Commit graph

7598 commits

Author SHA1 Message Date
Krishna Rao
b8f6b0713a Add attribute for dwell time in QCA vendor scan
Add an attribute QCA_WLAN_VENDOR_ATTR_SCAN_DWELL_TIME for specifying
dwell time in the QCA vendor scan command. This is a common value which
applies across all frequencies requested in the scan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-26 23:47:37 +02:00
Sunil Dutt
ec303e2cb1 Introduce QCA_WLAN_VENDOR_ATTR_CONFIG_ROAM_REASON
This attribute enables/disables the host driver to send roam reason
information in the Reassociation Request frame to the AP in the same
ESS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-24 20:17:00 +02:00
Sunil Dutt
34640a88d8 Fix enum qca_wlan_vendor_attr_config value prefix
Couple of the attributes were defined with inconsistent prefix in the
name (missing "CONFIG_"). Fix these to use the common prefix for all
enum qca_wlan_vendor_attr_config values. Add defined values for the
incorrect names to avoid issues with existing users.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-24 20:16:56 +02:00
Jouni Malinen
f1d3856090 nl80211: Beacon protection capability flag and default key type
Add a new capability flag based on the nl80211 feature advertisement and
start using the new default key type for Beacon protection. This enables
AP mode functionality to allow Beacon protection to be enabled. This is
also enabling the previously added ap_pmf_beacon_protection_* hwsim test
cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-24 12:20:38 +02:00
Jouni Malinen
2e34f6a53f Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2020-02-24.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-24 12:20:05 +02:00
Alexander Wetzel
8a1660b607 common: Add missing driver flag strings
Add SAFE_PTK0_REKEYS and some other missing strings.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 23:53:29 +02:00
Janusz Dziedzic
4b04223f24 hostapd: Replace UDP ctrl_iface global cookies with per-instance ones
The cookie values for UDP control interface commands was defined as a
static global array. This did not allow multi-BSS test cases to be
executed with UDP control interface. For example, after
    hapd1 = hostapd.add_bss(apdev[0], ifname1, 'bss-1.conf')
    hapd2 = hostapd.add_bss(apdev[0], ifname2, 'bss-2.conf')

hapd1->ping() did not work.

Move those cookie values to per-instance location in struct
hapd_interfaces and struct hostapd_data to fix this.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-02-23 17:48:34 +02:00
Alexander Wetzel
1f90a49d02 STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.

To allow affected users to mitigate the issues, add a new configuration
option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast
reconnects.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 13:05:19 +02:00
Alexander Wetzel
1a7963e36f AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaround
Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken
implementations and should be avoided when using or interacting with
one. The effects can be triggered by either end of the connection and
range from hardly noticeable disconnects over long connection freezes up
to leaking clear text MPDUs.

To allow affected users to mitigate the issues, add a new hostapd
configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys
with disconnection. This requires the station to reassociate to get
connected again and as such, can result in connectivity issues as well.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 12:22:49 +02:00
Alexander Wetzel
35da7c20ac nl80211: Add driver capability flag for CAN_REPLACE_PTK0
The CAN_REPLACE_PTK0 flag provided by nl80211 can be used to detect if
the card/driver is explicitly indicating capability to rekey STA PTK
keys using only keyid 0 correctly.

Check if the card/driver supports it and make the status available as a
driver flag.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 12:00:23 +02:00
Jouni Malinen
7b26238d46 Do not skip MBO PMF check with the WPS special case WPA check exception
The MBO PMF check for AP SME in the driver case was added into a
location that is skipped for WPS processing. That was not really the
correct place for this since the skip_wpa_check label was supposed to
remain immediately following the WPA checks. While this does not really
have much of a practical impact, move the check around so that the
skip_wpa_check label remains where it is supposed to be.

Fixes: 4c572281ed ("MBO: Mandate use of PMF for WPA2+MBO association (AP)")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Ouden
fae7e64aa3 Save RM enabled capability of station with AP SME
Save RM enabled capability element of an associating station when
hostapd use the device AP SME similarly to how this information is saved
with SME-on-hostapd cases. This allows radio measurement operations
(e.g., REQ_BEACON) to be used.

Signed-off-by: Ouden <Ouden.Biz@gmail.com>
2020-02-22 19:20:44 +02:00
Jouni Malinen
1074d42416 Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Jouni Malinen
8fe7ec6640 Remove Secondary Channel Offset element from Beacon/Probe Response frames
This element is not used in Beacon or Probe Response frames (which is
the reason why the standard does not indicate where exactly it would be
in those frames..); HT Operation element has this information and so
does Extended CSA element.

In practice, this reverts the functionality added in commit 76aab0305c
("Add secondary channel IE for CSA").

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Jouni Malinen
7f1529d2a5 Fix HE element order in Beacon and Probe Response frames
Spatial Reuse Parameter Set element is before MU EDCA Parameter Set
element.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Jouni Malinen
f3bcd69603 Remove CONFIG_IEEE80211N build option
Hardcoded CONFIG_IEEE80211N to be included to clean up implementation.
More or less all new devices support IEEE 802.11n (HT) and there is not
much need for being able to remove that functionality from the build.
Included this unconditionally to get rid of one more build options and
to keep things simpler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Jouni Malinen
640d59942b Fix location of MDE and RSNXE in Beacon and Probe Response frames
Split the IEs from WPA authenticator state machine into separately added
IEs so that the exact location between these and other elements can be
controlled. This fixes the location of MDE and RSNXE in Beacon and Probe
Response frames. In addition, this swaps the order of BSS Load and RM
Enabled Capabilities elements in Beacon frames to get them into the
correct order (which was already used for Probe Response frames).
Furthermore, this fixes the buffer end checks for couple of elements to
make the implementation more consistent (though, in practice, there is
no impact from this since the old size limit was smaller than needed,
but still sufficiently large to have room for these).

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Jouni Malinen
2d4c78aef7 Configure received BIGTK on station/supplicant side
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-18 00:18:47 +02:00
Jouni Malinen
ecbf59e693 wpa_supplicant configuration for Beacon protection
Add a new wpa_supplicant network profile configuration parameter
beacon_prot=<0/1> to allow Beacon protection to be enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-18 00:18:47 +02:00
Jouni Malinen
16889aff40 Add BIGTK KDE and subelement similarly to IGTK
This provides the BIGTK updates to associated stations similarly to
IGTK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
555dcd75ce Generate BIGTK and rekey it with IGTK
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
323d06187a Parsing of BIGTK KDE in EAPOL-Key frames
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
3937378abe Parsing of BIGTK subelement in FTE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
d2e77310dc driver: Document use of set_key() for BIGTK
Also update the comment to match the current IGTK KeyID range.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
c1df321b6c AP mode indication of Beacon protection being enabled
Add the new Extended Capability bit for indicating Beacon protection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
92d407dbd6 hostapd configuration for Beacon protection
Add a new hostapd configuration parameter beacon_prot=<0/1> to allow
Beacon protection to be enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
cb86e8bac8 nl80211: Remove an extra closing parenthesis from a debug message
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
46cb046500 nl80211: Check nla_nest_start() result for NL80211_ATTR_HE_OBSS_PD
nla_nest_start() might fail, so need to check its return value similarly
to all the other callers.

Fixes: a84bf44388 ("HE: Send the AP's OBSS PD settings to the kernel")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 19:30:47 +02:00
John Crispin
0b0ee0f15e HE: Propagate BSS color settings to nl80211
Add the code required to send the BSS color settings to the kernel.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-17 19:28:39 +02:00
Jouni Malinen
dd74ddd0df nl80211: Handle AKM suite selectors for AP configuration
Previously only couple of AKM suite selectors were converted into
NL80211_ATTR_AKM_SUITES. Add rest of the AKM suites here. However, since
the current kernel interface has a very small limit
(NL80211_MAX_NR_AKM_SUITES = 2), add the attribute only when no more
than that limit entries are included. cfg80211 would reject the command
with any more entries listed.

This needs to be extended in cfg80211/nl80211 in a backwards compatible
manner, so this seems to be the best that can be done for now in user
space. Many drivers do not use this attribute, so must not reject the
configuration completely when larger number of AKM suites is configured.
Such cases may not work properly with drivers that depend on
NL80211_ATTR_AKM_SUITES value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 17:47:34 +02:00
Jouni Malinen
139f6deaff Remove duplicated wpa_akm_to_suite() entry
This was unreachable code due to the previous WPA_KEY_MGTM_OWE case
returning from the function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 17:41:51 +02:00
Jouni Malinen
10655d1bc2 nl80211: Add NLA_F_NESTED to nla_nest_start() with older libnl versions
This is needed to work around a missing attribute that would cause
cfg80211 to reject some nl80211 commands (e.g.,
NL80211_ATTR_VENDOR_DATA) with new kernel versions that enforce netlink
attribute policy validation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 17:25:05 +02:00
Jouni Malinen
5db5290ab4 webkit: Clean up USE_WEBKIT2 blocks
Use a single block each for webkit and webkit2 signal handlers. This
cleans up browser.c to have clear sections for each webkit API version.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 19:21:06 +02:00
Jouni Malinen
26ad26c8cf webkit2: Split decide-policy into a separate function
This cleans up the #ifdef/#else/#endif mess in the function for webkit
vs. webkit2 API.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 19:21:06 +02:00
Jouni Malinen
02ed737eee webkit2: Split resource-load-started handler into a separate function
This cleans up the #ifdef/#else/#endif mess in the function for webkit
vs. webkit2 API.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 19:15:02 +02:00
Jouni Malinen
7de8bd508f webkit: Track gtk_main()/gtk_main_quit() calls
Avoid unnecessary warnings from webkit on calling gtk_main_quit() more
than once for a single gtk_main() call. This is also fixing an issue for
a corner case where the very first URL has special purpose (osu:// or
http://localhost:12345).

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 19:15:02 +02:00
Jouni Malinen
de0a8906f2 webkit2: Remove TODO not for download-started
It does not look like this signal handler would be needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 19:15:02 +02:00
Jouni Malinen
ae07bc46ce webkit2: Do not register notify::load-status handler
This did not seem to do anything with webkit2, so do not bother
registering the handler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 19:15:02 +02:00
Jouni Malinen
9ea9d18de7 webkit2: Replace notfy::progress with notify::estimated-load-progress
The older signal handler for notify::progress did not really work with
webkit2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 19:15:02 +02:00
Jouni Malinen
c0c4685d50 webkit2: Implement notify::title handler
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 19:15:02 +02:00
Jouni Malinen
ffeafc0872 webkit2: Use mouse-target-changed to replace hovering-over-link
The previous implementation of hovering-over-link signal handler did not
really work with webkit2, so replace this with mouse-target-changed
handler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 19:14:59 +02:00
Jouni Malinen
61bf9819c1 hs20_web_browser() to allow TLS server validation to be enabled
hs20_web_browser() was previously hardcoded to not perform strict TLS
server validation. Add an argument to this function to allow that
behavior to be configured. The hs20-osu-client users are still using the
old behavior, i.e., not validating server certificates, to be usable for
testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 17:40:52 +02:00
Ben Greear
921ea4962e hs20-osu-client: Ignore TLS errors with webkit2
Hopefully this helps with self-signed certificates. This matches the
older behavior with webkit.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2020-02-16 17:40:52 +02:00
Ben Greear
b4b1b122e8 hs20-osu-client: Enable webkit2 support
This is my mostly-ignorant attempt to port hs20-osu-client to webkit2
API.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2020-02-16 17:40:52 +02:00
Jouni Malinen
466e48dcd7 HT: Remove SMPS in AP mode
SM Power Save was described in somewhat unclear manner in IEEE Std
802.11n-2009 as far the use of it locally in an AP to save power. That
was clarified in IEEE Std 802.11-2016 to allow only a non-AP STA to use
SMPS while the AP is required to support an associated STA doing so. The
AP itself cannot use SMPS locally and the HT Capability advertisement
for this is not appropriate.

Remove the parts of SMPS support that involve the AP using it locally.
In practice, this reverts the following commits:
04ee647d58 ("HT: Let the driver advertise its supported SMPS modes for AP mode")
8f461b50cf ("HT: Pass the smps_mode in AP parameters")
da1080d721 ("nl80211: Advertise and configure SMPS modes")

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 13:58:54 +02:00
Mikhail Karpenko
8de0ff0fa1 HE: Add TWT responder extended capabilities field
Set the proper bits inside the extended capabilities field to indicate
support for TWT responder.

Tested-by: John Crispin <john@phrozen.org>
Signed-off-by: Mikhail Karpenko <karpenko@fastmail.com>
2020-02-16 12:41:24 +02:00
John Crispin
ab8c55358e HE: Dynamically turn on TWT responder support
This allows us to dynamically turn on TWT responder support using an
nl80211 attribute.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-16 12:37:47 +02:00
John Crispin
0cb39f4fd5 HE: Extend BSS color support
The HE Operation field for BSS color consists of a disabled, a partial,
and 6 color bits. The original commit adding support for BSS color
considered this to be a u8. This commit changes this to the actual
bits/values.

This adds an explicit config parameter for the partial bit. The disabled
is set to 0 implicitly if a bss_color is defined.

Interoperability testing showed that stations will require a BSS color
to be set even if the feature is disabled. Hence the default color is 1
when none is defined inside the config file.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-16 12:32:17 +02:00
Jouni Malinen
458162a271 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2020-02-07.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 12:06:04 +02:00
Jouni Malinen
981b96caa9 WPS: Mark added PSK entry with wps=1 tag for per-Enrollee PSK case
Commit 2bab073dfe ("WPS: Add new PSK entries with wps=1 tag") added
this when writing the new entry into a file, but the in-memory update
did not get the tag. Add it there as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 11:54:36 +02:00
Jouni Malinen
2bab073dfe WPS: Add new PSK entries with wps=1 tag
Now that hostapd wpa_psk_file has a new tag for identifying PSKs that
can be used with WPS, add that tag to new entries for PSKs from WPS.
This makes it clearer where the PSK came from and in addition, this
allows the same PSK to be assigned if the same Enrollee goes through WPS
provisioning again.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:37:27 +02:00
Tomasz Jankowski
fde8e79463 WPS: Make it possible to use PSKs loaded from the PSK file
By default, when configuration file set wpa_psk_file, hostapd generated
a random PSK for each Enrollee provisioned using WPS and appended that
PSK to wpa_psk_file.

Changes that behavior by adding a new step. WPS will first try to use a
PSK from wpa_psk_file. It will only try PSKs with wps=1 tag.
Additionally it'll try to match enrollee's MAC address (if provided). If
it fails to find an appropriate PSK, it falls back to generating a new
PSK.

Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
2020-02-15 17:28:00 +02:00
Jouni Malinen
b1977a652d WPS: Use PMK_LEN instead of hardcoded 32
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:27:52 +02:00
Jouni Malinen
b27ed050db Do not split strings into multiple lines
Convert hostapd_config_read_wpa_psk() to the newer style of not
splitting strings into multiple lines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:12:45 +02:00
Jouni Malinen
838180877f Use PMK_LEN macro instead of hardcoded value 64 (= 2 * 32)
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:11:18 +02:00
Jouni Malinen
f5da5810c9 Check pbkdf2_sha1() result when generating PSK from PSK file
This function can fail in theory, so check the return value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:10:08 +02:00
Sergey Matyukevich
e7d8842e6b OWE: Rename owe_assoc_req_process() parameter reason to status
In the function owe_assoc_req_process(), values assigned to the reason
argument imply that it should be renamed to status. Rename 'reason' to
'status' and modify the uses of owe_assoc_req_process() accordingly.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2020-02-15 16:46:32 +02:00
Sunil Dutt
877d9a02b0 Additional get_sta_info attrs for Beacon/Probe Response/disconnect reasons
This commit adds new attributes for getting the Probe Response frame
IEs, Beacon frame IEs and the disconnection reason codes through
get_sta_info vendor command.

The host driver shall give this driver specific reason code through
the disconnection reason code attribute
QCA_WLAN_VENDOR_ATTR_GET_STA_DRIVER_DISCONNECT_REASON.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-13 18:47:50 +02:00
Sachin Ahuja
8162d98f2e Introduce QCA_NL80211_VENDOR_SUBCMD_DRIVER_DISCONNECT_REASON
This acts as an event from the host driver to the user space to notify
the driver specific reason for a disconnection. The host driver
initiates the disconnection for various scenarios (beacon miss, Tx
Failures, gateway unreachability, etc.) and the reason codes from
cfg80211_disconnected() do not carry these driver specific reason codes.
Host drivers should trigger this event immediately prior to triggering
cfg80211_disconnected() to allow the user space to correlate the driver
specific reason code with the disconnect indication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-13 18:47:48 +02:00
Sunil Dutt
32551066b8 Introduce QCA_NL80211_VENDOR_SUBCMD_UPDATE_STA_INFO
This acts as a vendor event and is used to update the information
of a station from the driver to userspace.

Add an attribute for the driver to update the channels scanned in
the last connect/roam attempt.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-13 18:46:39 +02:00
Vamsi Krishna
dae85e655c P2P: Increase number of channels per operating class
Some of the operating classes added in the 6 GHz band have a larger
number of channels included in them (e.g., operating class 131 has 59
channels). Increase the maximum number of channels per operating class
so that all channels will get populated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-12 23:17:24 +02:00
Sunil Dutt
5551317834 Introduce QCA_WLAN_VENDOR_ATTR_BEACON_REPORT_FAIL
This attribute aims to configure the STA to send the Beacon Report
Response with failure reason for the scenarios where the Beacon Report
Request cannot be handled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-12 21:19:37 +02:00
Jouni Malinen
de08fae66a DPP: Do not require dpp_configurator_params to start with a space
This ugly hack for being able to search for optional arguments with
space before them was quite inconvenient and unexpected. Clean this up
by handling this mess internally with a memory allocation and string
duplication if needed so that the users of wpa_supplicant control
interface do not need to care about such details.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 06:43:02 +02:00
Vamsi Krishna
490d90db40 Define macro BIT() in qca_vendor.h
As qca_vendor.h alone can be included by other applications, define
macro BIT() in qca_vendor.h itself if not yet defined, e.g., by
including utils/common.h before qca_vendor.h.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 04:59:38 +02:00
Jouni Malinen
9a0edf1700 wlantest: Add PTK derivation support with SAE, OWE, DPP
wlantest build did not define build options to determine key management
values for SAE, OWE, and DPP. Add those and the needed SHA512 functions
to be able to decrypt sniffer captures with PMK available from an
external source.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-10 21:58:10 +02:00
Markus Theil
96a2a9a88b Send RM Enabled Capabilities element in (Re)Association Response frame
(Re)Association Response frames should include radio measurement
capabilities in order to let stations know if they can, e.g., use
neighbor requests.

I tested this commit with a Samsung S8, which does not send neighbor
requests without this commit and sends them afterwards.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-02-10 06:51:42 +02:00
Matthew Wang
23dc196fde Check for FT support when selecting FT suites
A driver supports FT if it either supports SME or the
NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
wpa_supplicant currently doesn't take into account whether or not either
of those conditions are met. This can cause association failures, e.g.,
when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
the driver doesn't support it). This change allows an FT suite to be
selected only when the driver also supports FT.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
2020-02-10 06:43:38 +02:00
Dmitry Shmidt
85f3ab758e Replace deprecated readdir_r() with readdir()
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2020-02-10 06:40:50 +02:00
Jouni Malinen
641d79f165 SAE: Special test mode sae_pwe=3 for looping with password identifier
The new sae_pwe=3 mode can be used to test non-compliant behavior with
SAE Password Identifiers. This can be used to force use of
hunting-and-pecking loop for PWE derivation when Password Identifier is
used. This is not allowed by the standard and as such, this
functionality is aimed at compliance testing.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-10 05:13:13 +02:00
Jouni Malinen
c248ebaf4f DPP: Fix encryptedContent DER encoding
This was not supposed to set the constructed bit in the header. Fix this
to avoid parsing issues with other ASN.1 DER parsers.

Fixes: c025c2eb59 ("DPP: DPPEnvelopedData generation for Configurator backup")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Jouni Malinen
e2b1e7dce7 DPP: Require conf=configurator to allow Configurator provisioning
Make Configurator provisioning require explicit conf parameter enabling
similarly to the previously used conf=ap-* and conf=sta-* cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Jouni Malinen
1ba4a10a07 DPP: Initialize conf_resp_status to non-OK
This avoids unexpected behavior if GAS query fails and the Config
Response does not get processed at all. Previously, this could result in
configuration being assumed to be successful instead of failure when
Config Response object was not received at all. That could result in
undesired Config Result frame transmission with DPP Rel 2 and not
clearing the ongoing DPP session.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Jouni Malinen
18714af2d8 DPP: Ignore unexpected duplicated Authentication Confirm
Previously, unexpected Authentication Confirm messages were ignored in
cases where no Authentication Confirm message was expected at all, but
if this message was received twice in a state where it was expected, the
duplicated version was also processed. This resulted in unexpected
behavior when authentication result was processed multiple times (e.g.,
two instances of GAS client could have been started).

Fix this by checking auth->waiting_auth_conf before processing
Authetication Confirm. That boolean was already tracked, but it was used
only for other purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Jouni Malinen
8f8473cebb SAE: Fix peer-commit-scalar reuse check
Only one peer-commit-scalar value was stored for a specific STA (i.e.,
one per MAC address) and that value got replaced when the next SAE
Authentication exchange was started. This ended up breaking the check
against re-use of peer-commit-scalar from an Accepted instance when
anti-clogging token was requested. The first SAE commit message (the one
without anti-clogging token) ended up overwriting the cached
peer-commit-scalar value while leaving that instance in Accepted state.
The second SAE commit message (with anti-clogging token) added ended up
getting rejected if it used the same value again (and re-use is expected
in this particular case where the value was not used in Accepted
instance).

Fix this by using a separate pointer for storing the peer-commit-scalar
value that was used in an Accepted instance. There is no need to
allocate memory for two values, i.e., it is sufficient to maintain
separate pointers to the value and move the stored value to the special
Accepted state pointer when moving to the Accepted state.

This fixes issues where a peer STA ends up running back-to-back SAE
authentication within couple of seconds, i.e., without hostapd timing
out the STA entry for a case where anti-clogging token is required.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-08 07:19:53 +02:00
Qiwei Cai
c4bab72d96 Use secondary channel provided by ACS for HT40 if valid
Previously, hostapd ignored the secondary channel provided by ACS if
both HT40+ and HT40- are set in hostapd.conf. This change selects such
channel for HT40 if it's valid, which is more reasonable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-03 02:03:32 +02:00
Ben Greear
16b789eefc Fix wmm compile on fedora-17 (gcc 4.7.2)
I guess this compiler does not like to initialize arrays with brackets?

Signed-off-by: Ben Greear <greearb@candelatech.com>
2020-02-03 02:03:32 +02:00
Felix Fietkau
d240c74b6a nl80211: Fix regulatory limits for WMM cwmin/cwmax values
The internal WMM AC parameters use just the exponent of the CW value,
while nl80211 reports the full CW value. This led to completely bogus
CWmin/CWmax values in the WMM IE when a regulatory limit was present.
Fix this by converting the value to the exponent before passing it on.

Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-03 02:03:32 +02:00
Felix Fietkau
bc1289b076 nl80211: Fix WMM queue mapping for regulatory limit
nl80211 uses a different queue mapping from hostap, so AC indexes need
to be converted.

Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-03 02:03:32 +02:00
Roy Marples
b2b7f8dcfa BSD: Fix the maximum size of a route(4) msg to 2048
The size of a single route(4) message cannot be derived from
either the size of the AF_INET or AF_INET6 routing tables.
Both could be empty or very large.

As such revert back to a buffer size of 2048 which mirrors
other programs which parse the routing socket.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:47:03 +02:00
Roy Marples
25c247684f BSD: Remove an outdated comment
With interface matching support, wpa_supplicant can wait for an
interface to appear.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:46:57 +02:00
Roy Marples
d807e289db BSD: Don't set or remove IFF_UP
Now that both hostapd and wpa_supplicant react to interface flag
changes, there is no need to set or remove IFF_UP.

It should be an administrative flag only.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:46:53 +02:00
Roy Marples
4692e87b25 BSD: Share route(4) processing with hostapd and wpa_supplicant.
There is little point in having both and it brings interface
addition/removal and IFF_UP notifications to hostapd.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:44:23 +02:00
Roy Marples
d20b34b439 BSD: Driver does not need to know about both wpa and hostap contexts
It will either be one or the other.
Fold hapd into ctx to match other drivers.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:44:23 +02:00
Ouden
aad414e956 nl80211: Fix send_mlme for SAE external auth
When external authentication is used, the station send mlme frame (auth)
to the driver may not be able to get the frequency (bss->freq) after
hostap.git commit b6f8b5a9 ("nl80211: Update freq only when CSA
completes"). Use the assoc_freq to send the MLME frame when SAE external
authentication is used to avoid this issue.

Signed-off-by: Ouden <Ouden.Biz@gmail.com>
2020-02-02 21:38:51 +02:00
Sunil Dutt
1a9d270d41 Additional stats through QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO
This commit introduces additional stats to query through
QCA_NL80211_VENDOR_SUBCMD_UPDATE_STA_INFO.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-31 23:46:01 +02:00
Jouni Malinen
c025c2eb59 DPP: DPPEnvelopedData generation for Configurator backup
This adds support for generating an encrypted backup of the local
Configurator information for the purpose of enrolling a new
Configurator. This includes all ASN.1 construction and data encryption,
but the configuration and connector template values in
dpp_build_conf_params() are not yet complete.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-31 23:32:34 +02:00
Jouni Malinen
7d9e320054 DPP: Received Configurator backup processing
Add local Configurator instance for each received Configurator backup.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-31 23:16:05 +02:00
Jouni Malinen
ea91ddb08a DPP: DPPEnvelopedData parsing for Configurator backup/restore
Process the received DPPEnvelopedData when going through Configurator
provisioning as the Enrollee (the new Configurator). This parses the
message, derives the needed keys, and decrypts the Configurator
parameters. This commit stores the received information in
auth->conf_key_pkg, but the actually use of that information to create a
new Configurator instance will be handled in a separate commit.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-31 23:16:05 +02:00
Jouni Malinen
31b5950d0b ASN.1: Helper functions for building DER encoded data
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-31 23:16:05 +02:00
Jouni Malinen
ce1f477397 ASN.1: More OID definitions
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-31 23:16:05 +02:00
Jouni Malinen
8006742fa3 ASN.1: Add a helper for parsing AlgorithmIdentifier
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-30 15:23:32 +02:00
Jouni Malinen
f7f2843c45 ASN.1: Add a helper for parsing SEQUENCE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-30 12:12:26 +02:00
Jouni Malinen
3393d94d02 ASN.1: Add a helper for parsing INTEGER
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-30 12:00:21 +02:00
Jouni Malinen
5e98998ec1 DPP2: Add Protocol Version attr to Auth Resp only if peer is R2 or newer
There is no need for the Protocol Version attribute in Authentication
Response if the peer is a DPP R1 device since such device would not know
how to use this attribute. To reduce risk for interoperability issues,
add this new attribute only if the peer included it in Authentication
Request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-29 01:00:23 +02:00
Krishna Rao
505797b458 Add a vendor attribute for RTPL instance primary frequency
Add an attribute QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY_FREQUENCY for
primary channel center frequency in the definition for Representative
Tx Power List (RTPL) list entry instance. This is required for 6 GHz
support, since the 6 GHz channel numbers overlap with existing 2.4 GHz
and 5 GHz channel numbers thus requiring frequency values to uniquely
identify channels.

Mark QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY as deprecated if both the
driver and user space application support 6 GHz. For backward
compatibility, QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY is still used if
either the driver or user space application or both do not support the
6 GHz band.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-28 20:48:07 +02:00
Jouni Malinen
76162b1828 TLS: Fix bounds checking in certificate policy parser
The recent addition of the X.509v3 certificatePolicies parser had a
copy-paste issue on the inner SEQUENCE parser that ended up using
incorrect length for the remaining buffer. Fix that to calculate the
remaining length properly to avoid reading beyond the end of the buffer
in case of corrupted input data.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20363
Fixes: d165b32f38 ("TLS: TOD-STRICT and TOD-TOFU certificate policies")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-28 14:21:03 +02:00
Jouni Malinen
566972fd6f DPP: Show selected negotiation channel in DPP_BOOTSTRAP_INFO
Make the selected channel available for upper layer software to use,
e.g., when starting DPP listen operation during NFC negotiated
connection handover.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-27 20:36:09 +02:00
Jouni Malinen
5e287724ee DPP: NFC negotiated connection handover
Add new control interface commands "DPP_NFC_HANDOVER_REQ own=<id>
uri=<URI>" and "DPP_NFC_HANDOVER_SEL own=<id> uri=<URI>" to support NFC
negotiated connection handover. These commands are used to report a DPP
URI received from a peer NFC Device in Handover Request and Handover
Select messages. The commands return peer bootstrapping information ID
or FAIL on failure. The returned ID is used similarly to any other
bootstrapping information to initiate DPP authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-27 20:36:09 +02:00
Jouni Malinen
2bbe6ad3aa DPP: Helper function for bootstrapping URI generation
The new dpp_gen_uri() helper function can be used to build the
bootstrapping URI from locally stored information. This can be used to
make it easier to update the URI, e.g., for NFC negotiated connection
handover cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-27 20:36:09 +02:00
Jouni Malinen
12da39b389 crypto: Allow up to 10 fragments for hmac_sha*_vector()
This increases the limit of how many data fragments can be supported
with the internal HMAC implementation. The previous limit was hit with
some FT use cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 17:04:54 +02:00
Jouni Malinen
d165b32f38 TLS: TOD-STRICT and TOD-TOFU certificate policies
Add parsing of certificate policies for TOD-STRICT and TOD-TOFU when
using CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 16:44:49 +02:00
Jouni Malinen
cd66b8295c TLS: Fix a typo in a debug message
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 12:50:44 +02:00
Ashish Kumar Dhanotiya
a629409047 Add vendor interface QCA_NL80211_VENDOR_SUBCMD_REQUEST_SAR_LIMITS_EVENT
This commit introduces the vendor event
QCA_NL80211_VENDOR_SUBCMD_REQUEST_SAR_LIMITS_EVENT.
Host drivers can request user space application to set SAR power
limits with this event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 20:48:14 +02:00
Vamsi Krishna
0ecf735631 Add new QCA vendor attribute to set thermal level
Add a new QCA vendor attribute to set thermal level to the driver from
userspace. The driver/firmware takes actions requested by userspace to
mitigate high temperature such as throttling TX etc. The driver may
choose the level of throttling and other actions for various thermal
levels set by userspace.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 20:45:35 +02:00
Jouni Malinen
8b138d2826 OWE: PTK derivation workaround in STA mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround=1 network parameter can be used
to enable older behavior mainly for testing purposes. There is no impact
to group 19 behavior, but if enabled, this will make group 20 and 21
cases use SHA256-based PTK derivation which will not work with the
updated OWE implementation on the AP side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:47:41 +02:00
Jouni Malinen
65a44e849a OWE: PTK derivation workaround in AP mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround parameter can be used to enable
workaround for interoperability with stations that use SHA256 with
groups 20 and 21. By default, only the appropriate hash function is
accepted. When workaround is enabled (owe_ptk_workaround=1), the
appropriate hash function is tried first and if that fails, SHA256-based
PTK derivation is attempted. This workaround can result in reduced
security for groups 20 and 21, but is required for interoperability with
older implementations. There is no impact to group 19 behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:47:41 +02:00
Jouni Malinen
bd50805e40 OWE: Select KDF hash algorithm based on the length of the prime
Previous implementation was hardcoding use of SHA256 PMK-to-PTK
derivation for all groups. Replace that with hash algorithm selection
based on the length of the prime similarly to the way this was done for
other derivation steps in OWE.

This breaks backwards compatibility when using group 20 or 21; group 19
behavior remains same.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:47:16 +02:00
Jouni Malinen
0d445cd394 Fix a typo in a comment
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:08:10 +02:00
Vamsi Krishna
1011c79900 Do not enable HT/VHT for 6 GHz band 20 MHz width channels also
The previous commit had a rebasing issue that ended up covering only the
center_segment0 != 0 case. These were supposed to apply for all 6 GHz
band cases.

Fixes: 0bfc04b8d0 ("Do not enable HT/VHT when operating in 6 GHz band")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-23 16:10:41 +02:00
Jouni Malinen
5e32fb0170 SAE: Use Anti-Clogging Token Container element with H2E
IEEE P802.11-REVmd was modified to use a container IE for anti-clogging
token whenver H2E is used so that parsing of the SAE Authentication
frames can be simplified.

See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-21 13:13:56 +02:00
Jouni Malinen
e36a5894d0 SAE: Use H2E whenever Password Identifier is used
IEEE P802.11-REVmd was modified to require H2E to be used whenever
Password Identifier is used with SAE.

See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-21 13:13:56 +02:00
Jouni Malinen
c56b7a2fdf SAE: Mark sae_derive_pt_ecc() static
This function is not used outside sae.c.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-21 00:35:16 +02:00
Johannes Berg
4ee5a50358 trace: Handle binutils bfd.h breakage
Some things in bfd.h that we use were renamed, and in the case of
bfd_get_section_vma() a parameter was dropped. Work around this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-01-20 21:17:21 +02:00
Hai Shalom
d20365db17 EAP-SIM/AKA peer: Add support for EAP Method prefix
Add support for EAP method prefix in the anonymous identity
used during EAP-SIM/AKA/AKA' authentication when encrypted IMSI
is used. The prefix is a single character that indicates which
EAP method is required by the client.

Signed-off-by: Hai Shalom <haishalom@google.com>
2020-01-10 19:16:13 +02:00
Vamsi Krishna
4bf78a79d0 ACS: Populate channel config from external ACS per documented behavior
Based on the now documented seg0/seg1 values from offloaded ACS, there
is a mismatch between the driver interface and internal hostapd use.

The value of segment0 field in ACS results is the index of the channel
center frequency for 20 MHz, 40 MHz, and 80M Hz channels. The value is
the center frequency index of the primary 80 MHz segment for 160 MHz and
80+80 MHz channels.

The value of segment1 field in ACS results is zero for 20 MHz, 40 MHz,
and 80 MHz channels. The value is the index of the channel center
frequency for 160 MHz channels and the center frequency index of the
secondary 80 MHz segment for 80+80 MHz channels.

However, in struct hostapd_config, for 160 MHz channels, the value of
the segment0 field is the index of the channel center frequency of 160
MHz channel and the value of the segment1 field is zero. Map the values
from ACS event into hostapd_config fields accordingly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 20:22:12 +02:00
Vamsi Krishna
fe1552d93c ACS: Update documentation of external ACS results event parameters
Update the documentation with values to be sent for seg0 and seg1 fields
in external ACS result event for 20 MHz, 40 MHz, 80 MHz, 160 MHz, and
80+80 MHz channels. These values match the changes done to definitions
of seg0 and seg1 fields in the IEEE 802.11 standard.

This vendor command had not previously been documented in this level of
detail and had not actually been used for the only case that could have
two different interpretation (160 MHz) based on which version of IEEE
802.11 standard is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 20:12:14 +02:00
Vamsi Krishna
881177201a 6 GHz: Fix Channel Width value for 80+80 in 6 GHZ Operation Info field
The Channel Width field value is 0 for 20 MHz, 1 for 40 MHz, 2 for 80
MHz, and 3 for both 160 MHz and 80+80 MHz channels. The 80+80 MHz case
was not addressed previously correctly since it cannot be derived from
seg0 only.

The Channel Center Frequency Segment 0 field value is the index of
channel center frequency for 20 MHz, 40 MHz, and 80 MHz channels. The
value is the center frequency index of the primary 80 MHz segment for
160 MHz and 80+80 MHz channels.

The Channel Center Frequency Segment 1 field value is zero for 20 MHz,
40 MHz, and 80 MHz channels. The value is the index of the channel
center frequency for 160 MHz channel and the center frequency index of
the secondary 80 MHz segment for 80+80 MHz channels.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 17:43:28 +02:00
Jouni Malinen
b4fe37c4fa Silence compiler warning in no-NEED_AP_MLME builds
Make the dummy hostapd_hw_mode_txt() wrapper return "UNKNOWN" instead of
NULL to avoid a warning from a debug printf using %s with NULL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 12:44:08 +02:00
Alexander Wetzel
a919a26035 Introduce and add key_flag
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.

The following flag are defined:

  KEY_FLAG_MODIFY
    Set when an already installed key must be updated.
    So far the only use-case is changing RX/TX status of installed
    keys. Must not be set when deleting a key.

  KEY_FLAG_DEFAULT
    Set when the key is also a default key. Must not be set when
    deleting a key. (This is the replacement for set_tx.)

  KEY_FLAG_RX
    The key is valid for RX. Must not be set when deleting a key.

  KEY_FLAG_TX
    The key is valid for TX. Must not be set when deleting a key.

  KEY_FLAG_GROUP
    The key is a broadcast or group key.

  KEY_FLAG_PAIRWISE
    The key is a pairwise key.

  KEY_FLAG_PMK
    The key is a Pairwise Master Key (PMK).

Predefined and needed flag combinations so far are:

  KEY_FLAG_GROUP_RX_TX
    WEP key not used as default key (yet).

  KEY_FLAG_GROUP_RX_TX_DEFAULT
    Default WEP or WPA-NONE key.

  KEY_FLAG_GROUP_RX
    GTK key valid for RX only.

  KEY_FLAG_GROUP_TX_DEFAULT
    GTK key valid for TX only, immediately taking over TX.

  KEY_FLAG_PAIRWISE_RX_TX
    Pairwise key immediately becoming the active pairwise key.

  KEY_FLAG_PAIRWISE_RX
    Pairwise key not yet valid for TX. (Only usable with Extended Key ID
    support.)

  KEY_FLAG_PAIRWISE_RX_TX_MODIFY
    Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.

  KEY_FLAG_RX_TX
    Not a valid standalone key type and can only used in combination
    with other flags to mark a key for RX/TX.

This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-09 12:38:36 +02:00
Jouni Malinen
3df4c05aec nl80211: Pass set_key() parameter struct to wpa_driver_nl80211_set_key()
This is the function that actually uses the parameters, so pass the full
parameter struct to it instead of hiding the struct from it in the
simple wrapper.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 00:48:57 +02:00
Gurumoorthi Gnanasambandhan
99d8c4dca3 hostapd: Support VLAN offload to the driver
If the driver supports VLAN offload mechanism with a single netdev, use
that instead of separate per-VLAN netdevs.

Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
2020-01-09 00:48:57 +02:00
Gurumoorthi Gnanasambandhan
0f903f37dc nl80211: VLAN offload support
Add indication for driver VLAN offload capability and configuration of
the VLAN ID to the driver.

Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
2020-01-09 00:48:57 +02:00
Gurumoorthi Gnanasambandhan
4d3ae54fbd Add vlan_id to driver set_key() operation
This is in preparation for adding support to use a single WLAN netdev
with VLAN operations offloaded to the driver. No functional changes are
included in this commit.

Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
2020-01-09 00:48:57 +02:00
Jouni Malinen
f822546451 driver: Move set_key() parameters into a struct
This makes it more convenient to add, remove, and modify the parameters
without always having to update every single driver_*.c implementation
of this callback function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 00:48:57 +02:00
Jouni Malinen
3912cbd88d SAE: A bit optimized sae_confirm_immediate=2 for testing purposes
sae_confirm_immediate=2 can now be used in CONFIG_TESTING_OPTIONS=y
builds to minimize the latency between SAE Commit and SAE Confirm by
postponing transmission of SAE Commit until the SAE Confirm frame is
generated. This does not have significant impact, but can get the frames
tiny bit closer to each other over the air to increase testing coverage.
The only difference between sae_confirm_immediate 1 and 2 is in the
former deriving KCK, PMK, PMKID, and CN between transmission of the
frames (i.e., a small number of hash operations).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-08 20:57:08 +02:00
Vamsi Krishna
aa663baf45 Fix QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG1_CENTER_CHANNEL NULL check
Correct the check for presence of
QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG1_CENTER_CHANNEL attribute before using it
while processing acs_result event.

Fixes: 857d94225a ("Extend offloaded ACS QCA vendor command to support VHT")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-08 16:14:24 +02:00
Markus Theil
f7b2fe99ea tests: Fix undefined behavior in module tests
Test: wpa_supplicant module tests
../src/utils/utils_module_tests.c:933:7: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-01-08 14:56:55 +02:00
Jouni Malinen
297d69161b OpenSSL: Fix memory leak in TOD policy validation
Returned policies from X509_get_ext_d2i() need to be freed.

Fixes: 21f1a1e66c ("Report TOD policy")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-07 20:40:12 +02:00
Jouni Malinen
c52129bed8 nl80211: Allow control port to be disabled with a driver param
This is mainly for testing purposes to allow wpa_supplicant and hostapd
functionality to be tested both with and without using the nl80211
control port which is by default used whenever supported by the driver.
control_port=0 driver parameter will prevent that from happening.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-05 21:31:33 +02:00
Markus Theil
781c5a0624 nl80211: Use control port TX for AP mode
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-01-05 21:31:33 +02:00
Markus Theil
d8252a9812 nl80211: Report control port RX events
This allows EAPOL frames to be received over the separate controlled
port once rest of the driver interface is ready for this. By itself,
this commit does not actually change behavior since cfg80211 will not be
delivering these events without them being explicitly requested.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-01-05 21:30:41 +02:00
Markus Theil
a79ed06871 Add no_encrypt flag for control port TX
In order to correctly encrypt rekeying frames, wpa_supplicant now checks
if a PTK is currently installed and sets the corresponding encrypt
option for tx_control_port().

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-01-05 20:34:50 +02:00
Brendan Jackman
8759e9116a nl80211: Control port over nl80211 helpers
Linux kernel v4.17 added the ability to request sending controlled port
frames (e.g., IEEE 802.1X controlled port EAPOL frames) via nl80211
instead of a normal network socket. Doing this provides the device
driver with ordering information between the control port frames and the
installation of keys. This empowers it to avoid race conditions between,
for example, PTK replacement and the sending of frame 4 of the 4-way
rekeying handshake in an RSNA. The key difference between the specific
control port and normal socket send is that the device driver will
certainly get any EAPOL frames comprising a 4-way handshake before it
gets the key installation call for the derived key. By flushing its TX
buffers it can then ensure that no pending EAPOL frames are
inadvertently encrypted with a key that the peer will not yet have
installed.

Add a CONTROL_PORT flag to the hostap driver API to report driver
capability for using a separate control port for EAPOL frames. This
operation is exactly like an Ethernet send except for the extra ordering
information it provides for device drivers. The nl80211 driver is
updated to support this operation when the device reports support for
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211. Also add a driver op
tx_control_port() for request a frame to be sent over the controlled
port.

Signed-off-by: Brendan Jackman <brendan.jackman@bluwireless.co.uk>
2020-01-05 19:43:52 +02:00
Jouni Malinen
ccaabeaa03 driver: Remove unused send_ether() driver op
This was used only for FT RRB sending with driver_test.c and
driver_test.c was removed more than five years ago, so there is no point
in continuing to maintain this driver op.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-05 18:32:10 +02:00
Bilal Hatipoglu
3d41dd7c50 WPS: Add application extension data to WPS IE
Application Extension attribute is defined in WSC tech spec v2.07 page
104. Allow hostapd to be configured to add this extension into WPS IE in
Beacon and Probe Response frames. The implementation is very similar to
vendor extension.

A new optional entry called "wps_application_ext" is added to hostapd
config file to configure this. It enodes the payload of the Application
Extension attribute in hexdump format.

Signed-off-by: Veli Demirel <veli.demirel@airties.com>
Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
2020-01-04 23:39:30 +02:00
Jouni Malinen
9bedf90047 nl80211: Use monitor interface for sending no-encrypt test frames
Since NL80211_CMD_FRAME does not allow encryption to be disabled for the
frame, add a monitor interface temporarily for cases where this type of
no-encrypt frames are to be sent. The temporary monitor interface is
removed immediately after sending the frame.

This is testing functionality (only in CONFIG_TESTING_OPTIONS=y builds)
that is used for PMF testing where the AP can use this to inject an
unprotected Robust Management frame (mainly, Deauthentication or
Disassociation frame) even in cases where PMF has been negotiated for
the association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-04 20:23:05 +02:00
Jouni Malinen
8d84c75f7c Allow testing override for GTK/IGTK RSC from AP to STA
The new hostapd gtk_rsc_override and igtk_rsc_override configuration
parameters can be used to set an override value for the RSC that the AP
advertises for STAs for GTK/IGTK. The contents of those parameters is a
hexdump of the RSC in little endian byte order.

This functionality is available only in CONFIG_TESTING_OPTIONS=y builds.
This can be used to verify that stations implement initial RSC
configuration correctly for GTK/ and IGTK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-04 13:05:26 +02:00
Ben Greear
ff77431180 nl80211: Don't set offchan-OK flag if doing on-channel frame in AP mode
I saw a case where the kernel's cfg80211 rejected hostapd's attempt to
send a neighbor report response because nl80211 flagged the frame as
offchannel-OK, but kernel rejects because channel was 100 (DFS) and so
kernel failed thinking it was constrained by DFS/CAC requirements that
do not allow the operating channel to be left (at least in FCC).

Don't set the packet as off-channel OK if we are transmitting on the
current operating channel of an AP to avoid such issues with
transmission of Action frames.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2020-01-03 16:00:02 +02:00
Jouni Malinen
d5798e43f5 nl80211: Use current command for NL80211_CMD_REGISTER_ACTION
This was renamed to NL80211_CMD_REGISTER_FRAME long time ago.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 15:26:31 +02:00
Jouni Malinen
81ae8820a6 nl80211: Rename send_action_cookie to send_frame_cookie
This is to match the NL80211_CMD_ACTION renaming to NL80211_CMD_FRAME
that happened long time ago. This command can be used with any IEEE
802.11 frame and it should not be implied to be limited to Action
frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 15:23:49 +02:00
Jouni Malinen
5ad372cc3f nl80211: Clean up nl80211_send_frame_cmd() callers
Replace a separate cookie_out pointer argument with save_cookie boolean
since drv->send_action_cookie is the only longer term storage place for
the cookies. Merge all nl80211_send_frame_cmd() callers within
wpa_driver_nl80211_send_mlme() to use a single shared call to simplify
the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 15:18:46 +02:00
Jouni Malinen
0dae4354f7 nl80211: Get rid of separate wpa_driver_nl80211_send_frame()
Merge this function into wpa_driver_nl80211_send_mlme() that is now the
only caller for the previously shared helper function. This is a step
towards cleaning up the overly complex code path for sending Management
frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 15:00:15 +02:00
Jouni Malinen
e695927862 driver: Remove unused send_frame() driver op
All the previous users have now been converted to using send_mlme() so
this unused send_frame() callback can be removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:56:12 +02:00
Jouni Malinen
ce01804872 Convert the only remaining send_frame() users to send_mlme()
Since send_mlme() now has support for the no_encrypt argument it is
possible to get rid of the remaining send_frame() uses.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:53:42 +02:00
Jouni Malinen
27cc06d073 nl80211: Support no_encrypt=1 with send_mlme()
This allows send_mlme() to be used to replace send_frame() for the test
cases where unencrypted Deauthentication/Disassociation frames need to
be sent out even when using PMF for the association. This is currently
supported only when monitor interface is used for AP mode management
frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:53:42 +02:00
Jouni Malinen
665a3007fb driver: Add no_encrypt argument to send_mlme()
This is in preparation of being able to remove the separate send_frame()
callback.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:53:32 +02:00
Jouni Malinen
3710027463 Make hostapd_drv_send_mlme() more generic
Merge hostapd_drv_send_mlme_csa() functionality into
hostapd_drv_send_mlme() to get a single driver ops handler function for
hostapd. In addition, add a new no_encrypt parameter in preparation for
functionality that is needed to get rid of the separate send_frame()
driver op.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:34:37 +02:00
Jouni Malinen
b3525dc172 P2P Manager: Use send_mlme() instead of send_frame() for Deauthentication
send_frame() is documented to be used for "testing use only" and as
such, it should not have used here for a normal production
functionality. Replace this with use of send_mlme() which is already
used for sending Deauthentication frames in other cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:22:32 +02:00
Jouni Malinen
14cc3d10ca nl80211: Simplify hapd_send_eapol() with monitor interface
Call nl80211_send_monitor() directly instead of going through
wpa_driver_nl80211_send_frame() for the case where monitor interface is
used for AP mode management purposes. drv->use_monitor has to be 1 in
this code path, so wpa_driver_nl80211_send_frame() was calling
nl80211_send_monitor() unconditionally for this code path and that extra
function call can be removed here to simplify the implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 12:08:58 +02:00
Jouni Malinen
16a2667203 nl80211: Don't accept interrupted dump responses
Netlink dump message may be interrupted if an internal inconsistency is
detected in the kernel code. This can happen, e.g., if a Beacon frame
from the current AP is received while NL80211_CMD_GET_SCAN is used to
fetch scan results. Previously, such cases would end up not reporting an
error and that could result in processing partial data.

Modify this by detecting this special interruption case and converting
it to an error. For the NL80211_CMD_GET_SCAN, try again up to 10 times
to get the full response. For other commands (which are not yet known to
fail in similar manner frequently), report an error to the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 23:34:53 +02:00