Commit graph

6964 commits

Author SHA1 Message Date
Jouni Malinen
a7b7ce82f4 FT: Allow cached XXKey/MPMK to be used if new XXKey is not available
This allows authenticator side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:52:43 +03:00
Jouni Malinen
64f4809371 FT: Store XXKey/MPMK in PMKSA cache instead of MSK (authenticator)
When completing FT initial mobility domain association with EAP, store
XXKey/MPMK in the PMKSA cache instead of MSK. The previously stored MSK
was of no use since it could not be used as the XXKey for another FT
initial mobility domain association using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:52:08 +03:00
Jouni Malinen
0c46b1a516 FT: Allow cached XXKey/MPMK to be used if new XXKey is not available
This allows supplicant side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:50:51 +03:00
Jouni Malinen
16c511449d FT: Store XXKey/MPMK in PMKSA cache instead of MSK (supplicant)
When completing FT initial mobility domain association with EAP, store
XXKey/MPMK in the PMKSA cache instead of MSK. The previously stored MSK
was of no use since it could not be used as the XXKey for another FT
initial mobility domain association using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-28 15:48:58 +03:00
Jouni Malinen
e0e15fc236 Remove unused crypto_bignum_bits()
This wrapper function is not needed anymore.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:43:45 +03:00
Jouni Malinen
73338db029 Share common SAE and EAP-pwd functionality: own scalar generation
Use a shared helper function for deriving rand, mask, and own scalar.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 17:33:44 +03:00
Jouni Malinen
c3805fb623 Ignore channel switch event if AP interface is not yet ready
It is apparently possible to somehow trigger the driver to report a
channel switch event during ACS operation when the interface information
is not yet complete. hapd->iface->current_mode could be NULL in that
case and that would result in process termination due to NULL pointer
dereference.

It should not really be possible to trigger a channel switch during ACS
is running (i.e., before the AP mode operation has been started), but
since that has been seen in an arbitrary test sequence with interface
start/stop operations with various parameters (both valid and invalid),
better prevent a crash here by ignoring the unexpected event instead of
trying to process it.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:24:31 +03:00
Jouni Malinen
eb314e8af2 Verify that channel info is available in hostapd_hw_get_channel()
Unexpected CHAN_SWITCH command could get this function using a NULL
pointer if the channel switch was requested while the interface was
already disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:17:59 +03:00
Jouni Malinen
b9058266f0 Clear cached extended_capa pointers on hapd_deinit() call
driver->hapd_deinit() is going to free the memory that the cached
pointers are pointing to, so clear the pointers to avoid possibility of
dereferencing used memory. It seemed to be possible to hit a code path
using those fields by issuing a CHAN_SWITCH command on disabled hostapd
interface in some cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 16:15:15 +03:00
Hu Wang
6afde52a78 Indicate ieee80211ax configuration in hostapd STATUS output
This adds a ieee80211ax=0/1 line to the STATUS output to indicate
the configuration of ieee80211ax, which similar to ieee80211n and
ieee80211ac.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-26 15:06:30 +03:00
Jouni Malinen
e6f9eab90e HE: Fix HE Operation element byte order on bigendian CPUs
The first four octets of the element were used as a host byte order u32.
That is not correct on bigendian CPUs, so handle byte swapping needs
properly. Mark the he_oper_params field as le32 to explicitly indicate
the byte order and swap the generated params content based on CPU byte
order.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:57:47 +03:00
John Crispin
3869c159d9 HE: Fix HE operation field size
The current code will always use the size required when all optional
elements are present. This will cause the Linux kernel to consider the
field to be malformed if the elements are not actually flagged as being
present.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 23:51:04 +03:00
Jouni Malinen
17749e948a Share common SAE and EAP-pwd functionality: is_quadratic_residue
Use a shared helper function for the blinded mechanism of determining
the Legendre symbol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
a9615b1b88 Share common SAE and EAP-pwd functionality: random 1..p-1 creation
Use a shared helper function to create a random value in 1..p-1 range
for is_quadratic_residue().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
6c9543fcb7 Share common SAE and EAP-pwd functionality: random qr/qnr creation
Use a shared helper function to create random qr/qnr values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
2b84ca4dd9 Share common SAE and EAP-pwd functionality: suitable groups
Start sharing common SAE and EAP-pwd functionality by adding a new
source code file that can be included into both. This first step is
bringing in a shared function to check whether a group is suitable.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:49 +03:00
Jouni Malinen
ff229da309 Share a single buf_shift_right() implementation
Move the identical function used by both SAE and EAP-pwd to
src/utils/common.c to avoid duplicated implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 23:49:43 +03:00
Jouni Malinen
1e237903f5 OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available
This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
differences in runtime and memory access patterns depending on the
leading bytes of the BIGNUM value.

OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
are still using the previous implementation where the BN_num_bytes()
call may result in different memory access pattern.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 19:24:32 +03:00
Jouni Malinen
7958223fdc EAP-pwd: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 19:07:05 +03:00
Jouni Malinen
8e14b030e5 SAE: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 18:52:34 +03:00
John Crispin
2ec71488b5 HE: Add Spatial Reuse Parameter Set element to the Beacon frames
SPR allows us to detect OBSS overlaps and allows us to do adaptive CCA
thresholds. For this to work the AP needs to broadcast the element
first.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 12:15:36 +03:00
John Crispin
2fde3caa3a HE: Properly populate Beacon template prior to sending it to the kernel
Properly populate the the HE Capabilities element with the info read
from the kernel.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 12:00:51 +03:00
John Crispin
7cac255632 HE: Fix Operation Parameters order
According to P802.11ax/D4.0 9.4.2.238 (HE Operation element) the BSS
Color Information field is located after the HE Operation Parameters
field. Fix the ordering of the bit masks/offsets for fields in these 3+1
octets used as a single 32-bit value. With these changes, Wireshark 3.2
is able to properly parse and display Beacon frames.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:55:39 +03:00
John Crispin
83f30fabe3 HE: Disable TXOP duration-based RTS if he_rts_threshold is not set
IEEE P802.11ax/D4.0 9.4.2.243 "HE Operation element" indicates that the
special value 1023 in the TXOP Duration RTS Threshold field is used to
indicate that TXOP duration-based RTS is disabled. Use that value as the
default instead of the previously used value 0 which would really mean
threshold of 0 usec. Furthermore, the previous implementation did not
allow values larger than 255 to be used for this field while the field
is actually 10 bits in size.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
John Crispin
5b3940d0c2 nl80211: Add driver HE capabilities parsing support
Add code to parse NL80211_BAND_ATTR_IFTYPE_DATA when reading the band
info. This is needed to find out about the local HE capabilities in AP
mode.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
Jouni Malinen
1b90aae929 nl80211: Remove QCA vendor specific HE capability handling
The QCA_NL80211_VENDOR_SUBCMD_GET_HE_CAPABILITIES attributes are not
up-to-date with the latest P802.11ax/D4.0 capabilities and would need to
be updated or replaced. Since the variables from this functionality were
not used for anything in practice, it is easier to simply remove this
functionality completely to avoid issues with upcoming updates to use
upstream nl80211 information to determine HE capabilities.

This is practically reverting the commit ca1ab9db2a ("hostapd: Get
vendor HE capabilities").

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 11:43:59 +03:00
Omer Dagan
95f556f3c7 Make channel switch started event available over control interface
This makes it easier to upper layer components to manage operating
channels in cases where the same radio is shared for both station and AP
mode virtual interfaces.

Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
9c95124418 Add 802.11 status code strings
Logs involving IEEE 802.11 Status Codes output the Status Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each status code using the latter part
of the Status Code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:07 +03:00
Jouni Malinen
4be17ffbd9 Replace int status/reason_code with u16 variable
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Alex Khouderchah
cfde99a84b Add 802.11 reason code strings into wpa_supplicant messages
Logs involving IEEE 802.11 Reason Codes output the Reason Code value,
but do not provide any explanation of what the value means. This change
provides a terse explanation of each Reason Code using the latter part
of the reason code #define names.

Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
2019-04-22 22:08:05 +03:00
Jouni Malinen
e00f780e2b DPP2: hostapd as TCP Relay
The new hostapd configuration parameter dpp_controller can now be used
with the following subparameter values: ipaddr=<IP address>
pkhash=<hexdump>. This adds a new Controller into the configuration
(i.e., more than one can be configured) and all incoming DPP exchanges
that match the specified Controller public key hash are relayed to the
particular Controller.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
88a78bdde4 DPP2: Protocol exchange over TCP using Controller/Relay
Add initial implementation of DPP-over-TCP. This adds the general TCP
encapsulation routines into the shared src/common/dpp.c implementation.
That functionality will be exposed through hostapd and wpa_supplicant in
the following commits.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-22 21:08:59 +03:00
Jouni Malinen
9ffec2e854 DPP: Make pkhash available in bootstrapping info
This can be helpful for testing DPP2 Controller functionality (get
pkhash from Controller to Relay).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-21 23:14:37 +03:00
Jouni Malinen
2ed2b52ff5 DPP: Add configuration structure to dpp_global_init()
This can be used to provide configurable parameter to the global DPP
context. This initial commit introduces the msg_ctx context pointer for
wpa_msg().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-21 21:35:32 +03:00
Jouni Malinen
516ccede8f The master branch is now used for v2.9 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-21 17:04:07 +03:00
Jouni Malinen
6396282430 Preparations for v2.8 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-21 10:10:22 +03:00
Jouni Malinen
fa52bc8b98 EAP-PAX server: Fix message length checks for MSGDUMP level hexdump
EAP-PAX server implementation could end up reading beyond the end of the
buffer if MSGDUMP level debugging was enabled and a message without the
ICV field was received. Fix this by using more strict message length
validation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-20 00:27:15 +03:00
Jouni Malinen
b3c2b5d9f7 EAP-PAX server: Check hash function results
While these local failure cases are mostly theoretical, it is better to
check for the errors explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-20 00:27:15 +03:00
Jouni Malinen
a3be79a142 EAP-GPSK server: Fix memory freeing on error path
Allocated struct wpabuf was freed with incorrect freeing function. Fix
this by using the appropriate function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 17:08:27 +03:00
Jouni Malinen
848718ddde EAP-SAKE: Report hash function failures to callers
While this is mostly theoretical, the hash functions can fail and it is
better for the upper layer code to explicitly check for such failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 16:52:01 +03:00
Jouni Malinen
24b06511e2 EAP-SAKE server: Fix memory freeing on error path
Allocated struct wpabuf was freed with incorrect freeing function. Fix
this by using the appropriate function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-19 16:44:38 +03:00
Jouni Malinen
b583ed38df FT: Derive PTK properly for rekeying with FT protocol
Do not try to derive a PMK-R0 and PMK-R1 again for the case where an
association was started with FT protocol and PTK is rekeyed using 4-way
handshake. Instead, use the previously derived PMK-R1 to allow a new PTK
to be derived.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 11:45:13 +03:00
Jouni Malinen
fb1dee221b FT: Do not add bogus PMKID in msg 1/4 for FT protocol PTK rekeying
Do not try to derive a PMKID for EAPOL-key msg 1/4 when going through
4-way handshake to rekey PTK during an association that was started
through FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
8a576f5ea5 FT: Maintain PMK-R1 for a connected STA
This is needed to allow PTK rekeying to be performed through 4-way
handshake in an association started through FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
09ab81b9e8 WPA: Clear authenticator keys for a STA on deinit/disconnection
Do not leave keys in heap memory after they are no longer needed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:30 +03:00
Jouni Malinen
f006c13c14 WPA: Stop WPA statement on STA disassociation
This is needed to avoid leaving some timers (e.g., for PTK rekeying)
running afrer a STA has disassociated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:29 +03:00
Jouni Malinen
d178ab0d57 FT: Start PTK rekey timer on FT protocol completion
This is needed to trigger PTK rekeying properly for associations started
with FT protocol.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:12:29 +03:00
Jouni Malinen
267c366f38 FT: Remove unused pmk argument from wpa_auth_derive_ptk_ft()
FT rules for PTK derivation do not use PMK. Remove the unused argument
to the PTK derivation function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:05:47 +03:00
Jouni Malinen
0a1a82db92 FT: Allow 4-way handshake for PTK rekeying to continue without PMK/PMKID
There is no PMK/PMKID when going through 4-way handshake during an
association started with FT protocol, so need to allow the operation to
proceed even if there is no selected PMKSA cache entry in place.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-19 01:05:41 +03:00
Jouni Malinen
a40bd06e9b FILS: Fix PTK rekeying
The PMK and PMKID information from FILS ERP and FILS PMKSA caching needs
to be stored within struct wpa_state_machine for PTK to work. Without
this, PTK derivation would fail and attempt to go through rekeying would
result in disconnection. Furthermore, wpa_rekey_ptk() timer needs to be
started at the completion of FILS association since the place where it
was done for non-FILS cases at the end of 4-way handshake is not reached
when FILS authentication is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 21:55:39 +03:00