According to latest IEEE 802.11 standard, Transmit Power Envelope
element is also relevant to IEEE 802.11ax and is no longer called VHT
Transmit Power Envelope. Remove the VHT naming from the element and move
hostapd_eid_txpower_envelope() from ieee802_11_vht.c to ieee802_11.c in
preparation of using it with HE.
Signed-off-by: Shay Bar <shay.bar@celeno.com>
The new status code values for SAE H2E and PK resulted in the
sta->added_unassoc cases incorrectly removing the STA entry after
successful SAE commit messages. Fix this by using sae_status_success()
instead of direct check for WLAN_STATUS_SUCCESS when processing SAE
commit messages before removing station entry.
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
In some contexts (e.g., Multi-AP) it can be useful to have access to
some of the management frames in upper layers (e.g., to be able to
process the content of association requests externally).
Add 'notify_mgmt_frames'. When enabled, it will notify the ctrl_iface
when a management frame arrives using the AP-MGMT-FRAME-RECEIVED event
message.
Note that to avoid completely flooding the ctrl_iface, not all
management frames are included (e.g., Beacon and Probe Request frames
are excluded).
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
IEEE P802.11az/D2.6 added definitions to include RSNXE in the PASN
negotiation. Implement the new functionality in both wpa_supplicant and
hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Note that the implementation is not complete as it is missing support
for the FT wrapped data which is optional for the station, but must be
supported by the AP in case the station included it.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
As the PASN FILS authentication is only defined for FILS SK without PFS,
and to support PASN authentication with FILS, implement the PASN with
FILS processing as part of the PASN handling and not as part of the WPA
Authenticator state machine.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add the ability to disable HT/VHT/HE for specific BSS from hostapd.conf.
- Add disable_11ax boolean to hostapd_bss_config.
- Change disable_11n and disable_11ac to bool in hostapd_bss_config.
- Add configuration option to set these disable_11* parameters
(which were previously used only automatically based on incompatible
security parameters to disable HT/VHT).
Signed-off-by: Shay Bar <shay.bar@celeno.com>
Make sae_status_success() more explicit by rejecting SAE-PK status code
when the AP is not configured with PK.
Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When testing SAE reflection, the incoming commit may have the H2E status
code (126) or SAE-PK (127), but the test code in the AP was always
sending back status code 0. The STA would then reject the commit
response due to expecting H2E/SAE-PK status code.
Just reflect the incoming status code so the commit can be rejected
based on the SAE contents regardless of which variant of SAE was used.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Some legacy stations copy previously reserved RSN capability bits,
including OCVC, in (Re)Association Request frames from the AP's RSNE but
do not indicate MFP capability and/or do not send OCI in RSN handshakes.
This is causing connection failures with such erroneous STAs.
To improve interoperability with such legacy STAs allow a workaround OCV
mode to be enabled to ignore OCVC=1 from the STA if it does not follow
OCV requirements in the first protected exchange. This covers cases
where a STA claims to have OCV capability, but it does not negotiate use
of management frame protection or does not include OCI in EAPOL Key msg
2/4, FT Reassociation Request frame, or FILS (Re)Association Reqest.
The previous behavior with ocv=1 is maintained, i.e., misbehaving STAs
are not allowed to connect. When the new workaround mode is enabled with
ocv=2, the AP considers STA as OCV capable on below criteria
- STA indicates both OCV and MFP capability
- STA sends OCI during connection attempt in a protected frame
Enabling this workaround mode reduced OCV protection to some extend
since it allows misbehavior to go through. As such, this should be
enabled only if interoperability with misbehaving STAs is needed.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Initiate SA Query for a WPS+MFP AP. STA flag checks for MFP added for
Association Request frames that use WPS IE without RSNE. This is needed
to avoid giving an opportunity to skip the protection against
disconnections when WPS is enabled.
Signed-off-by: Disha Das <dishad@codeaurora.org>
Resolved the below warning
../src/ap/ieee802_11.c:4535:25: warning: 'reply_res' may be used
uninitialized in this function [-Wmaybe-uninitialized]
if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
^
Since reply_res is been assigned inside an if condition and so
compiler treats reply_res as uninitalized variable
Initialize reply_res with WLAN_STATUS_UNSPECIFIED_FAILURE.
Fixes: 5344af7d22 ("FT: Discard ReassocReq with mismatching RSNXE Used value")
Signed-off-by: Karthikeyan Kathirvel <kathirve@codeaurora.org>
The AP mode condition for initiating the SA Query procedure when
receiving a new (Re)Association Request frame used only association
state and MFP negotiation result without checking that the key exchange
has been completed. This can give rise to a corner case where the SA
Query procedure may get started after open association but before the
4-way handshake has been completed, resulting in open SA query frames
over the air.
Fix this by adding station authorized check in hostapd_notif_assoc() and
check_assoc_ies().
Signed-off-by: Rohan <drohan@codeaurora.org>
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
As per RFC 8110 (Opportunistic Wireless Encryption), if the AP has the
PMK identified by the PMKID and wishes to perform PMK caching, it will
include the PMKID in the Association Response frame RSNE but does not
include the Diffie-Hellman Parameter element.
This was already addressed for most cases with owe_process_assoc_req()
not setting sta->owe_ecdh in case PMKSA caching is used. However, it was
possible to an old STA entry to maintain the initial sta->owe_ecdh value
if reassociation back to the same AP was used to initiate the PMKSA
caching attempt. Cover that case by adding an explicit check for the
time when the Association Response frame is being generated.
Signed-off-by: Chittur Subramanian Raman <craman@maxlinear.com>
Modify the check for VHT to include an option for HE in
hostapd_eid_wb_chsw_wrapper() and its callers to allow the Channel
Switch Wrapper element with the Wide Bandwidth Channel Switch subelement
to be included in Beacon and Probe Response frames when AP is operating
in HE mode without VHT.
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Move hostapd_eid_wb_chsw_wrapper() from VHT specific ieee802_11_vht.c to
ieee802_11.c since this can be used for both HE and VHT. This commit
does not change any functionality to enable the HE use case, i.e., the
function is just moved as-is.
Signed-off-by: Muna Sinada <msinada@codeaurora.org>
Operation in the 6 GHz band mandates valid HE capabilities element in
station negotiation. Reject association request upon receiving invalid
or missing HE elements.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
This was clarified in the draft specification to not be a mandatory
requirement for the AP and STA to enforce, i.e., matching security level
is a recommendation for AP configuration rather than a protocol
requirement.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new sae_commit_status and sae_pk_omit configuration parameters and
an extra key at the end of sae_password pk argument can be used to
override SAE-PK behavior for testing purposes.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This maintains knowledge of whether H2E or PK was used as part of the
SAE authentication beyond the removal of temporary state needed during
that authentication. This makes it easier to use information about which
kind of SAE authentication was used at higher layer functionality.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds AP side functionality for SAE-PK. The new sae_password
configuration parameters can now be used to enable SAE-PK mode whenever
SAE is enabled.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds core SAE functionality for a new mode of using SAE with a
specially constructed password that contains a fingerprint for an AP
public key and that public key being used to validate an additional
signature in SAE confirm from the AP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in FT and FILS (Re)Association Request frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make reporting of OCV validation failure reasons more flexible by
removing the fixed prefix from ocv_verify_tx_params() output in
ocv_errorstr so that the caller can use whatever prefix or encapsulation
that is most appropriate for each case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Process HE 6 GHz band capabilities in (Re)Association Request frames and
pass the information to the driver.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
Construct HE 6 GHz Band Capabilities element (IEEE 802.11ax/D6.0,
9.4.2.261) from HT and VHT capabilities and add it to Beacon, Probe
Response, and (Re)Association Response frames when operating on the 6
GHz band.
Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
It is possible for drivers to report received Management frames while AP
is going through initial setup (e.g., during ACS or DFS CAC). hostapd
and the driver is not yet ready for actually sending out responses to
such frames at this point and as such, it is better to explicitly ignore
such received frames rather than try to process them and have the
response (e.g., a Probe Response frame) getting dropped by the driver as
an invalid or getting out with some incorrect information.
Signed-off-by: Jouni Malinen <j@w1.fi>
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Discard the FT Reassociation Request frame instead of rejecting it
(i.e., do not send Reassociation Response frame) if RSNXE Used is
indicated in FTE, but no RSNXE is included even though the AP is
advertising RSNXE.
While there is not really much of a difference between discarding and
rejecting the frame, this discarding behavior is what the standard says
for this type of an error case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow STA entry to be removed and re-added to the driver with PMF is
used with FT. Previously, this case resulted in cfg80211 rejecting STA
entry update after successful FT protocol use if the association had not
been dropped and it could not be dropped for the PMF case in
handle_auth().
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd configuration parameter dpp_pfs can be used to specify
how PFS is applied to associations. The default behavior (dpp_pfs=0)
remains same as it was previously, i.e., allow the station to decide
whether to use PFS. PFS use can now be required (dpp_pfs=1) or rejected
(dpp_pfs=2).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
hostapd (and wpa_supplicant in AP mode) was internally updating the STA
flags on disconnection cases to remove authorization and association.
However, some cases did not result in immediate update of the driver STA
entry. Update all such cases to send out the update to the driver as
well to reduce risk of race conditions where new frames might be
accepted for TX or RX after the port authorization or association has
been lost and configured keys are removed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous design for adding RSNXE into FT was not backwards
compatible. Move to a new design based on 20/332r3 to avoid that issue
by not include RSNXE in the FT protocol Reassociation Response frame so
that a STA not supporting RSNXE can still validate the FTE MIC
correctly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Check whether an error is reported from any of the functions that could
in theory fail and if so, do not proceed with the partially filled SAE
commit buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
In theory, hmac_sha256() might fail, so check for that possibility
instead of continuing with undetermined index value that could point to
an arbitrary token entry.
Signed-off-by: Jouni Malinen <j@w1.fi>
send_auth_reply() could be called with sta == NULL in certain error
conditions. While that is not applicable for this special test
functionality for SAE, the inconsistent checks for the sta pointer could
result in warnings from static analyzers. Address this by explicitly
checking the sta pointer here.
Signed-off-by: Jouni Malinen <j@w1.fi>
IEEE P802.11az/D2.0 renamed the FILS Wrapped Data element,
removing the FILS prefix. Change the code accordingly.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Hardcoded CONFIG_IEEE80211N to be included to clean up implementation.
More or less all new devices support IEEE 802.11n (HT) and there is not
much need for being able to remove that functionality from the build.
Included this unconditionally to get rid of one more build options and
to keep things simpler.
Signed-off-by: Jouni Malinen <j@w1.fi>
In the function owe_assoc_req_process(), values assigned to the reason
argument imply that it should be renamed to status. Rename 'reason' to
'status' and modify the uses of owe_assoc_req_process() accordingly.
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
(Re)Association Response frames should include radio measurement
capabilities in order to let stations know if they can, e.g., use
neighbor requests.
I tested this commit with a Samsung S8, which does not send neighbor
requests without this commit and sends them afterwards.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
The new sae_pwe=3 mode can be used to test non-compliant behavior with
SAE Password Identifiers. This can be used to force use of
hunting-and-pecking loop for PWE derivation when Password Identifier is
used. This is not allowed by the standard and as such, this
functionality is aimed at compliance testing.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Only one peer-commit-scalar value was stored for a specific STA (i.e.,
one per MAC address) and that value got replaced when the next SAE
Authentication exchange was started. This ended up breaking the check
against re-use of peer-commit-scalar from an Accepted instance when
anti-clogging token was requested. The first SAE commit message (the one
without anti-clogging token) ended up overwriting the cached
peer-commit-scalar value while leaving that instance in Accepted state.
The second SAE commit message (with anti-clogging token) added ended up
getting rejected if it used the same value again (and re-use is expected
in this particular case where the value was not used in Accepted
instance).
Fix this by using a separate pointer for storing the peer-commit-scalar
value that was used in an Accepted instance. There is no need to
allocate memory for two values, i.e., it is sufficient to maintain
separate pointers to the value and move the stored value to the special
Accepted state pointer when moving to the Accepted state.
This fixes issues where a peer STA ends up running back-to-back SAE
authentication within couple of seconds, i.e., without hostapd timing
out the STA entry for a case where anti-clogging token is required.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE P802.11-REVmd was modified to use a container IE for anti-clogging
token whenver H2E is used so that parsing of the SAE Authentication
frames can be simplified.
See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>