Commit graph

892 commits

Author SHA1 Message Date
Jouni Malinen
4bc801ab42 SAE: Fix EAPOL-Key integrity and key-wrap algorithm selection
The SAE AKM 00-0F-AC:8 is supposed to use EAPOL-Key Key Descriptor
Version 0 (AKM-defined) with AES-128-CMAC and NIST AES Key Wrap.
However, the previous implementation ended up using Key Descriptor
Version 2 (HMAC-SHA-1-128 and NIST AES Key Wrap). Fix this by using the
appropriate Key Descriptor Version and integrity algorithm. Use helper
functions to keep the selection clearer and more consistent between
wpa_supplicant and hostapd uses.

Note: This change is not backwards compatible. Both the AP and station
side implementations will need to be updated at the same time to
maintain functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-16 13:36:42 +02:00
Kiran Kumar Lokere
01542e6517 Add new WiFi test config attributes to configure BA params
Define a new WiFi test configuration attributes in QCA vendor
command to configure BA session parameters and to add or
delete a BA session and to configure no ack policy.
This is used for configuring the testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-03 00:12:39 +02:00
Kiran Kumar Lokere
ba60804419 Add new WiFi test config attribute to allow WEP/TKIP in HE
Define a new WiFi test configuration attribute in QCA vendor
command to allow or not to allow WEP/TKIP in HT/VHT/HE mode.
This is used for configuring the testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-03 00:09:19 +02:00
Jouni Malinen
087474512f SAE: Debug print group support in the crypto library
This makes it easier to understand why "SAE: Failed to select group"
debug entry shows up in cases the selected crypto library does not
support a specific group.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-02 21:27:30 +02:00
Ben Greear
4ab0f11b80 Allow HT40 on 5 GHz channels 165 and 169
India supports 5 GHz channels 169 and 173 now. Enable HT40 across
channels 165 and 169. Leave channel 173 to remain HT20 only.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-02-17 18:52:01 +02:00
Vamsi Krishna
a4016163e8 Extend APF interface for read/write and enable/disable ops
Enhance QCA vendor specific APF interface to support write/read program
and/or data and to enable/disable APF feature.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-15 00:26:06 +02:00
Kiran Kumar Lokere
5ac4346426 Define new QCA vendor sub command for wifi test configuration
Define a new QCA vendor sub command for configuring the device with wifi
test configuration. Add new test config attributes for this sub command
that are used to configure the device for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-07 12:11:47 +02:00
Simon Dinkin
d1e3d40d04 common: Fix the description of wpa_ctrl_request() function
The blocking timeout of this function was changed from 2 seconds to 10
seconds in this commit 1480633f ("Use longer timeout in
wpa_ctrl_request()"), but the description was never changed accordingly.

Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-02-03 12:42:15 +02:00
Guisen Yang
8678b14faa Add new QCA vendor commands for thermal shutdown
Add new QCA vendor commands and attributes to get thermal information
and send thermal shutdown related commands. Indicates the driver to
enter the power saving mode or resume from the power saving mode based
on the given temperature and thresholds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 18:35:06 +02:00
Subhani Shaik
2cc2a0a7ea Extend QCA vendor NDP params to support schedule update indication
Add additional NDP attributes and NDP subcommand value which is
provided as part of schedule update indication from driver/firmware
to HAL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-29 20:43:10 +02:00
Subhani Shaik
a7769f6da2 Update QCA vendor commands to match ASOP
This updates QCA vendor command and attribute definitions to match AOSP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-29 20:40:54 +02:00
Jouni Malinen
fe3f81e6a8 DPP: Update PKEX role-specific points
The y coordinates for some of these PKEX role-specific points were
changed in the PKEX specification, so update the implementation to
match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-26 18:06:49 +02:00
Venkateswara Swamy Bandaru
b4cd8b7e1a Add QCA vendor command and attributes for MSDU queue depth threshold
This allow MSDU queue depth threshold in target to be set per peer per
TID. This command contains MAC address, TID, update mask, and threshold
values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-22 10:56:26 +02:00
Jouni Malinen
630ea13346 DPP: Track M.x/N.x/L.x availability for ke derivation
This prevents an issue where duplicated Authentication Response frame
could have resulted in deriving a new ke value after M.x had already
been cleared. This would result in the following configuration exchange
failing. This could happen since many driver do not filter out
retransmitted Public Action frames and link layer. Furthermore, this
could have been used as a denial-of-service attack agains the DPP
exchange.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-21 11:13:01 +02:00
Sunil Dutt
c103c0b516 Extend NUD Stats to collect the data packet statistics
This commit extends the existing QCA vendor specific NUD_STATS_GET/SET
interface to also collect the statistics of the data packets. The
intention here is to get more comprehensive information to detect the
network unreachability.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 23:07:15 +02:00
Sunil Dutt
9cc8303d32 Add QCA vendor command to get the WLAN MAC information
This commit introduces a QCA vendor command that provides the current
information of WLAN hardware MAC and its associated WLAN netdev
interfaces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 00:50:45 +02:00
Jouni Malinen
fd92095491 DPP: Report reception of Config Request to upper layers
This is mainly for protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 00:50:45 +02:00
Jouni Malinen
c4fc7e31c7 SAE: Set special Sc value when moving to Accepted state
Set Sc to 2^16-1 when moving to Accepted state per IEEE Std 802.11-2016,
12.4.8.6.5 (Protocol instance behavior - Confirmed state). This allows
the peer in Accepted state to silently ignore unnecessary
retransmissions of the Confirm message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 12:19:08 +02:00
Jouni Malinen
abcbd0604c SAE: Add Rc variable and peer send-confirm validation
This implements the behavior described in IEEE Std 802.11-2016,
12.4.8.6.6 (Protocol instance behavior - Accepted state) to silently
discard received Confirm message in the Accepted state if the new
message does not use an incremented send-confirm value or if the special
2^16-1 value is used. This avoids unnecessary processing of
retransmitted Confirm messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 12:19:08 +02:00
Jouni Malinen
9249afc8e1 SAE: Print state changes in debug log
This makes it easier to follow state changes in SAE protocol instances.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 00:07:42 +02:00
Jouni Malinen
d8b841eba8 SAE: Make dot11RSNASAESync configurable
The new hostapd.conf parameter sae_sync (default: 5) can now be used to
configure the dot11RSNASAESync value to specify the maximum number of
synchronization errors that are allowed to happen prior to
disassociation of the offending SAE peer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-26 12:46:22 +02:00
Peng Xu
61536b5f41 Add new QCA vendor attribute for getting preferred channel
A new vendor attribute QCA_WLAN_VENDOR_ATTR_GET_WEIGHED_PCL is added for
getting preferred channels with weight value and a flag to indicate how
the channels should be used in P2P negotiation process.

Signed-off-by: Peng Xu <pxu@qti.qualcomm.com>
2017-12-22 20:34:51 +02:00
Jouni Malinen
1a2cb20d5b Fix couple of QCA_NL80211_VENDOR_SUBCMD_GET_SAR_LIMITS comments
Copy-paste errors in the command name (set vs. the new get).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-22 18:57:47 +02:00
Sunil Dutt
2fca2d2144 Vendor parameter for forcing RSNE override
Indicates the driver to use the RSNE as-is from the connect interface.
Exclusively used for the scenarios where the device is used as a testbed
device with special functionality and not recommended for production.
This helps driver to not validate the RSNE passed from user space and
thus allow arbitrary IE data to be used for testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-22 18:43:55 +02:00
Jeff Johnson
2d942ec4ac Define a QCA vendor command to retrieve SAR Power limits
Previously commit c79238b6a4 ('Define a
QCA vendor command to configure SAR Power limits') implemented a vendor
command interface to allow a userspace entity to dynamically control the
SAR power limits. Now implement a command to retrieve the current SAR
power limits.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:55:15 +02:00
Jouni Malinen
c23e87d0d1 OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()
The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works
fine with OpenSSL as well, so use that same implementation for both to
avoid unnecessary maintanence of multiple versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:49:39 +02:00
Jouni Malinen
7641d485db BoringSSL: Use EC_KEY_new_by_curve_name() to simplify implementation
There is no need to go through EC_GROUP_new_by_curve_name(),
EC_KEY_new(), and EC_KEY_set_group() when a single call to
EC_KEY_new_by_curve_name() takes care of all that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:41:29 +02:00
Jouni Malinen
a5da39607d Revert "BoringSSL: Add DPP special cases regardless of claimed version number"
This reverts commit 5548453a2d since
BoringSSL added ECDSA_SIG_set0() and ECDSA_SIG_get0() in commit
8dc226ca8f1ef60737e1c1bf8cfcabf51d4068c7 ('Add some missing OpenSSL
1.1.0 accessors.') and updated X509_ALGOR_get0() prototype to match
OpenSSL 1.1.0 changes in commit e3b2a5d30d309091cab3e6a19dee7323c40d968d
('Const-correct X509_ALGOR_get0.').

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:27:04 +02:00
Paul Zhang
9b0de99fac Add new QCA vendor attribute for WLAN Latency Module (WLM)
A new vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_LATENCY_LEVEL is added
for vendor sub-command QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION.
This attribute is for setting the level of WLM.

Signed-off-by: Paul Zhang <paulz@qti.qualcomm.com>
2017-12-08 14:15:19 +02:00
Jouni Malinen
055cd39788 tests: DPP P-256 test vectors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-07 13:35:19 +02:00
Jouni Malinen
f55269753c DPP: Allow protocol key to be overridden for testing purposes
This can be used for various testing needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-05 23:53:08 +02:00
Jouni Malinen
163fc3d562 DPP: Indicate to upper layers whether mutual authentication was used
DPP Responder selects whether mutual authentication is used. This commit
adds information about that selection to upper layers (ctrl_iface event
DPP-AUTH-DIRECTION mutual=<0/1>) on the Initiator side.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
34603767b8 DPP: Extend protocol testing to allow exchange termination
This extends dpp_test functionality to allow DPP exchanges to be stopped
when receiving a specified message.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
f0a383a981 DPP: Extend dpp_test with invalid E-Nonce in Config Req
Allow an E-Nonce attribute with invalid length to be sent for protocol
testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 22:01:10 +02:00
Jouni Malinen
55c6c85855 DPP: Extend dpp_test with invalid Transaction ID in Peer Disc Req
Allow a Transaction ID attribute with invalid length to be sent for
protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 21:56:19 +02:00
Krishna Rao
364039d223 Add QCA vendor command and attributes for RROP
Add QCA vendor command and attributes for vendor specific Representative
RF Operating Parameter (RROP) information. This information is intended
for optional use by external ACS. It provides guidance values for some
RF parameters that are used by the system during operation, so that
external ACS can utilize these to compare between channels, bands, etc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 18:47:32 +02:00
Jouni Malinen
f981ce7298 DPP: Do not continue if public key hash derivation fails
sha256_vector() result was ignored apart from printing out the failure
in the debug log. This is not really a normal case and it is better to
reject the full operation rather than try to continue with an incorrect
public key hash value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 00:08:38 +02:00
Jouni Malinen
8a37d54ea7 DPP: Fix memory leak on dpp_auth_build_conf() error paths
The wpabuf for the message needs to be freed on the error paths.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 21:21:34 +02:00
Jouni Malinen
622934128b DPP: Fix a memory leak on an error path
Need to free temporary allocations if dpp_build_conf_start() fails to
allocate memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-29 13:03:48 +02:00
Jouni Malinen
82feacced0 DPP: Ignore GAS server status callback for unknown response
It was possible for a timeout from an old GAS server operation to
trigger DPP configuration failure during the subsequent DPP operation.
Fix this by verifying that the status callback is for the response
generated during the same DPP Authentication/Configuration exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:48:40 +02:00
Jouni Malinen
a2588be82c DPP: Add DPP_CONFIGURATOR_SIGN support to hostapd
Configurator signing its own Connector was previously supported only in
wpa_supplicant. This commit extends that to hostapd to allow an AP
acting as a Configurator to self-configure itself.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-27 13:24:20 +02:00
Jouni Malinen
73f21929a7 DPP: Auto-generate Initiator bootstrapping info if needed
Instead of using the all-zeros Initiator Bootstrapping Key Hash when no
local bootstrapping key is configuref for the Initiator, automatically
generate a temporary bootstrapping key for the same curve that the
Responder uses. If the Responder indicates that it wants to do mutual
authentication, provide the URI for the auto-generated bootstrapping key
in the DPP-RESPONSE-PENDING event for upper layers to display the QR
Code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-26 17:41:22 +02:00
Jouni Malinen
acc555f9e6 DPP: Allow PKEX x/X and y/Y keypairs to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 01:41:50 +02:00
Jouni Malinen
d722c50d0a DPP: Print more interim EC_POINT results into debug log
This makes it easier to debug issues related to DPP/PKEX EC operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-24 01:02:59 +02:00
Jouni Malinen
2bdc47a945 DPP: Allow PKEX own/peer MAC addresses to be overridden
This is for testing purposes to allow a test vector with specific values
to be generated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:47:52 +02:00
Jouni Malinen
af4103e5e9 DPP: Provide peer_mac to PKEX Initiator through function argument
Avoid unnecessary direct write to a struct dpp_pkex member from outside
dpp.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 23:32:33 +02:00
Jouni Malinen
918a2ac40f DPP: Work around missing EVP_PKEY_CTX_set_ec_param_enc()
This allows compilation with older OpenSSL 1.0.1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:31:12 +02:00
Jouni Malinen
116454f460 DPP: Fix error return value in dpp_auth_conf_rx()
Commit 03abb6b541 ('DPP: Reject unexpected
Req/Resp message based on Auth/PKEX role') used incorrect type of error
value (NULL vs. -1). Fix that.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:20:39 +02:00
bhagavathi perumal s
cc79e06f00 hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STA
This allows external applications to get event indication for Probe
Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on
per-request basis. For example, user has to send ctrl iface cmd "ATTACH
probe_rx_events=1" to enable the Probe Request frame events.

Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-11-23 20:12:34 +02:00
Jouni Malinen
248264c622 DPP: Stop Authentication Request attempts if no response after ACK
If unicast Authentication Request frame is used and the peer ACKs such a
frame, but does not reply within the two second limit, there is no need
to continue trying to retransmit the request frames since the peer was
found, but not responsive.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 00:22:13 +02:00