values for UDP control interface commands was defined as a
static global array. This did not allow multi-BSS test cases to be
executed with UDP control interface. For example, after
hapd1 = hostapd.add_bss(apdev[0], ifname1, 'bss-1.conf')
hapd2 = hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')
hapd1->ping() did not work.
Move those cookie values to per-instance location in struct
hapd_interfaces and struct hostapd_data to fix this.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.
To allow affected users to mitigate the issues, add a new configuration
option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast
reconnects.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.
To allow affected users to mitigate the issues, add a new hostapd
configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys
with disconnection. This requires the station to reassociate to get
connected again and as such, can result in connectivity issues as well.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
The CAN_REPLACE_PTK0 flag provided by nl80211 can be used to detect if
the card/driver is explicitly indicating capability to rekey STA PTK
keys using only keyid 0 correctly.
Check if the card/driver supports it and make the status available as a
driver flag.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
The MBO PMF check for AP SME in the driver case was added into a
location that is skipped for WPS processing. That was not really the
correct place for this since the skip_wpa_check label was supposed to
remain immediately following the WPA checks. While this does not really
have much of a practical impact, move the check around so that the
skip_wpa_check label remains where it is supposed to be.
Fixes: 4c572281ed ("MBO: Mandate use of PMF for WPA2+MBO association (AP)")
Signed-off-by: Jouni Malinen <j@w1.fi>
Save RM enabled capability element of an associating station when
hostapd use the device AP SME similarly to how this information is saved
with SME-on-hostapd cases. This allows radio measurement operations
(e.g., REQ_BEACON) to be used.
Signed-off-by: Ouden <Ouden.Biz@gmail.com>
This element is not used in Beacon or Probe Response frames (which is
the reason why the standard does not indicate where exactly it would be
in those frames..); HT Operation element has this information and so
does Extended CSA element.
In practice, this reverts the functionality added in commit 76aab0305c
("Add secondary channel IE for CSA").
Signed-off-by: Jouni Malinen <j@w1.fi>
Hardcoded CONFIG_IEEE80211N to be included to clean up implementation.
More or less all new devices support IEEE 802.11n (HT) and there is not
much need for being able to remove that functionality from the build.
Included this unconditionally to get rid of one more build options and
to keep things simpler.
Signed-off-by: Jouni Malinen <j@w1.fi>
Split the IEs from WPA authenticator state machine into separately added
IEs so that the exact location between these and other elements can be
controlled. This fixes the location of MDE and RSNXE in Beacon and Probe
Response frames. In addition, this swaps the order of BSS Load and RM
Enabled Capabilities elements in Beacon frames to get them into the
correct order (which was already used for Probe Response frames).
Furthermore, this fixes the buffer end checks for couple of elements to
make the implementation more consistent (though, in practice, there is
no impact from this since the old size limit was smaller than needed,
but still sufficiently large to have room for these).
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a new wpa_supplicant network profile configuration parameter
beacon_prot=<0/1> to allow Beacon protection to be enabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new hostapd configuration parameter beacon_prot=<0/1> to allow
Beacon protection to be enabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
nla_nest_start() might fail, so need to check its return value similarly
to all the other callers.
Fixes: a84bf44388 ("HE: Send the AP's OBSS PD settings to the kernel")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously only couple of AKM suite selectors were converted into
NL80211_ATTR_AKM_SUITES. Add rest of the AKM suites here. However, since
the current kernel interface has a very small limit
(NL80211_MAX_NR_AKM_SUITES = 2), add the attribute only when no more
than that limit entries are included. cfg80211 would reject the command
with any more entries listed.
This needs to be extended in cfg80211/nl80211 in a backwards compatible
manner, so this seems to be the best that can be done for now in user
space. Many drivers do not use this attribute, so must not reject the
configuration completely when larger number of AKM suites is configured.
Such cases may not work properly with drivers that depend on
NL80211_ATTR_AKM_SUITES value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to work around a missing attribute that would cause
cfg80211 to reject some nl80211 commands (e.g.,
NL80211_ATTR_VENDOR_DATA) with new kernel versions that enforce netlink
attribute policy validation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use a single block each for webkit and webkit2 signal handlers. This
cleans up browser.c to have clear sections for each webkit API version.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid unnecessary warnings from webkit on calling gtk_main_quit() more
than once for a single gtk_main() call. This is also fixing an issue for
a corner case where the very first URL has special purpose (osu:// or
http://localhost:12345).
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous implementation of hovering-over-link signal handler did not
really work with webkit2, so replace this with mouse-target-changed
handler.
Signed-off-by: Jouni Malinen <j@w1.fi>
hs20_web_browser() was previously hardcoded to not perform strict TLS
server validation. Add an argument to this function to allow that
behavior to be configured. The hs20-osu-client users are still using the
old behavior, i.e., not validating server certificates, to be usable for
testing purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
SM Power Save was described in somewhat unclear manner in IEEE Std
802.11n-2009 as far the use of it locally in an AP to save power. That
was clarified in IEEE Std 802.11-2016 to allow only a non-AP STA to use
SMPS while the AP is required to support an associated STA doing so. The
AP itself cannot use SMPS locally and the HT Capability advertisement
for this is not appropriate.
Remove the parts of SMPS support that involve the AP using it locally.
In practice, this reverts the following commits:
04ee647d58 ("HT: Let the driver advertise its supported SMPS modes for AP mode")
8f461b50cf ("HT: Pass the smps_mode in AP parameters")
da1080d721 ("nl80211: Advertise and configure SMPS modes")
Signed-off-by: Jouni Malinen <j@w1.fi>
Set the proper bits inside the extended capabilities field to indicate
support for TWT responder.
Tested-by: John Crispin <john@phrozen.org>
Signed-off-by: Mikhail Karpenko <karpenko@fastmail.com>
The HE Operation field for BSS color consists of a disabled, a partial,
and 6 color bits. The original commit adding support for BSS color
considered this to be a u8. This commit changes this to the actual
bits/values.
This adds an explicit config parameter for the partial bit. The disabled
is set to 0 implicitly if a bss_color is defined.
Interoperability testing showed that stations will require a BSS color
to be set even if the feature is disabled. Hence the default color is 1
when none is defined inside the config file.
Signed-off-by: John Crispin <john@phrozen.org>
Commit 2bab073dfe ("WPS: Add new PSK entries with wps=1 tag") added
this when writing the new entry into a file, but the in-memory update
did not get the tag. Add it there as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that hostapd wpa_psk_file has a new tag for identifying PSKs that
can be used with WPS, add that tag to new entries for PSKs from WPS.
This makes it clearer where the PSK came from and in addition, this
allows the same PSK to be assigned if the same Enrollee goes through WPS
provisioning again.
Signed-off-by: Jouni Malinen <j@w1.fi>
By default, when configuration file set wpa_psk_file, hostapd generated
a random PSK for each Enrollee provisioned using WPS and appended that
PSK to wpa_psk_file.
Changes that behavior by adding a new step. WPS will first try to use a
PSK from wpa_psk_file. It will only try PSKs with wps=1 tag.
Additionally it'll try to match enrollee's MAC address (if provided). If
it fails to find an appropriate PSK, it falls back to generating a new
PSK.
Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
In the function owe_assoc_req_process(), values assigned to the reason
argument imply that it should be renamed to status. Rename 'reason' to
'status' and modify the uses of owe_assoc_req_process() accordingly.
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
This commit adds new attributes for getting the Probe Response frame
IEs, Beacon frame IEs and the disconnection reason codes through
get_sta_info vendor command.
The host driver shall give this driver specific reason code through
the disconnection reason code attribute
QCA_WLAN_VENDOR_ATTR_GET_STA_DRIVER_DISCONNECT_REASON.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This acts as an event from the host driver to the user space to notify
the driver specific reason for a disconnection. The host driver
initiates the disconnection for various scenarios (beacon miss, Tx
Failures, gateway unreachability, etc.) and the reason codes from
cfg80211_disconnected() do not carry these driver specific reason codes.
Host drivers should trigger this event immediately prior to triggering
cfg80211_disconnected() to allow the user space to correlate the driver
specific reason code with the disconnect indication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This acts as a vendor event and is used to update the information
of a station from the driver to userspace.
Add an attribute for the driver to update the channels scanned in
the last connect/roam attempt.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Some of the operating classes added in the 6 GHz band have a larger
number of channels included in them (e.g., operating class 131 has 59
channels). Increase the maximum number of channels per operating class
so that all channels will get populated.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This attribute aims to configure the STA to send the Beacon Report
Response with failure reason for the scenarios where the Beacon Report
Request cannot be handled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This ugly hack for being able to search for optional arguments with
space before them was quite inconvenient and unexpected. Clean this up
by handling this mess internally with a memory allocation and string
duplication if needed so that the users of wpa_supplicant control
interface do not need to care about such details.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
As qca_vendor.h alone can be included by other applications, define
macro BIT() in qca_vendor.h itself if not yet defined, e.g., by
including utils/common.h before qca_vendor.h.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wlantest build did not define build options to determine key management
values for SAE, OWE, and DPP. Add those and the needed SHA512 functions
to be able to decrypt sniffer captures with PMK available from an
external source.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
(Re)Association Response frames should include radio measurement
capabilities in order to let stations know if they can, e.g., use
neighbor requests.
I tested this commit with a Samsung S8, which does not send neighbor
requests without this commit and sends them afterwards.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
A driver supports FT if it either supports SME or the
NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
wpa_supplicant currently doesn't take into account whether or not either
of those conditions are met. This can cause association failures, e.g.,
when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
the driver doesn't support it). This change allows an FT suite to be
selected only when the driver also supports FT.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
The new sae_pwe=3 mode can be used to test non-compliant behavior with
SAE Password Identifiers. This can be used to force use of
hunting-and-pecking loop for PWE derivation when Password Identifier is
used. This is not allowed by the standard and as such, this
functionality is aimed at compliance testing.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was not supposed to set the constructed bit in the header. Fix this
to avoid parsing issues with other ASN.1 DER parsers.
Fixes: c025c2eb59 ("DPP: DPPEnvelopedData generation for Configurator backup")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make Configurator provisioning require explicit conf parameter enabling
similarly to the previously used conf=ap-* and conf=sta-* cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This avoids unexpected behavior if GAS query fails and the Config
Response does not get processed at all. Previously, this could result in
configuration being assumed to be successful instead of failure when
Config Response object was not received at all. That could result in
undesired Config Result frame transmission with DPP Rel 2 and not
clearing the ongoing DPP session.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, unexpected Authentication Confirm messages were ignored in
cases where no Authentication Confirm message was expected at all, but
if this message was received twice in a state where it was expected, the
duplicated version was also processed. This resulted in unexpected
behavior when authentication result was processed multiple times (e.g.,
two instances of GAS client could have been started).
Fix this by checking auth->waiting_auth_conf before processing
Authetication Confirm. That boolean was already tracked, but it was used
only for other purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Only one peer-commit-scalar value was stored for a specific STA (i.e.,
one per MAC address) and that value got replaced when the next SAE
Authentication exchange was started. This ended up breaking the check
against re-use of peer-commit-scalar from an Accepted instance when
anti-clogging token was requested. The first SAE commit message (the one
without anti-clogging token) ended up overwriting the cached
peer-commit-scalar value while leaving that instance in Accepted state.
The second SAE commit message (with anti-clogging token) added ended up
getting rejected if it used the same value again (and re-use is expected
in this particular case where the value was not used in Accepted
instance).
Fix this by using a separate pointer for storing the peer-commit-scalar
value that was used in an Accepted instance. There is no need to
allocate memory for two values, i.e., it is sufficient to maintain
separate pointers to the value and move the stored value to the special
Accepted state pointer when moving to the Accepted state.
This fixes issues where a peer STA ends up running back-to-back SAE
authentication within couple of seconds, i.e., without hostapd timing
out the STA entry for a case where anti-clogging token is required.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, hostapd ignored the secondary channel provided by ACS if
both HT40+ and HT40- are set in hostapd.conf. This change selects such
channel for HT40 if it's valid, which is more reasonable.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The internal WMM AC parameters use just the exponent of the CW value,
while nl80211 reports the full CW value. This led to completely bogus
CWmin/CWmax values in the WMM IE when a regulatory limit was present.
Fix this by converting the value to the exponent before passing it on.
Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
nl80211 uses a different queue mapping from hostap, so AC indexes need
to be converted.
Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The size of a single route(4) message cannot be derived from
either the size of the AF_INET or AF_INET6 routing tables.
Both could be empty or very large.
As such revert back to a buffer size of 2048 which mirrors
other programs which parse the routing socket.
Signed-off-by: Roy Marples <roy@marples.name>
Now that both hostapd and wpa_supplicant react to interface flag
changes, there is no need to set or remove IFF_UP.
It should be an administrative flag only.
Signed-off-by: Roy Marples <roy@marples.name>
There is little point in having both and it brings interface
addition/removal and IFF_UP notifications to hostapd.
Signed-off-by: Roy Marples <roy@marples.name>
When external authentication is used, the station send mlme frame (auth)
to the driver may not be able to get the frequency (bss->freq) after
hostap.git commit b6f8b5a9 ("nl80211: Update freq only when CSA
completes"). Use the assoc_freq to send the MLME frame when SAE external
authentication is used to avoid this issue.
Signed-off-by: Ouden <Ouden.Biz@gmail.com>
This commit introduces additional stats to query through
QCA_NL80211_VENDOR_SUBCMD_UPDATE_STA_INFO.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds support for generating an encrypted backup of the local
Configurator information for the purpose of enrolling a new
Configurator. This includes all ASN.1 construction and data encryption,
but the configuration and connector template values in
dpp_build_conf_params() are not yet complete.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Process the received DPPEnvelopedData when going through Configurator
provisioning as the Enrollee (the new Configurator). This parses the
message, derives the needed keys, and decrypts the Configurator
parameters. This commit stores the received information in
auth->conf_key_pkg, but the actually use of that information to create a
new Configurator instance will be handled in a separate commit.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There is no need for the Protocol Version attribute in Authentication
Response if the peer is a DPP R1 device since such device would not know
how to use this attribute. To reduce risk for interoperability issues,
add this new attribute only if the peer included it in Authentication
Request.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an attribute QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY_FREQUENCY for
primary channel center frequency in the definition for Representative
Tx Power List (RTPL) list entry instance. This is required for 6 GHz
support, since the 6 GHz channel numbers overlap with existing 2.4 GHz
and 5 GHz channel numbers thus requiring frequency values to uniquely
identify channels.
Mark QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY as deprecated if both the
driver and user space application support 6 GHz. For backward
compatibility, QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY is still used if
either the driver or user space application or both do not support the
6 GHz band.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The recent addition of the X.509v3 certificatePolicies parser had a
copy-paste issue on the inner SEQUENCE parser that ended up using
incorrect length for the remaining buffer. Fix that to calculate the
remaining length properly to avoid reading beyond the end of the buffer
in case of corrupted input data.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20363
Fixes: d165b32f38 ("TLS: TOD-STRICT and TOD-TOFU certificate policies")
Signed-off-by: Jouni Malinen <j@w1.fi>
Make the selected channel available for upper layer software to use,
e.g., when starting DPP listen operation during NFC negotiated
connection handover.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add new control interface commands "DPP_NFC_HANDOVER_REQ own=<id>
uri=<URI>" and "DPP_NFC_HANDOVER_SEL own=<id> uri=<URI>" to support NFC
negotiated connection handover. These commands are used to report a DPP
URI received from a peer NFC Device in Handover Request and Handover
Select messages. The commands return peer bootstrapping information ID
or FAIL on failure. The returned ID is used similarly to any other
bootstrapping information to initiate DPP authentication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new dpp_gen_uri() helper function can be used to build the
bootstrapping URI from locally stored information. This can be used to
make it easier to update the URI, e.g., for NFC negotiated connection
handover cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This increases the limit of how many data fragments can be supported
with the internal HMAC implementation. The previous limit was hit with
some FT use cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit introduces the vendor event
QCA_NL80211_VENDOR_SUBCMD_REQUEST_SAR_LIMITS_EVENT.
Host drivers can request user space application to set SAR power
limits with this event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a new QCA vendor attribute to set thermal level to the driver from
userspace. The driver/firmware takes actions requested by userspace to
mitigate high temperature such as throttling TX etc. The driver may
choose the level of throttling and other actions for various thermal
levels set by userspace.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround=1 network parameter can be used
to enable older behavior mainly for testing purposes. There is no impact
to group 19 behavior, but if enabled, this will make group 20 and 21
cases use SHA256-based PTK derivation which will not work with the
updated OWE implementation on the AP side.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround parameter can be used to enable
workaround for interoperability with stations that use SHA256 with
groups 20 and 21. By default, only the appropriate hash function is
accepted. When workaround is enabled (owe_ptk_workaround=1), the
appropriate hash function is tried first and if that fails, SHA256-based
PTK derivation is attempted. This workaround can result in reduced
security for groups 20 and 21, but is required for interoperability with
older implementations. There is no impact to group 19 behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previous implementation was hardcoding use of SHA256 PMK-to-PTK
derivation for all groups. Replace that with hash algorithm selection
based on the length of the prime similarly to the way this was done for
other derivation steps in OWE.
This breaks backwards compatibility when using group 20 or 21; group 19
behavior remains same.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous commit had a rebasing issue that ended up covering only the
center_segment0 != 0 case. These were supposed to apply for all 6 GHz
band cases.
Fixes: 0bfc04b8d0 ("Do not enable HT/VHT when operating in 6 GHz band")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE P802.11-REVmd was modified to use a container IE for anti-clogging
token whenver H2E is used so that parsing of the SAE Authentication
frames can be simplified.
See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Some things in bfd.h that we use were renamed, and in the case of
bfd_get_section_vma() a parameter was dropped. Work around this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add support for EAP method prefix in the anonymous identity
used during EAP-SIM/AKA/AKA' authentication when encrypted IMSI
is used. The prefix is a single character that indicates which
EAP method is required by the client.
Signed-off-by: Hai Shalom <haishalom@google.com>
Based on the now documented seg0/seg1 values from offloaded ACS, there
is a mismatch between the driver interface and internal hostapd use.
The value of segment0 field in ACS results is the index of the channel
center frequency for 20 MHz, 40 MHz, and 80M Hz channels. The value is
the center frequency index of the primary 80 MHz segment for 160 MHz and
80+80 MHz channels.
The value of segment1 field in ACS results is zero for 20 MHz, 40 MHz,
and 80 MHz channels. The value is the index of the channel center
frequency for 160 MHz channels and the center frequency index of the
secondary 80 MHz segment for 80+80 MHz channels.
However, in struct hostapd_config, for 160 MHz channels, the value of
the segment0 field is the index of the channel center frequency of 160
MHz channel and the value of the segment1 field is zero. Map the values
from ACS event into hostapd_config fields accordingly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Update the documentation with values to be sent for seg0 and seg1 fields
in external ACS result event for 20 MHz, 40 MHz, 80 MHz, 160 MHz, and
80+80 MHz channels. These values match the changes done to definitions
of seg0 and seg1 fields in the IEEE 802.11 standard.
This vendor command had not previously been documented in this level of
detail and had not actually been used for the only case that could have
two different interpretation (160 MHz) based on which version of IEEE
802.11 standard is used.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The Channel Width field value is 0 for 20 MHz, 1 for 40 MHz, 2 for 80
MHz, and 3 for both 160 MHz and 80+80 MHz channels. The 80+80 MHz case
was not addressed previously correctly since it cannot be derived from
seg0 only.
The Channel Center Frequency Segment 0 field value is the index of
channel center frequency for 20 MHz, 40 MHz, and 80 MHz channels. The
value is the center frequency index of the primary 80 MHz segment for
160 MHz and 80+80 MHz channels.
The Channel Center Frequency Segment 1 field value is zero for 20 MHz,
40 MHz, and 80 MHz channels. The value is the index of the channel
center frequency for 160 MHz channel and the center frequency index of
the secondary 80 MHz segment for 80+80 MHz channels.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make the dummy hostapd_hw_mode_txt() wrapper return "UNKNOWN" instead of
NULL to avoid a warning from a debug printf using %s with NULL.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.
The following flag are defined:
KEY_FLAG_MODIFY
Set when an already installed key must be updated.
So far the only use-case is changing RX/TX status of installed
keys. Must not be set when deleting a key.
KEY_FLAG_DEFAULT
Set when the key is also a default key. Must not be set when
deleting a key. (This is the replacement for set_tx.)
KEY_FLAG_RX
The key is valid for RX. Must not be set when deleting a key.
KEY_FLAG_TX
The key is valid for TX. Must not be set when deleting a key.
KEY_FLAG_GROUP
The key is a broadcast or group key.
KEY_FLAG_PAIRWISE
The key is a pairwise key.
KEY_FLAG_PMK
The key is a Pairwise Master Key (PMK).
Predefined and needed flag combinations so far are:
KEY_FLAG_GROUP_RX_TX
WEP key not used as default key (yet).
KEY_FLAG_GROUP_RX_TX_DEFAULT
Default WEP or WPA-NONE key.
KEY_FLAG_GROUP_RX
GTK key valid for RX only.
KEY_FLAG_GROUP_TX_DEFAULT
GTK key valid for TX only, immediately taking over TX.
KEY_FLAG_PAIRWISE_RX_TX
Pairwise key immediately becoming the active pairwise key.
KEY_FLAG_PAIRWISE_RX
Pairwise key not yet valid for TX. (Only usable with Extended Key ID
support.)
KEY_FLAG_PAIRWISE_RX_TX_MODIFY
Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.
KEY_FLAG_RX_TX
Not a valid standalone key type and can only used in combination
with other flags to mark a key for RX/TX.
This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
This is the function that actually uses the parameters, so pass the full
parameter struct to it instead of hiding the struct from it in the
simple wrapper.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the driver supports VLAN offload mechanism with a single netdev, use
that instead of separate per-VLAN netdevs.
Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
Add indication for driver VLAN offload capability and configuration of
the VLAN ID to the driver.
Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
This is in preparation for adding support to use a single WLAN netdev
with VLAN operations offloaded to the driver. No functional changes are
included in this commit.
Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
This makes it more convenient to add, remove, and modify the parameters
without always having to update every single driver_*.c implementation
of this callback function.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
sae_confirm_immediate=2 can now be used in CONFIG_TESTING_OPTIONS=y
builds to minimize the latency between SAE Commit and SAE Confirm by
postponing transmission of SAE Commit until the SAE Confirm frame is
generated. This does not have significant impact, but can get the frames
tiny bit closer to each other over the air to increase testing coverage.
The only difference between sae_confirm_immediate 1 and 2 is in the
former deriving KCK, PMK, PMKID, and CN between transmission of the
frames (i.e., a small number of hash operations).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Correct the check for presence of
QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG1_CENTER_CHANNEL attribute before using it
while processing acs_result event.
Fixes: 857d94225a ("Extend offloaded ACS QCA vendor command to support VHT")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Test: wpa_supplicant module tests
../src/utils/utils_module_tests.c:933:7: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>