Commit graph

2407 commits

Author SHA1 Message Date
Pradeep Kumar Chitrapu
15742566fd 6 GHz: Fix operating class in Supported Operating Classes element
Previously, the secondary channel was set only in presence of HT
capabilities based on HT40+ or HT40-. As HT capabilities and
secondary_channel are not present for the 6 GHz bamd, this causes
incorrect operating class indication in the Supported Operating Classes
element.

Fix this by assigning the secondary channel for bandwidths greater than
20 MHz in the 6 GHz band.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-05-03 23:04:55 +03:00
P Praneesh
79e8f0c164 hostapd: Update 160 MHz center freq calculation in 6 GHz
In the 6 GHz Operation Information field, the Channel Center Frequency
Segment 0 field indicates the channel center frequency index for
the 20 MHz, 40 MHz, 80 MHz, or 80+80 MHz channel on which the
BSS operates in the 6 GHz band. If the BSS channel width is 160 MHz
then the Channel Center Frequency Segment 0 field indicates the
channel center frequency index of the primary 80 MHz.

The Channel Center Frequency Segment 1 field indicates the channel
center frequency index of the 160 MHz channel on which the BSS operates
in the 6 GHz band or the channel center frequency of the secondary 80
MHz for the 80+80 MHz channel.

Since Channel Center Frequency Segment 1 was 0 for 160 MHz, 6 GHz STA
associated using 80 MHz. Update seg0 and seg1 fields per standard (IEEE
P802.11ax/D8.0: 9.4.2.249 HE Operation element).

Signed-off-by: P Praneesh <ppranees@codeaurora.org>
2021-05-03 17:35:59 +03:00
Lavanya Suresh
9c6b0a9416 hostapd: Disable VHT/HE when WMM is not enabled
When WMM is disabled, HT/VHT/HE capabilities should not be used for any
STA. If any STA advertises these capabilities, hostapd AP disables HT
capabilities in STA flags during STA assoc, but VHT/HE was not handled
similarly. This could allow a STA to associate in VHT/HE mode even in
WMM disable case.

To avoid this, disable VHT/HE capabilities similarly to HT during STA
association, if WMM is not enabled by the STA.

Signed-off-by: Lavanya Suresh <lavaks@codeaurora.org>
2021-05-03 17:27:22 +03:00
Kani M
1f2fbf41d0 Fix UPDATE_BEACON processing when disabled
The hostapd process crashed when the UPDATE_BEACON control interface
command was issue after the interface was disabled. Check for this case
and return an error if the interface is disabled.

Signed-off-by: Kani M <kanisumi@codeaurora.org>
2021-04-21 23:23:54 +03:00
Disha Das
80d9756956 DPP2: Get DPP Relay Controller context based on hostapd callback context
Get the DPP Relay Controller context from the list of configured
Controllers based on the correct hostapd callback context. This is
needed to pick the correct hostapd interface for sending out the
response over air, e.g., when the same hostapd process controls a 2.4
GHz only and a 5 GHz only interface.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2021-04-21 23:06:00 +03:00
Jouni Malinen
d675d3b15b Add helper functions for parsing RSNXE capabilities
Simplify the implementation by using shared functions for parsing the
capabilities instead of using various similar but not exactly identical
checks throughout the implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-04-10 12:43:38 +03:00
Jouni Malinen
663e190b72 SAE: Remove now unused password identifier argument from non-H2E case
IEEE Std 802.11-2020 mandates H2E to be used whenever an SAE password
identifier is used. While this was already covered in the
implementation, the sae_prepare_commit() function still included an
argument for specifying the password identifier since that was used in
an old test vector. Now that that test vector has been updated, there is
no more need for this argument anymore. Simplify the older non-H2E case
to not pass through a pointer to the (not really used) password
identifier.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-04-10 12:12:54 +03:00
Ilan Peer
79f87f4734 PASN: Change PASN flows to use SAE H2E only
Do so for both wpa_supplicant and hostapd. While this was not explicitly
required in IEEE P802.11az/D3.0, likely direction for the draft is to
start requiring use of H2E for all cases where SAE is used with PASN.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-04-10 12:12:22 +03:00
Ilan Peer
8c786e0687 PASN: Derive KDK only when required
When a PTK derivation is done as part of PASN authentication flow, a KDK
derivation should be done if and only if the higher layer protocol is
supported by both parties.

Fix the code accordingly, so KDK would be derived if and only if both
sides support Secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-04-10 11:55:55 +03:00
Lavanya Suresh
e72e322539 hostapd: Enable WMM automatically when HE is configured
If WMM is not set explicitly in the configuration, it can be set based
on HT/HE config. As HE can be used without HT/VHT (which was introduced
as a special behavior for the 6 GHz band), add a similar automatic
enabling of WMM for HE without HT.

Signed-off-by: Lavanya Suresh <lavaks@codeaurora.org>
2021-03-26 00:21:18 +02:00
Jouni Malinen
4a841a218b Fix WNM-Sleep Mode exit debug print of BIGTK
Previous debug print used IGTK instead of BIGTK, so fix that to use the
correct key. Actual generation of the BIGTK subelement itself was using
the correct key, though, so this is only needed to fix the debug print.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-26 00:21:18 +02:00
Jouni Malinen
b8673baeab Add REGISTER_FRAME hostapd control interface command for testing purposes
This can be used to register reception of new types of Management frames
through nl80211.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-23 00:42:06 +02:00
Jouni Malinen
60974eb3f6 Allow AP mode extended capabilities to be overridden
The new hostapd configuration parameters ext_capa_mask and ext_capa can
now be used to mask out or add extended capability bits. While this is
not without CONFIG_TESTING_OPTIONS, the main use case for this is for
testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-22 11:58:21 +02:00
Jouni Malinen
8ca09293ea Simplify extended capability determination in AP mode
There is no need to determine the exact length of the element before
filling in the octets since this function is already capable of
truncated the fields based on what the actual values are.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-22 11:12:39 +02:00
Ilan Peer
ab623ac750 PASN: Add support for comeback flow in AP mode
Reuse the SAE anti-clogging token implementation to support similar
design with the PASN comeback cookie.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-21 18:01:27 +02:00
Jouni Malinen
4ed10754e8 DPP: Fix GAS client error case handling in hostapd
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.

This is similar to the earlier wpa_supplicant fix in commit 931f7ff656
("DPP: Fix GAS client error case handling").

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-21 11:47:39 +02:00
Jouni Malinen
512d973cc2 DPP: Indicate authentication success on ConfReqRX if needed (hostapd)
It is possible to receive the Configuration Request frame before having
seen TX status for the Authentication Confirm. In that sequence, the
DPP-AUTH-SUCCESS event would not be indicated before processing the
configuration step and that could confuse upper layers that follow the
details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS
when receiving the Configuration Request since the Enrollee/Responser
has clearly receive the Authentication Confirm even if the TX status for
it has not been received.

This was already done in wpa_supplicant in commit 422e73d623 ("DPP:
Indicate authentication success on ConfReqRX if needed") and matching
changes are now added to hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 16:09:19 +02:00
Jouni Malinen
6bbbd9729f DPP2: Fix connection status result wait in hostapd
The waiting_conn_status_result flag was not set which made hostapd
discard the Connection Status Result. Fix this to match the
wpa_supplicant implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:17:58 +02:00
Jouni Malinen
c0c74f0c6b Testing functionality for airtime policy
Add a new testing parameter to allow airtime policy implementation to be
tested for more coverage even without kernel driver support.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:03:01 +02:00
Ilan Peer
1ca1c3cfee AP: Handle deauthentication frame from PASN station
When a Deauthentication frame is received, clear the corresponding PTKSA
cache entry for the given station, to invalidate previous PTK
information.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:41:02 +02:00
Ilan Peer
166e357e63 AP: Enable anti clogging handling code in PASN builds without SAE
The anti-clogging code was under CONFIG_SAE. Change this so it can be
used both with CONFIG_SAE and CONFIG_PASN.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:58:10 +02:00
Ilan Peer
6fe0d56e88 AP: Rename SAE anti clogging variables and functions
PASN authentication mandates support for comeback flow, which
among others can be used for anti-clogging purposes.

As the SAE support for anti clogging can also be used for PASN,
start modifying the source code so the anti clogging support
can be used for both SAE and PASN.

As a start, rename some variables/functions etc. so that they would not
be SAE specific. The configuration variable is also renamed, but the old
version remains available for backwards compatibility.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:44:24 +02:00
Ilan Peer
b866786338 PASN: For testing purposes allow to corrupt MIC
For testing purposes, add support for corrupting the MIC in PASN
Authentication frames for both wpa_supplicant and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:19:12 +02:00
Ilan Peer
2efa60344e PASN: Encode the public key properly
When a public key is included in the PASN Parameters element, it should
be encoded using the RFC 5480 conventions, and thus the first octet of
the Ephemeral Public Key field should indicate whether the public key is
compressed and the actual key part starts from the second octet.

Fix the implementation to properly adhere to the convention
requirements for both wpa_supplicant and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 12:31:31 +02:00
Ilan Peer
cd0813763a PASN: Include PMKID in RSNE in PASN response from AP
As defined in IEEE P802.11az/D3.0, 12.12.3.2 for the second PASN frame.
This was previously covered only for the case when the explicit PMKSA
was provided to the helper function. Extend that to cover the PMKID from
SAE/FILS authentication cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 11:45:12 +02:00
Ilan Peer
da3ac98099 PASN: Fix setting frame and data lengths in AP mode PASN response
Frame length and data length can exceed 256 so need to use size_t
instead of u8.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 11:38:51 +02:00
Jouni Malinen
17d85158cf Fix hostapd PMKSA_ADD with Authenticator disabled
This function can get called with hapd->wpa_auth == NULL from the
control interface handler, so explicitly check for that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-07 12:33:30 +02:00
Jouni Malinen
147d6d3727 Update VHT capabilities info on channel switch event
This is needed to be able to move from 80 MHz or lower bandwidth to 160
or 80+80 MHz bandwidth (and back) properly without leaving the Beacon
frame VHT elements showing incorrect information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-07 01:35:25 +02:00
Jouni Malinen
7c5442e744 DPP: Clear hapd->gas pointer on deinit
While it does not look like the stale pointer could have been
dereferenced in practice, it is better not to leave the stale pointer to
freed memory in place to avoid accidental uses.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-06 11:56:00 +02:00
Jouni Malinen
076e0abddb SQLite: Fix temporary eap_user data freeing on interface restart
hapd->tmp_eap_user needs to be cleared on interface deinit to avoid
leaving stale pointers to freed memory.

Fixes: ee431d77a5 ("Add preliminary support for using SQLite for eap_user database")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-06 11:44:38 +02:00
Michael Braun
2da3105ac1 Fix use after free with hapd->time_adv on interface restart
When an interface is disabled, e.g. due to radar detected,
hapd->time_adv is freed by hostapd_free_hapd_data(), but later
used by ieee802_11_build_ap_params() calling hostapd_eid_time_adv().

Thus hapd->time_adv needs to be cleared as well.

Fixes: 39b97072b2 ("Add support for Time Advertisement")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2021-03-06 11:37:26 +02:00
Jouni Malinen
57fec19dab Use more consistent iface->conf checks
Commit f1df4fbfc7 ("mesh: Use setup completion callback to complete
mesh join") added a check for iface->conf being NULL into a debug print.
However, it is not clear how that could be NULL here. In any case,
setup_interface() could end up dereferencing iface->conf in the call to
hostapd_validate_bssid_configuration(), so better be consistent with the
checks and not get warnings from static analyzers regardless of whether
this can happen in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-28 11:51:16 +02:00
Jouni Malinen
b8211e1e75 PASN: Avoid unreachable code with CONFIG_NO_RADIUS
There is no point in trying to build in rest of this function if in the
middle of it the CONFIG_NO_RADIUS case would unconditionally fail.
Simply make all of this be conditional on that build parameter not being
set to make things easier for static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-28 11:37:47 +02:00
Jouni Malinen
9a1136b7f1 FILS: Fix RSN info in FD frame for no-group-addressed
The value from the initial RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED check
ended up getting overridden with the following if. This was supposed to
be a single if statement to avoid that.

Fixes: 9c02a0f5a6 ("FILS: Add generation of FILS Discovery frame template")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-28 11:27:42 +02:00
Jouni Malinen
a826ff2d95 Ignore group-addressed SA Query frames
These frames are used for verifying that a specific SA and protected
link is in functional state between two devices. The IEEE 802.11
standard defines only a case that uses individual MAC address as the
destination. While there is no explicit rule on the receiver to ignore
other cases, it seems safer to make sure group-addressed frames do not
end up resulting in undesired behavior. As such, drop such frames
instead of interpreting them as valid SA Query Request/Response.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-27 20:27:00 +02:00
Ben Greear
827b43b3ca RADIUS client: Support SO_BINDTODEVICE
Allow the RADIUS client socket to be bound to a specific netdev. This
helps hostapd work better in VRF and other fancy network environments.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Andreas Tobler <andreas.tobler at onway.ch>
2021-02-27 10:51:15 +02:00
Sunil Dutt
3a05f89edc Android: Add DRIVER command support on hostapd and hostapd_cli
Add DRIVER command support on hostapd and hostapd_cli on Android
similarly to the way this previously enabled in wpa_supplicant and
wpa_cli.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-26 20:22:41 +02:00
Jouni Malinen
dc72854fe2 Fix handle_auth_cb() message length check regression
Reordering of code in handle_auth_cb() when adding support for full
station state messaged up frame length checks. The length was originally
tested before looking at the payload of the frame and that is obviously
the correct location for that check. The location after those full state
state changes was after having read six octets of the payload which did
not help at all since there was no addition accesses to the payload
after that check.

Move the payload length check to appropriate place to get this extra
level of protection behaving in the expected manner. Since this is a TX
status callback handler, the frame payload is from a locally generated
Authentication frame and as such, it will be long enough to include
these fields in production use cases. Anyway, better keep this check in
working condition.

Fixes: bb598c3bdd ("AP: Add support for full station state")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-23 00:30:09 +02:00
Ilan Peer
6c7b0a9657 PASN: Correctly set RSNXE bits from AP
The capability bit index should not be shifted here as the shifting is
handled later below when building the RSNXE octets.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-20 00:26:21 +02:00
Veerendranath Jakkam
6f92f81dac AP: Check driver's capability to enable OCV when driver SME is used
When the driver SME is used, offloaded handshakes which need Operating
Channel Validation (OCV) such as SA Query procedure, etc. would fail if
hostapd enables OCV based on configuration but the driver doesn't
support OCV. To avoid this when driver SME is used, enable OCV from
hostapd only when the driver indicates support for OCV.

This commit also adds a capability flag to indicate whether driver SME
is used in AP mode.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-02-16 00:47:43 +02:00
Veerendranath Jakkam
d36d4209fd Enable beacon protection only when driver indicates support
Enabling beacon protection will cause STA connection/AP setup failures
if the driver doesn't support beacon protection. To avoid this, check
the driver capability before enabling beacon protection.

This commit also adds a capability flag to indicate beacon protection
support in client mode only.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-02-16 00:47:43 +02:00
Jouni Malinen
b1c23d3f25 HE: Fall back to 20 MHz on 2.4 GHz if 40 MHz is not supported
At least the ACS case of an attempt to pick a 40 MHz channel on the 2.4
GHz band could fail if HE was enabled and the driver did not include
support for 40 MHz channel bandwidth on the 2.4 GHz band in HE
capabilities. This resulted in "40 MHz channel width is not supported in
2.4 GHz" message when trying to configure the channel and failure to
start the AP.

Avoid this by automatically falling back to using 20 MHz bandwidth as
part of channel parameter determination at the end of the ACS procedure.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-15 18:27:10 +02:00
Aloka Dixit
f1c6c9d3eb ACS: Allow downgrading to 20 MHz based on OBSS results
When auto channel selection (ACS) is used for HE 40 MHz in the 2.4 GHz
band, AP sets center frequency after finding a 40 MHz channel and then
runs a scan for overlapping BSSes in neighboring channels. Upon OBSS
detection, AP should downgrade to 20 MHz bandwidth.

This was broken because allowed_ht40_channel_pair() returns true in this
case and the steps to reset center frequency are not executed causing
failure to bring interface up.

Fix the condition to allow rollback to 20 MHz.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-02-15 18:16:33 +02:00
Aloka Dixit
024b4b2a29 AP: Unsolicited broadcast Probe Response configuration
Add hostapd configuration options for unsolicited broadcast
Probe Response transmission for in-band discovery in 6 GHz.
Maximum allowed packet interval is 20 TUs (IEEE P802.11ax/D8.0
26.17.2.3.2, AP behavior for fast passive scanning).
Setting value to 0 disables the transmission.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-02-14 23:04:26 +02:00
Jouni Malinen
6b59e63f0e Include secondary channel config in no-hw-channel-found message
This makes the error message easier to understand if the AP mode setup
failure is caused by invalid secondary channel configuration while the
primary channel is valid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-14 19:31:14 +02:00
Aloka Dixit
9c02a0f5a6 FILS: Add generation of FILS Discovery frame template
Add hostapd configuration parameters for FILS Discovery frame
transmission interval and prepare a template for FILS Discovery frame
for the driver interface. The actual driver interface changes are not
included in this commit.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-02-14 18:03:49 +02:00
Jouni Malinen
c4c529e9cb Add a helper function for determining RSN capabilities field value
This information is needed in more than one place, so add a helper
function to avoid need to duplicate this code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-14 18:03:38 +02:00
Jouni Malinen
3eb5f7128e Do not include VHT elements in Beacon frames on the 6 GHz band
A similar change was previously done for Probe Response frames, but the
Beacon frame case was missed. Fix this to remove the VHT elements also
from Beacon frames on the 6 GHz since the relevant information is
included only in the HE elements on that band.

Fixes: 49e95ee1ee ("AP: Publish only HE capabilities and operation IEs on 6 GHz band")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-14 00:33:08 +02:00
Shay Bar
2c2b6d265b Add Transmit Power Envelope also for 6 GHz HE AP
According to IEEE P802.11ax/D8.0, add Transmit Power Envelope element
into Beacon and Probe Response frames when operating HE AP on the 6 GHz
band.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
2021-02-14 00:29:31 +02:00
Shay Bar
6c2b729de0 Use hostapd_get_oper_chwidth() when build Transmit Power Envelope element
hostapd_get_oper_chwidth(iconf) instead of direct access to
iface->conf->vht_oper_chwidth is needed here to be able to use this with
HE in cases where VHT is not enabled.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
2021-02-14 00:24:53 +02:00
Shay Bar
5d3c4496fb Make VHT Transmit Power Envelope element helper more generic
According to latest IEEE 802.11 standard, Transmit Power Envelope
element is also relevant to IEEE 802.11ax and is no longer called VHT
Transmit Power Envelope. Remove the VHT naming from the element and move
hostapd_eid_txpower_envelope() from ieee802_11_vht.c to ieee802_11.c in
preparation of using it with HE.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
2021-02-14 00:22:52 +02:00
Jouni Malinen
ad59639ed8 DPP2: Fix Authentication Request destination in the chirping case
The Authentication Request frames triggered by the reception of a
Presence Announcement frame were sent to the broadcast address. This is
not correct behavior since the source MAC address of the Presence
Announcement frame was supposed to override the Responder MAC address.
Fix this by using that source MAC address to avoid unnecessary use of
broadcast frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-09 20:41:08 +02:00
Aloka Dixit
598f671321 SAE: Avoid driver STA entry removal unnecessarily when using H2E/PK
The new status code values for SAE H2E and PK resulted in the
sta->added_unassoc cases incorrectly removing the STA entry after
successful SAE commit messages. Fix this by using sae_status_success()
instead of direct check for WLAN_STATUS_SUCCESS when processing SAE
commit messages before removing station entry.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2021-02-08 23:56:59 +02:00
Ilan Peer
99cd453720 hw_feature: Correctly select mode in case of the 6 GHz band
There are 2 HW modes with IEEE80211_MODE_A: one for the 5 GHz channels
and one for 6 GHz channels. Since hw_get_chan() checks all the
compatible hw modes, eventually, an incorrect hw mode is selected.

To fix this, add a function that checks if a specific mode supports
the requested frequency and if so use it as the current mode.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-08 00:54:10 +02:00
Rajkumar Manoharan
f728c867e3 AP: Extend Spatial Reuse Parameter Set
Extend SPR element to support following fields and pass all
information to kernel for driver use.
 * Non-SRG OBSS PD Max Offset
 * SRG BSS Color Bitmap
 * SRG Partial BSSID Bitmap

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2021-02-08 00:41:52 +02:00
Rajkumar Manoharan
c3d557b4df hostapd: Add HE 6 GHz band capability configuration
Enable user to configure Maximum MPDU Length, Maximum A-MPDU Length
Exponent, Rx Antenna Pattern Consistency, and Tx Antenna Pattern
Consistency of 6 GHz capability through config file.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2021-02-08 00:09:45 +02:00
Janusz Dziedzic
ef26fc19fa DFS: Allow switch to an available channel
For EU, where preCAC is allowed, we should allow switch to DFS available
channels, instead of restarting BSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2021-02-07 10:30:09 +02:00
Raphaël Mélotte
f95ccc102a WPS: Reconfigure credentials on hostapd config reload
When new credentials are configured and hostapd is reconfigured using
SIGHUP (or RELOAD on the ctrl_iface), also update the WPS credentials.

Before these changes, when WPS is triggered the Registar always serves
the credentials that were configured when hostapd started.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 17:15:31 +02:00
Raphaël Mélotte
2fd90eb095 WPS: Use helper variables to clean up code
This is in preparation of larger changes in hostapd_update_wps() to keep
the commits more readable.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 17:12:24 +02:00
Michal Kazior
3a00a86bb9 hostapd: Fix dpp_listen in DPP responder scenario
Some time ago it was found some drivers are setting their hw/ucode RX
filters restrictively enough to prevent broadcast DPP Action frames from
being received at upper layers in the stack.

A set of patches was introduced to the kernel and
ath9k driver as well as wpa_supplicant, e.g.,

  a39e9af90 ("nl80211: DPP listen mode callback")
  4d2ec436e ("DPP: Add driver operation for enabling/disabling listen mode")

However, the hostapd code itself was not calling the new multicast
registration. As such the AP side of things wasn't working as expected
in some scenarios. I've found this while trying to get ath9k working as
an AP Responder/Configurator.

The problem wasn't seen on, e.g., mac80211 hwsim driver.

Extend the wpa_supplicant mechanism to work with hostapd as well.

Signed-off-by: Michal Kazior <michal@plume.com>
2021-02-06 16:06:15 +02:00
Raphaël Mélotte
4a7e0ac268 hostapd: Add an option to notify management frames on ctrl_iface
In some contexts (e.g., Multi-AP) it can be useful to have access to
some of the management frames in upper layers (e.g., to be able to
process the content of association requests externally).

Add 'notify_mgmt_frames'. When enabled, it will notify the ctrl_iface
when a management frame arrives using the AP-MGMT-FRAME-RECEIVED event
message.

Note that to avoid completely flooding the ctrl_iface, not all
management frames are included (e.g., Beacon and Probe Request frames
are excluded).

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-02-06 13:56:18 +02:00
Andrei Otcheretianski
fa859ebb19 RSN+WPA: Fix RSNE removing in EAPOL-Key msg 3/4 when RSNXE is included
When the AP advertised RSNE, RSNXE, and WPA IE, hostapd incorrectly
removed the RSNE in the EAPOL-Key msg 3/4 if the STA associates with
WPA, leaving only RSNXE instead of WPA IE. WPA STA fails to connect to
such AP as the WPA IE is missing.

Since RSNXE is not really used in non-RSN connection, just remove it
here with RSNE.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-02-06 12:09:30 +02:00
Shay Bar
a287c20789 Disable HE capabilities when using unacceptable security config
Add HE configuration check similar to HT/VHT.

Signed-off-by: Shay Bar <shay.bar@celeno.com>
2021-02-06 11:41:09 +02:00
Muna Sinada
2acfd15a2a hostapd: Generalize channel switch methods to incorperated HE mode
Remove the VHT specific naming on methods that are utilized in both VHT
and HE modes.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2021-02-06 11:41:09 +02:00
Muna Sinada
2908dc91c1 hostapd: Enable HE for channel switch commmand
Add HE as an accepted option ("he") in the CHAN_SWITCH command similarly
to the way VHT is addressed.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2021-02-06 11:41:09 +02:00
Aloka Dixit
630b1fdba8 AP: Add 6 GHz security constraints
Add security constraints for the 6 GHz band as given in IEEE
P802.11ax/D8.0, 12.12.2.

Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
2021-02-02 23:39:31 +02:00
Ilan Peer
24f0507af4 WPA: Support deriving KDK based on capabilities (Authenticator)
Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local AP and the peer station declare
support for secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:39 +02:00
Ilan Peer
9e7b980d65 PASN: Include RSNXE in the PASN negotiation
IEEE P802.11az/D2.6 added definitions to include RSNXE in the PASN
negotiation. Implement the new functionality in both wpa_supplicant and
hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:09:36 +02:00
Ilan Peer
d8cd20e37b RSN: Add RSNXE new definitions
IEEE P802.11az/D2.6 defines the following additional capabilities to
RSNXE:

- Secure LTF support
- Secure RTT support
- Protection of range negotiation and measurement management frames.

Add support for advertising the new capabilities.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 23:08:27 +02:00
Ilan Peer
2eb2fb8bd4 AP: Support PASN with FT key derivation
Note that the implementation is not complete as it is missing support
for the FT wrapped data which is optional for the station, but must be
supported by the AP in case the station included it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-26 17:49:00 +02:00
Ilan Peer
62edb79a0c AP: Support PASN with FILS key derivation
As the PASN FILS authentication is only defined for FILS SK without PFS,
and to support PASN authentication with FILS, implement the PASN with
FILS processing as part of the PASN handling and not as part of the WPA
Authenticator state machine.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:28:33 +02:00
Ilan Peer
da35e1214d AP: Support PASN with SAE key derivation
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:14 +02:00
Ilan Peer
3040c8a2da AP: Add support for PASN processing to the SME
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 20:27:12 +02:00
Ilan Peer
f2f8e4f458 Add PTKSA cache to hostapd
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:47 +02:00
Ilan Peer
2c963a117a AP: Add support for configuring PASN
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 19:15:47 +02:00
Ilan Peer
d87f4aea11 FILS: Extend the fils_pmk_to_ptk() function to also derive KDK
Extend the fils_pmk_to_ptk() to also derive Key Derivation
Key (KDK) which can later be used for secure LTF measurements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
6e834db74e FT: Extend the wpa_pmk_r1_to_ptk() function to also derive KDK
Extend the wpa_pmk_r1_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
46c232eb76 WPA: Extend the wpa_pmk_to_ptk() function to also derive KDK
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.

Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Sreeramya Soratkal
833cdbe97d Add support for new 5 GHz channels 173 and 177
Add support for new channels 173 and 177 in the operating classes 125 to
130 as defined in draft IEEE P802.11ax/D8.0.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-01-22 19:18:10 +02:00
Purushottam Kushwaha
959af4f576 DPP: Abort authentication if no Auth Confirm is received within a second
After sending DPP Auth Response, the Responder might not receive the
Auth Confirm either due to the Initiator not sending it or the reception
of the frame failing for some reason (e.g., Responder having already
left the negotiation channel). If this happens, following initiation
attempts would fail since the consecutive Auth Request would get
discarded since the previous authentication is still in progress.

Terminate DPP authentication on Responder, if no Auth Confirm is
received within one second of successfully sending Auth Response. This
allows the Responder to accept start of a new exchange.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-01-22 19:18:10 +02:00
Veerendranath Jakkam
7131fede34 Extend the setband support for 6 GHz and band combinations
Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with
QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards
compatibility with old drivers that are using
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz
and 5 GHz bands.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-12-11 19:56:14 +02:00
John Crispin
d83eaa351e Add option to ignore Probe Request frames when RSSI is too low
Add a new hostapd configuration parameters rssi_ignore_probe_request to
ignore Probe Request frames received with too low RSSI.

Signed-off-by: John Crispin <john@phrozen.org>
2020-12-02 17:14:39 +02:00
David Bauer
4683b72183 DFS: Enter DFS state if no available channel is found
Previously hostapd would not stop transmitting when a DFS event was
detected and no available channel to switch to was available.

Disable and re-enable the interface to enter DFS state. This way, TX
does not happen until the kernel notifies hostapd about the NOP
expiring.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-12-02 16:49:29 +02:00
Shay Bar
eee0d242bb hostapd: Add ability to disable HT/VHT/HE per BSS
Add the ability to disable HT/VHT/HE for specific BSS from hostapd.conf.

- Add disable_11ax boolean to hostapd_bss_config.
- Change disable_11n and disable_11ac to bool in hostapd_bss_config.
- Add configuration option to set these disable_11* parameters
  (which were previously used only automatically based on incompatible
  security parameters to disable HT/VHT).

Signed-off-by: Shay Bar <shay.bar@celeno.com>
2020-12-02 13:41:18 +02:00
Markus Theil
7c2cad969a mesh: Fix DFS deinit/init
The hostapd DFS code deinitializes and initializes the AP interface, if
a clean channel switch is not possible. In this case the AP code paths
would deinit the driver, for example nl80211, without wpa_supplicant
code paths getting notice of this.

Therefore add callbacks for wpa_supplicant mesh methods, which are
called on init/deinit of the AP BSS. These callbacks are then used to
handle the reset in the mesh code.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-12-01 00:31:56 +02:00
Peter Oh
f1df4fbfc7 mesh: Use setup completion callback to complete mesh join
Mesh join function is the last function to be called during mesh join
process, but it's been called a bit earlier than it's supposed to be, so
that some mesh parameter values such as VHT capabilities were not
applied correct when mesh join is in process. Moreover, the current
design of mesh join that is called directly after mesh initialization
isn't suitable for DFS channels to use, since mesh join process should
be paused until DFS CAC is done and resumed after it's done.

The callback will be called by hostapd_setup_interface_complete_sync().
There is a possibility that completing mesh init fails, so add error
handling codes for that.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2020-11-30 11:57:37 +02:00
Rohan Dutta
fdf114641f nl80211: Send the sae_pwe value to the driver
Use NL80211_ATTR_SAE_PWE attribute to indicate the sae_pwe value
to the driver during the NL80211_CMD_START_AP and NL80211_CMD_CONNECT
in WPA3-Personal networks which are using SAE authentication.

Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
2020-11-16 15:50:44 +02:00
Vinita S. Maloo
c2c4686228 Set NLA_F_NESTED flag with NL80211_ATTR_VENDOR_DATA conditionally
The newer kernel versions enforce strict netlink attribute policy
validation and will cause cfg80211 to reject vendor commands with
NL80211_ATTR_VENDOR_DATA if NLA_F_NESTED attribute is not set but
if the vendor command is expecting nested data within
NL80211_ATTR_VENDOR_DATA attribute.

Most of the earlier instances were addressed by adding NLA_F_NESTED
flag in nla_nest_start(). This commit addresses the remaining
instance in which NL80211_ATTR_VENDOR_DATA is populated using data
set by user through the control interface.

Enhance the control interface VENDOR command to indicate whether the
vendor subcommand uses nested attributes within NL80211_ATTR_VENDOR_DATA
attribute or not.

Set NLA_F_NESTED flag for existing QCA vendor commands which use nested
attributes within the NL80211_ATTR_VENDOR_DATA attributes so that the
old frameworks implementations for already existing commands work
without any issues.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-10 23:48:00 +02:00
Jouni Malinen
a9fed5f5b5 Avoid undefined behavior with memcpy PMK/PSK update
When SAE is used, the local pointer pmk may point to sm->PMK. Skip the
memcpy operation in such a case since it is not really needed and use of
overlapping memory buffers is undefined behavior for memcpy().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-02 18:46:35 +02:00
Jouni Malinen
183e72ae13 SAE-PK: Do not accept SAE-PK status code when no PK is configured
Make sae_status_success() more explicit by rejecting SAE-PK status code
when the AP is not configured with PK.

Fixes: 20ccf97b3d ("SAE-PK: AP functionality")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-20 00:37:01 +03:00
Markus Theil
c3f37c35f0 DFS: Use helper functions for VHT/HE parameters
This is needed to cover the HE-specific conf->he_oper_chwidth value in
addition to conf->vht_oper_chwidth.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 13:05:11 +03:00
Markus Theil
7f8ac02e85 HE/VHT: Fix frequency setup with HE enabled
Some places in the code base were not using the wrappers like
hostapd_set_oper_centr_freq_seg0_idx and friends. This could lead to
errors, for example when joining 80 MHz mesh networks. Fix this, by
enforcing usage of these wrappers.

wpa_supplicant_conf_ap_ht() now checks for HE capability before dealing
with VHT in order for these wrappers to work, as they first check HE
support in the config.

While doing these changes, I've noticed that the extra channel setup
code for mesh networks in wpa_supplicant/mesh.c should not be necessary
anymore and dropped it. wpa_supplicant_conf_ap_ht() should handle this
setup already.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 12:44:09 +03:00
Johannes Berg
1d0d8888af build: Make more library things common
We don't really need to duplicate more of this, so just
move the lib.rules include to the end and do more of the
stuff that's common anyway there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:35 +03:00
Johannes Berg
f4b3d14e97 build: Make a common library build
Derive the library name from the directory name, and let each
library Makefile only declare the objects that are needed.

This reduces duplicate code for the ar call. While at it, also
pretty-print that call.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:20 +03:00
Johannes Berg
87098d3324 build: Put archive files into build/ folder too
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).

Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.

Note that due to the use of thin archives, this required
building with absolute paths.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:16:00 +03:00
Johannes Berg
722138cd25 build: Put object files into build/ folder
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.

This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.

For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:51:39 +03:00
Johannes Berg
06a6adb54e build: Use build.rules in lib.rules
Use the new build.rules in lib.rules and also unify the
clean targets to lib.rules.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:47:41 +03:00
Thomas Pedersen
a28d127b1a AP: Reflect status code in SAE reflection attack test
When testing SAE reflection, the incoming commit may have the H2E status
code (126) or SAE-PK (127), but the test code in the AP was always
sending back status code 0. The STA would then reject the commit
response due to expecting H2E/SAE-PK status code.

Just reflect the incoming status code so the commit can be rejected
based on the SAE contents regardless of which variant of SAE was used.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-10-09 16:50:36 +03:00
Veerendranath Jakkam
debf3e2165 OCV: Work around for misbehaving STAs that indicate OCVC=1 without OCI
Some legacy stations copy previously reserved RSN capability bits,
including OCVC, in (Re)Association Request frames from the AP's RSNE but
do not indicate MFP capability and/or do not send OCI in RSN handshakes.
This is causing connection failures with such erroneous STAs.

To improve interoperability with such legacy STAs allow a workaround OCV
mode to be enabled to ignore OCVC=1 from the STA if it does not follow
OCV requirements in the first protected exchange. This covers cases
where a STA claims to have OCV capability, but it does not negotiate use
of management frame protection or does not include OCI in EAPOL Key msg
2/4, FT Reassociation Request frame, or FILS (Re)Association Reqest.

The previous behavior with ocv=1 is maintained, i.e., misbehaving STAs
are not allowed to connect. When the new workaround mode is enabled with
ocv=2, the AP considers STA as OCV capable on below criteria
- STA indicates both OCV and MFP capability
- STA sends OCI during connection attempt in a protected frame

Enabling this workaround mode reduced OCV protection to some extend
since it allows misbehavior to go through. As such, this should be
enabled only if interoperability with misbehaving STAs is needed.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-08 18:46:38 +03:00
Shaakir Mohamed
d48a3a6768 FT: Modify status code in FT Reassoc frame for invalid OCI channel info
Modify status code in FT Reassociation Response frame from
WLAN_STATUS_UNSPECIFIED_FAILURE to WLAN_STATUS_INVALID_FTE when replying
to an invalid OCI channel info (subelement of FTE) in FT Reassociation
Request frame.

Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
2020-10-08 00:20:10 +03:00
Andrew Beltrano
980c4da413 DPP2: Presence Announcement notification in AP
Generate a control interface event upon receipt of DPP Presence
Announcement frames. This allows external programs to instrument hostapd
with bootstrapping information on-demand.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 21:20:18 +03:00
Andrew Beltrano
cf3d260c39 DPP2: Fix hostapd crash setting global configurator params on chirp RX
When a Presence Announcement frame is received, a check is done to
ensure an ongoing auth is not in progress (!hapd->dpp_auth). A new DPP
auth is then initialized, however, when setting global configurator
params for it, the hapd->dpp_auth pointer is used which was earlier
confirmed as NULL, causing a crash in dpp_set_configurator params when
the pointer is dereferenced.

This only occurs when there are global DPP configurator params to be set
and the peer has no overriding configurator params. If no global DPP
configurator params exist, the call to dpp_set_configurator exits early
and the problem is not observed.

Fix by using the newly init'ed DPP auth structure for setting global
DPP configurator params.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 20:57:36 +03:00
Disha Das
5c6c0d569a DPP: Fix GAS fragmentation for DPP Config Response from hostapd
The Query Response Length field was missing from GAS Initial Response
and GAS Comeback Response frames in the DPP specific code path from
hostaps GAS server. This resulted in invalid frames being used when the
DPP Config Response needed fragmentation. Fix this by adding the Query
Response Length fields into these frames.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 23:34:41 +03:00
Disha Das
a7f55f7f68 WPS: Enable SA Query checks for WPS AP
Initiate SA Query for a WPS+MFP AP. STA flag checks for MFP added for
Association Request frames that use WPS IE without RSNE. This is needed
to avoid giving an opportunity to skip the protection against
disconnections when WPS is enabled.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 22:44:43 +03:00
Jouni Malinen
cab139ebc2 Fix a typo in a comment
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-22 23:31:20 +03:00
Karthikeyan Kathirvel
7e20502f7a hostapd: Resolved compiler uninitialized warning
Resolved the below warning
../src/ap/ieee802_11.c:4535:25: warning: 'reply_res' may be used
uninitialized in this function [-Wmaybe-uninitialized]
  if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
		                           ^
Since reply_res is been assigned inside an if condition and so
compiler treats reply_res as uninitalized variable

Initialize reply_res with WLAN_STATUS_UNSPECIFIED_FAILURE.

Fixes: 5344af7d22 ("FT: Discard ReassocReq with mismatching RSNXE Used value")
Signed-off-by: Karthikeyan Kathirvel <kathirve@codeaurora.org>
2020-09-22 23:29:18 +03:00
Rohan
e3ba0c4cd2 Do not start SA Query procedure without keys
The AP mode condition for initiating the SA Query procedure when
receiving a new (Re)Association Request frame used only association
state and MFP negotiation result without checking that the key exchange
has been completed. This can give rise to a corner case where the SA
Query procedure may get started after open association but before the
4-way handshake has been completed, resulting in open SA query frames
over the air.

Fix this by adding station authorized check in hostapd_notif_assoc() and
check_assoc_ies().

Signed-off-by: Rohan <drohan@codeaurora.org>
2020-09-22 23:11:30 +03:00
Shaakir Mohamed
41f8189057 SAE-PK: Add support to skip sae_pk password check for testing purposes
Add support to skip sae_pk password check under compile flag
CONFIG_TESTING_OPTIONS which allows AP to be configured with
sae_pk enabled but a password that is invalid for sae_pk.

Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
2020-09-11 15:45:42 +03:00
Veerendranath Jakkam
a71b100c3b OCV: Allow connecting MFP incapable OCV STA when OCV is disabled in AP
Skip check to mandate MFP capability for OCV enabled STA when OCV is
disabled in AP. This is to improve interoperability with STAs in which
OCV capability is advertised incorrectly without advertising MFP when
OCV is disabled in AP.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-11 15:26:31 +03:00
Veerendranath Jakkam
5ecb45a41c OCV: Use more granular error codes for OCI validation failures
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-11 15:23:28 +03:00
Jouni Malinen
7ddb71224b DPP2: Support QR mutual auth scan-during-auth-exchange (hostapd)
Extend DPP authentication session search for the DPP_QR_CODE command to
cover the ongoing exchanges in Controller/Responder. This was previously
done for wpa_supplicant, but not for hostapd, so complete this support
on the hostapd side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-25 16:11:43 +03:00
Jouni Malinen
4ecb6dd16b DPP2: Controller support in hostapd
Extend hostapd support for DPP Controller to cover the DPP_CONTROLLER_*
cases that were previously implemented only in wpa_supplicant. This
allows hostapd/AP to be provisioned using DPP over TCP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-25 15:53:08 +03:00
Chittur Subramanian Raman
96e63008fb OWE: Do not add DH Params element in AssocResp with PMKSA caching
As per RFC 8110 (Opportunistic Wireless Encryption), if the AP has the
PMK identified by the PMKID and wishes to perform PMK caching, it will
include the PMKID in the Association Response frame RSNE but does not
include the Diffie-Hellman Parameter element.

This was already addressed for most cases with owe_process_assoc_req()
not setting sta->owe_ecdh in case PMKSA caching is used. However, it was
possible to an old STA entry to maintain the initial sta->owe_ecdh value
if reassociation back to the same AP was used to initiate the PMKSA
caching attempt. Cover that case by adding an explicit check for the
time when the Association Response frame is being generated.

Signed-off-by: Chittur Subramanian Raman <craman@maxlinear.com>
2020-08-22 13:33:10 +03:00
Jouni Malinen
c6a760b9c4 DPP: Add process_conf_obj into TCP connection data struct
This is needed to avoid issues with hostapd not having set this function
pointer in dpp_global.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-14 17:31:51 +03:00
Jouni Malinen
7f366fcbdc DPP: Add msg_ctx into TCP connection data struct
This is needed to avoid issues with hostapd not having set msg_ctx in
dpp_global.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-14 17:26:32 +03:00
Jouni Malinen
6aa7aa8089 DPP2: hostapd/AP as Enrollee/Initiator over TCP
Extend DPP support in hostapd to allow AP Enrollee role when initiating
the exchange using TCP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-14 16:44:38 +03:00
Rohan
0fa274d2bf Derive seg0_idx and seg1_idx for 6 GHz when processing channel switch
The function hostapd_event_ch_switch() derived the seg0_idx and seg1_idx
values only for the 5 GHz and 2.4 GHz bands and the 6 GHz case ended up
using incorrect calculation based on the 5 GHz channel definitions.

Fix this by adding support for 6 GHz frequencies.

Signed-off-by: Rohan <drohan@codeaurora.org>
2020-08-13 21:37:49 +03:00
Jouni Malinen
c6d0e5a93d DPP2: Add E-id in Reconfig Announcement
Add an encrypted Enrollee identifier into Reconfig Announcement frames
and decrypt that on the Configurator side. The actual E-id value is
currently not used for anything, but it can be used in the future to
provide better control over reconfiguration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-07 22:54:53 +03:00
Jouni Malinen
e5be6e68c8 DPP2: Add Enrollee netAccessKey group into Reconfig Announcement
This was added to the protocol design to support cases where the
C-sign-key uses a different group than the netAccessKey. The Enrollee
now indicates its netAccessKey group in Reconfig Announcement and the
Configurator builds it own reconfig Connector using that group instead
of the group used for the C-sign-key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-07 15:25:10 +03:00
Jouni Malinen
7ca81190a8 SAE-PK: Allow SAE-PK style wpa_passphrase if SAE-PK is enabled with same
This prevents use of a SAE-PK style password as the WPA-PSK passphrase
only if the same password is not also enabled through sae_password for
use with SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-06 23:52:07 +03:00
Jouni Malinen
f8c756c5b8 FT: Rename temporary blocking of nonresponsive R0KH
Avoid use of the "blacklist" term here to reduce undesired connotations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-07-24 12:25:32 +03:00
Muna Sinada
621745917f Allow HE-without-VHT to add the Channel Switch Wrapper element
Modify the check for VHT to include an option for HE in
hostapd_eid_wb_chsw_wrapper() and its callers to allow the Channel
Switch Wrapper element with the Wide Bandwidth Channel Switch subelement
to be included in Beacon and Probe Response frames when AP is operating
in HE mode without VHT.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2020-06-11 00:56:45 +03:00
Muna Sinada
d51b1b7a66 Move hostapd_eid_wb_chsw_wrapper() to non-VHT-specific file
Move hostapd_eid_wb_chsw_wrapper() from VHT specific ieee802_11_vht.c to
ieee802_11.c since this can be used for both HE and VHT. This commit
does not change any functionality to enable the HE use case, i.e., the
function is just moved as-is.

Signed-off-by: Muna Sinada <msinada@codeaurora.org>
2020-06-11 00:53:26 +03:00
Rajkumar Manoharan
1f72bbbefb AP: Reject association request upon invalid HE capabilities
Operation in the 6 GHz band mandates valid HE capabilities element in
station negotiation. Reject association request upon receiving invalid
or missing HE elements.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-06-10 21:34:38 +03:00
Rajkumar Manoharan
088bef1786 AP: Restrict Vendor VHT to 2.4 GHz only
Vendor VHT IE is used only on the 2.4 GHz band. Restrict the use of
vendor VHT element to 2.4 GHz. This will ensure that invalid/wrong user
configuration will not impact beacon data in other than the 2.4 GHz
band.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-06-10 21:30:50 +03:00
Rajkumar Manoharan
6a34bd3007 HE: Use device HE capability instead of HT/VHT for 6 GHz IEs
Previously, 6 GHz Band Capability element was derived from HT and VHT
capabilities of the device. Removes such unnecessary dependency by
relying directly on the HE capability.

In addition, clean up the struct ieee80211_he_6ghz_band_cap definition
to use a 16-bit little endian field instead of two 8-bit fields to match
the definition in P802.11ax.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-06-10 21:23:24 +03:00
Jouni Malinen
363dbf1ece SAE-PK: Remove requirement of SAE group matching SAE-PK (K_AP) group
This was clarified in the draft specification to not be a mandatory
requirement for the AP and STA to enforce, i.e., matching security level
is a recommendation for AP configuration rather than a protocol
requirement.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-10 12:46:49 +03:00
Subrat Dash
411e42673f Move local TX queue parameter parser into a common file
This allows the same implementation to be used for wpa_supplicant as
well.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-09 00:17:39 +03:00
Jouni Malinen
4ff0df39eb SAE-PK: Testing functionality to allow behavior overrides
The new sae_commit_status and sae_pk_omit configuration parameters and
an extra key at the end of sae_password pk argument can be used to
override SAE-PK behavior for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-08 15:21:18 +03:00
Jouni Malinen
0c4ffce464 Allow transition_disable updates during the lifetime of a BSS
This is mainly for testing purposes to allow more convenient checking of
station behavior when a transition mode is disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-07 17:06:52 +03:00
Jouni Malinen
cc22fb1b86 SAE: Move H2E and PK flags to main sae_data
This maintains knowledge of whether H2E or PK was used as part of the
SAE authentication beyond the removal of temporary state needed during
that authentication. This makes it easier to use information about which
kind of SAE authentication was used at higher layer functionality.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 15:18:13 +03:00
Jouni Malinen
20ccf97b3d SAE-PK: AP functionality
This adds AP side functionality for SAE-PK. The new sae_password
configuration parameters can now be used to enable SAE-PK mode whenever
SAE is enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Jouni Malinen
6b9e99e571 SAE-PK: Extend SAE functionality for AP validation
This adds core SAE functionality for a new mode of using SAE with a
specially constructed password that contains a fingerprint for an AP
public key and that public key being used to validate an additional
signature in SAE confirm from the AP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:25:22 +03:00
Jouni Malinen
661e661186 OCV: Allow OCI channel to be overridden for testing (AP)
Add hostapd configuration parameters oci_freq_override_* to allow the
OCI channel information to be overridden for various frames for testing
purposes. This can be set in the configuration and also updated during
the runtime of a BSS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-30 00:04:53 +03:00
Jouni Malinen
5a7bcb7725 OSEN: Do not send the actual BIGTK to OSEN STAs
OSEN STAs are not authenticated, so do not send the actual BIGTK for
them so that they cannot generate forged protected Beacon frames. This
means that OSEN STAs cannot enable beacon protection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:25:02 +03:00
Jouni Malinen
2d6cc0e670 FT: Do not expose GTK/IGTK in FT Reassociation Response frame in OSEN
Do not include the actual GTK/IGTK value in FT protocol cases in OSEN or
with DGAF disabled (Hotspot 2.0). This was already the case for the
EAPOL-Key cases of providing GTK/IGTK, but the FT protocol case was
missed. OSEN cannot really use FT, so that part is not impacted, but it
would be possible to enable FT in a Hotspot 2.0 network that has DGAF
disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:25:02 +03:00
Jouni Malinen
a998337895 WNM: Do not expose GTK/IGTK in WNM Sleep Mode Response frame in OSEN
Do not include the actual GTK/IGTK value in WNM Sleep Mode Response
frame if WNM Sleep Mode is used in OSEN or in a network where use of GTK
is disabled. This was already the case for the EAPOL-Key cases of
providing GTK/IGTK, but the WNM Sleep Mode exit case was missed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-29 21:04:40 +03:00
Hu Wang
d578e890eb OWE: Skip beacon update of transition BSS if it is not yet enabled
When a single hostapd process manages both the OWE and open BSS for
transition mode, owe_transition_ifname can be used to clone the
transition mode information (i.e., BSSID/SSID) automatically. When both
BSSs use ACS, the completion of ACS on the 1st BSS sets state to
HAPD_IFACE_ENABLED and the OWE transition mode information is updated
for all the other BSSs. However, the 2nd BSS is still in the ACS phase
and the beacon update messes up the state for AP startup and prevents
proper ACS competion.

If 2nd BSS is not yet enabled (e.g., in ACS), skip beacon update and
defer OWE transition information cloning until the BSS is enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-26 16:23:39 +03:00
Jouni Malinen
8ee0bc622a OCV: Disconnect STAs that do not use SA Query after CSA
Verify that all associated STAs that claim support for OCV initiate an
SA Query after CSA. If no SA Query is seen within 15 seconds,
deauthenticate the STA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 21:57:04 +03:00
Jouni Malinen
01ceb88c77 OCV: Report validation errors for (Re)Association Request frames
Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in FT and FILS (Re)Association Request frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 20:46:32 +03:00
Jouni Malinen
a3556d5813 OCV: Report validation errors for EAPOL-Key messages in AP mode
Add the OCV-FAILURE control interface event to notify upper layers of
OCV validation issues in EAPOL-Key msg 2/4 and group 2/2.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 19:09:12 +03:00
Jouni Malinen
d52067a5b6 OCV: Report validation errors for SA Query Request/Response in AP mode
Add a new OCV-FAILURE control interface event to notify upper layers of
OCV validation issues. This commit adds this for SA Query processing in
AP mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 18:42:00 +03:00
Jouni Malinen
52579be860 OCV: Move "OCV failed" prefix to callers
Make reporting of OCV validation failure reasons more flexible by
removing the fixed prefix from ocv_verify_tx_params() output in
ocv_errorstr so that the caller can use whatever prefix or encapsulation
that is most appropriate for each case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 18:34:59 +03:00
Jouni Malinen
d9532eb70f Debug print PMK-R0/R1 and PMKR0/R1Name in the helper functions
There is no need to have all callers debug print these separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-23 21:45:29 +03:00
Rajkumar Manoharan
dd2daf0848 HE: Process HE 6 GHz band capab from associating HE STA
Process HE 6 GHz band capabilities in (Re)Association Request frames and
pass the information to the driver.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-05-17 17:22:34 +03:00
Rajkumar Manoharan
db603634a9 HE: Add 6 GHz Band Capabilities element in Beacon and response frames
Construct HE 6 GHz Band Capabilities element (IEEE 802.11ax/D6.0,
9.4.2.261) from HT and VHT capabilities and add it to Beacon, Probe
Response, and (Re)Association Response frames when operating on the 6
GHz band.

Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-05-17 16:47:18 +03:00
neo_jou
025ab330b4 ACS: Channel selection based freqlist
When doing ACS, check freqlist also if it is specified.

Signed-off-by: neojou <neojou@gmail.com>
2020-05-17 01:31:19 +03:00
Jouni Malinen
d3cab56c04 Rename WPA_ALG_IGTK to use the correct cipher name for BIP
IGTK is the key that is used a BIP cipher. WPA_ALG_IGTK was the
historical name used for this enum value when only the AES-128-CMAC
based BIP algorithm was supported. Rename this to match the style used
with the other BIP options.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-17 01:31:19 +03:00
Johannes Berg
bd1aebbd08 hostapd: Extend RESET_PN for BIGTK
Extend the RESET_PN command to allow resetting the BIGTK PN
for testing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-05-17 01:31:16 +03:00
Jouni Malinen
5a04a76aa2 Ignore Management frames while AP interface is not fully enabled
It is possible for drivers to report received Management frames while AP
is going through initial setup (e.g., during ACS or DFS CAC). hostapd
and the driver is not yet ready for actually sending out responses to
such frames at this point and as such, it is better to explicitly ignore
such received frames rather than try to process them and have the
response (e.g., a Probe Response frame) getting dropped by the driver as
an invalid or getting out with some incorrect information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 12:16:34 +03:00
Jouni Malinen
c82535edd6 Move deauthentication at AP start to be after beacon configuration
This allows nl80211-based drivers to get the frame out. The old earlier
location resulted in the driver operation getting rejected before the
kernel was not ready to transmit the frame in the BSS context of the AP
interface that has not yet been started.

While getting this broadcast Deauthentication frame transmitted at the
BSS start is not critical, it is one more chance of getting any
previously associated station notified of their previous association not
being valid anymore had they missed previous notifications in cases
where the AP is stopped and restarted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 11:38:09 +03:00
Jouni Malinen
094c8a6218 Remove unnecessary key clearing at AP start with nl80211
cfg80211 takes care of key removal when link/association is lost, so
there is no need to explicitly clear old keys when starting AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-16 11:28:03 +03:00
Jouni Malinen
98e4b38403 DPP2: Chirping in hostapd Enrollee
Add a new hostapd control interface command "DPP_CHIRP own=<BI ID>
iter=<count>" to request chirping, i.e., sending of Presence
Announcement frames, to be started. This follows the model of similar
wpa_supplicant functionality from commit 562f77144c ("DPP2: Chirping
in wpa_supplicant Enrollee"). The hostapd case requires the AP to be
started without beaconing, i.e., with start_disabled=1 in hostapd
configuration, to allow iteration of channels needed for chirping.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-13 17:59:05 +03:00
Jouni Malinen
95471fc3e8 Handle hostapd_for_each_interface() at the process termination
Clean struct hapd_interfaces pointers and interface count during
deinitialization at the end of theh ostapd process termination so that a
call to hostapd_for_each_interface() after this does not end up
dereferencing freed memory. Such cases do not exist before this commit,
but can be added after this, e.g., for DPP needs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-13 17:39:01 +03:00
Jouni Malinen
890ae336c0 DPP2: Clean up CONFIG_DPP2 use with configurator connectivity IE
Avoid duplicated return statement in CONFIG_DPP2=y builds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:30:26 +03:00
Jouni Malinen
6dcb8aaf13 DPP2: Reconfig Announcement relaying from AP to Controller
Recognize the Reconfig Announcement message type and handle it similarly
to the Presence Announcement in the Relay, i.e., send it to the first
Controller if the local Configurator does not have matching C-sign-key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
24b01c706b DPP2: Reconfig Authentication Response processing and Confirm generation
Extend Configurator functionality to process Reconfig Authentication
Response message, derive the needed keys, and generate Reconfig
Authentication Confirm message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:09 +03:00
Jouni Malinen
3774b6bd03 DPP2: Reconfig Authentication Request generation and transmission
Extend Configurator functionality to sign a special Connector for
reconfiguration and reply with Reconfig Authentication Request frame
when Reconfig Announcement frame is received with a matching C-sign key
hash value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
66ac616cdb DPP2: Process received Reconfig Announcement frame
Check if there is a matching Configurator and be ready to initiate
Reconfig Authentication (which itself is not included in this commit).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
12c8eacf73 DPP: Allow version number to be overridden for testing purposes
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
9561925b4d DPP2: Detect PFS downgrade attack while processing EAPOL-Key msg 2/4
Do not allow association to continue if the local configuration enables
PFS and the station indicates it supports PFS, but PFS was not
negotiated for the association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
b11a12401a DPP2: Add DPP KDE into EAPOL-Key msg 3/4 when using DPP AKM
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
42acf1292d DPP2: Add Protocol Version attribute to network introduction messages
This can be used to determine whether to try to negotiate PFS (only
available with version 2 or higher).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
a7d6098fb4 Add PRINTF_FORMAT for printf wrapper functions
This avoids compiler format-nonliteral warnings ("format string is not a
string literal").

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-02 21:04:17 +03:00
Jouni Malinen
a803ba4f9d Use more specific reason codes for 4-way handshake timeouts
IEEE 802.11 defines reason codes for indicating 4-way handshake and
group key handshake timeouts. Use those reason codes instead of the more
generic one for these particular cases in the Authenticator state
machine.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-29 13:00:53 +03:00
Jouni Malinen
2c55e67aaf airtime_policy: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
0365458eb8 HE: Replace Boolean with C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
5e5eb5a312 MACsec: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
37e3501bf7 FST: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
3dc69721e8 EAPOL auth: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
56024a233a WPA auth: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
bb9e3935dd driver: Add second driver capability flags bitmap
All 64 bits of the capability flags bitmap are used, so add a new
variable to hold future capability bits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 15:53:02 +03:00
Disha Das
6b1c590ebb Allow TKIP support to be removed from build
Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from
hostapd and wpa_supplicant builds. This disables use of TKIP as both the
pairwise and group cipher. The end result does not interoperate with a
WPA(v1)-only device or WPA+WPA2 mixed modes.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
a6c689d354 FT: Testing override for RSNXE Used subfield in FTE (AP)
Allow hostapd to be requested to override the RSNXE Used subfield in FT
reassociation case for testing purposes with "ft_rsnxe_used=<0/1/2>"
where 0 = no override, 1 = override to 1, and 2 = override to 0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 23:39:57 +03:00
Jouni Malinen
5344af7d22 FT: Discard ReassocReq with mismatching RSNXE Used value
Discard the FT Reassociation Request frame instead of rejecting it
(i.e., do not send Reassociation Response frame) if RSNXE Used is
indicated in FTE, but no RSNXE is included even though the AP is
advertising RSNXE.

While there is not really much of a difference between discarding and
rejecting the frame, this discarding behavior is what the standard says
for this type of an error case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Jouni Malinen
153333ef6b FT RRB: Remove confusing debug print about extra data
The "FT: Ignore extra data in end" hexdump is quite confusing since it
shows all the IEs that were actually either processed or forwarded.
There is no code path that could reach this debug print with actual real
extra data. Remove it and the dead increment of pos to avoid warnings
from static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 23:42:05 +03:00
Jouni Malinen
d867e11811 FT: Remove and re-add STA entry after FT protocol success with PMF
Allow STA entry to be removed and re-added to the driver with PMF is
used with FT. Previously, this case resulted in cfg80211 rejecting STA
entry update after successful FT protocol use if the association had not
been dropped and it could not be dropped for the PMF case in
handle_auth().

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 21:53:10 +03:00
Jouni Malinen
bf9f49396b OWE: Remove check for unexpected DH Parameter IE use with other AKMs
While the Diffie-Hellman Parameter element is defined in RFC 8110
explicitly for use witht he OWE AKM, it has now been proposed to be used
with another AKM (DPP). Should any other AKM be extended in similar
manner in the future, the check against unexpected use could result in
additional interoperability issues. Remove that and instead, ignore the
unexpected Diffie-Hellman Parameter element if it is included in
(Re)Association Request frame when any other AKM is negotiated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-03 12:18:11 +03:00
Jouni Malinen
e4eb009d98 DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfig
If the Enrollee indicates support for DPP R2 or newer, add Connector and
C-sign-key in psk/sae credentials (i.e., cases where DPP AKM is not
enabled) for reconfiguration. Extend processing of such credentials in
wpa_supplicant network profile addition to handle this new case
correctly by not setting key_mgmt=DPP based on Connector being present,
but by looking at the actual akm value in the config object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-02 21:34:49 +03:00
Jouni Malinen
a371164f88 Process received WNM Notification Request for beacon protection failures
Report received notifications for beacon protection failures in syslog
and control interface.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-01 16:30:12 +03:00
Sergey Matyukevich
91498a1225 hostapd: DFS for channel switch in repeater mode
In repeater mode remote AP may request channel switch to a new channel.
Check if DFS is required for the new channel before proceeding with
normal AP operations. Start CAC procedure if radar detection is required
and channel is not yet marked as available.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2020-03-29 21:15:16 +03:00
Sergey Matyukevich
683e7c7559 DFS: Add new hostapd_is_dfs_overlap() helper
Add a new hostapd_is_dfs_overlap() helper function to DFS module. This
function tells whether the selected frequency range overlaps with DFS
channels in the current hostapd configuration. Selected frequency reange
is specified by its center frequency and bandwidth.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2020-03-29 21:15:16 +03:00
Sergey Matyukevich
7988767393 DFS: Rename and export hostapd_config_dfs_chan_available helper
Rename DFS helper hostapd_config_dfs_chan_available() to
hostapd_is_dfs_chan_available(). Enable access to this helper function
from other hostapd components.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2020-03-29 21:15:16 +03:00
Alexander Wetzel
3f88d2ba0d AP: Drop not needed condition to delete PTK ID 1
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-29 21:15:16 +03:00
Jouni Malinen
54e2961f80 Add a hostapd testing option for skipping association pruning
The new skip_prune_assoc=1 parameter can be used to configure hostapd
not to prune associations from other BSSs operated by the same process
when a station associates with another BSS. This can be helpful in
testing roaming cases where association and authorization state is
maintained in an AP when the stations returns.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-28 20:39:19 +02:00
Jouni Malinen
7b156a3c5a wpa_auth: Use printf format %zu instead of type casts
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-28 19:54:10 +02:00
Jouni Malinen
f83d3491b9 wpa_auth: Do not split strings into multiple lines
Avoid unnecessary splitting of long string constants into multiple
lines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-28 19:48:32 +02:00
Jouni Malinen
9385f03feb wpa_auth: Coding style cleanup for pointer is NULL comparisons
Use !ptr instead of ptr == NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-28 19:36:00 +02:00
Jouni Malinen
62e12afcf1 wpa_auth: Clean up pointer dereferences
Use local variables to avoid sm->wpa_auth->conf type of dereferences
where multiple instances within a function can be cleaned up.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-28 19:29:12 +02:00
Jouni Malinen
7c021dec3a DPP2: Allow AP to require or reject PFS
The new hostapd configuration parameter dpp_pfs can be used to specify
how PFS is applied to associations. The default behavior (dpp_pfs=0)
remains same as it was previously, i.e., allow the station to decide
whether to use PFS. PFS use can now be required (dpp_pfs=1) or rejected
(dpp_pfs=2).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-28 12:33:48 +02:00
Jouni Malinen
ca57d5f553 Return an enum from wpa_validate_wpa_ie()
This is more specific then returning a generic int and also allows the
compiler to do more checks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-28 12:30:46 +02:00
Sathishkumar Muruganandam
2b4f9ce287 hostapd: Add HE bit in BSSID Information field of own Neighbor Report
Add definition for HE bit in neighbor report BSSID Information field
from IEEE P802.11ax/D6.0, 9.4.2.36 Neighbor Report element.

Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2020-03-27 23:52:24 +02:00
Jouni Malinen
db1ef82538 DPP2: Presence Announcement processing in AP/Relay
Process the received Presence Announcement frames in AP/Relay. If a
matching bootstrapping entry for the peer is found in a local
Configurator, that Configurator is used. Otherwise, the frame is relayed
to the first configured Controller (if available).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
6f5bc15bec DPP2: Configurator Connectivity indication
Add a new hostapd configuration parameter
dpp_configurator_connectivity=1 to request Configurator connectivity to
be advertised for chirping Enrollees.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 20:05:25 +02:00
Jouni Malinen
514cc49ba5 DPP: Store global pointers in struct dpp_authentication
Set the global pointer and msg_ctx when allocating struct
dpp_authentication instead of needing to pass these to
dpp_set_configurator().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-27 17:44:06 +02:00
Jouni Malinen
b7275a8142 Update STA flags to the driver immediately on disconnection
hostapd (and wpa_supplicant in AP mode) was internally updating the STA
flags on disconnection cases to remove authorization and association.
However, some cases did not result in immediate update of the driver STA
entry. Update all such cases to send out the update to the driver as
well to reduce risk of race conditions where new frames might be
accepted for TX or RX after the port authorization or association has
been lost and configured keys are removed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 17:51:03 +02:00
Jouni Malinen
82cc0b0cc2 Allow hostapd AP to advertise Transition Disable KDE
The new hostapd configuration parameter transition_disable can now be
used to configure the AP to advertise that use of a transition mode is
disabled. This allows stations to automatically disable transition mode
by disabling less secure network profile parameters.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-26 00:12:41 +02:00
Noam Shaked
e520de8dbe Add ACS support for 60 GHz channel bonding
hostapd will trigger EDMG auto channel selection by setting
QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED. The 60 GHz driver will be
called to start an auto channel selection and will return the
primary channel and the EDMG channel.

Signed-off-by: Noam Shaked <nshaked@codeaurora.org>
2020-03-24 22:15:32 +02:00
Alexander Wetzel
862aac1fcd AP: Support Extended Key ID
Support Extended Key ID in hostapd according to IEEE Std 802.11-2016.

Extended Key ID allows to rekey pairwise keys without the otherwise
unavoidable MPDU losses on a busy link. The standard is fully backward
compatible, allowing an AP to serve STAs with and without Extended Key
ID support in the same BSS.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-23 11:43:10 +02:00
Jouni Malinen
ae7193611f Limit maximum number of pending SA Queries
There is no point in starting a huge number of pending SA Queries, so
limit the number of pending queries to 1000 to have an explicit limit
for how large sa_query_count can grow.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 18:50:04 +02:00