Commit graph

15126 commits

Author SHA1 Message Date
Jouni Malinen
ad5c385db9 HS 2.0 server: Replace deprecated PHP function split()
Use explode() instead of split() because split() has been removed from
PHP 7.0.0 and there is no need for using full regular expression here.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-10 23:41:35 +03:00
Jouni Malinen
02eec9954c XML: Do not add empty Value node for nodes with child nodes in TNDS
This fixes some validation issues against DM_ddf DTD that were caused by
the conversion from the internal tree structure to TNDS. Only the leaf
nodes are supposed to have the Value node.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-10 21:43:43 +03:00
Kiran Kumar Lokere
13dd13fc01 Define test config attribute to configure OM control support
Define a new QCA vendor specific test config attribute to configure the
support for receiving the MPDU with operating mode control subfield.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-06 00:01:57 +03:00
Beni Lev
077232f603 OCE: Add OCE capability attribute only when associating to an OCE AP
Signed-off-by: Beni Lev <beni.lev@intel.com>
2018-09-02 18:16:30 +03:00
Roee Zamir
2ac4333404 OCE: Send scan parameters when OCE_STA functionality is enabled
If the device supports OCE features and OCE is enabled, set the relevant
scan parameters and FILS Request Parameters element with Max Channel
Time.

Signed-off-by: Roee Zamir <roee.zamir@intel.com>
2018-09-02 18:08:51 +03:00
Roee Zamir
d6801b0545 nl80211: Support OCE features (driver capability and scan params)
Check if the device supports specific mandatory features and set the the
relevant WPA_DRIVER_FLAGS_OCE_STA flag. Send the relevant scan
parameters for OCE scans.

Signed-off-by: Roee Zamir <roee.zamir@intel.com>
2018-09-02 17:59:01 +03:00
Roee Zamir
938dd97a84 driver: Add OCE scan parameters
Add a flag to scan parameters that enables OCE scan features. If this
flag is set the device should enable the following features as defined
in the Optimized Connectivity Experience Technical Specification v1.0:
- Overwrite FILS request Max Channel Time with actual value (clause 3.8)
- Send Probe Request frame in high rate (at least 5.5 Mbps) (clause 3.12)
- Probe Request frame Transmission Deferral and Suppression (clause 3.5)
- Accept broadcast Probe Response frame (clause 3.6)

Signed-off-by: Roee Zamir <roee.zamir@intel.com>
2018-09-02 17:53:32 +03:00
Jouni Malinen
830eacf9d0 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-08-29.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-09-02 17:45:27 +03:00
Johannes Berg
2543b19e46 random: Remove write-only variable random_entropy_file_read
This variable is never read, so it's not needed. Remove it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-09-02 12:51:06 +03:00
Andreas Tobler
b5ebe5dd5b hostapd: Send an event before throwing a station on re-authentication
If you modify the WLAN-STA-AUTHORIZED bit in sta->flags, you have to
call the ap_sta_set_authorized() function to make sure the corresponding
event is sent over the control interface. Otherwise we leak entries in
the event history.

Signed-off-by: Andreas Tobler <andreas.tobler@cloudguard.ch>
2018-09-02 12:48:32 +03:00
Jouni Malinen
57151ae984 atheros: Fix atheros_send_mgmt() dependency on CONFIG_FILS
This fixes a CONFIG_FILS=y build without CONFIG_IEEE80211W=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-09-02 12:42:28 +03:00
Chaitanya T K
410e2dd1d6 OWE: Fix build error in AP code without CONFIG_IEEE80211W=y
When CONFIG_OWE is enabled but none of 11R/11W/FILS are enabled hostapd
(and wpa_supplicant with AP mode support) build failed. Fix this by
adding OWE to the list of conditions for including the local variables.

Signed-off-by: Chaitanya T K <chaitanya.mgit@gmail.com>
2018-09-02 12:38:16 +03:00
Hai Shalom
560e30bf3b Parse sae_password option when CONFIG_SAE is enabled
Call to parse_sae_password was incorrectly depending
on CONFIG_TESTING_OPTIONS and CONFIG_SAE. Should
depend only on the latter.

Fixes: 2377c1caef ("SAE: Allow SAE password to be configured separately (AP)")
Signed-off-by: Hai Shalom <haishalom@google.com>
2018-09-02 12:30:37 +03:00
Hu Wang
b898b65582 nl80211: Do not ignore disconnect event in case of !drv->associated
Commit 3f53c006c7 ('nl80211: Ignore
disconnect event in case of locally generated request') made
wpa_supplicant ignore the next received disconnect event for cases where
wpa_supplicant itself requested a disconnection. This can result in
ignoring a disconnection notification in some cases.

Considering a P2P Client receiving disconnect event from the kernel
after a P2P group is started, drv->ignore_next_local_disconnect is
cleared to 0, then wpa_driver_nl80211_disconnect() will be called during
the removal of the group, in which drv->ignore_next_local_disconnect is
set to 1 by mistake.

Do not allow ignore_next_local_{disconnect,deauth} to be set to 1 if the
driver is not in associated state (drv->associated is 0) to avoid this
type of cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-31 12:01:33 +03:00
Jouni Malinen
2697e85ea9 tests: DPP group_id parameter
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 23:34:37 +03:00
Purushottam Kushwaha
20f612d998 DPP: Set group id through DPP_AUTH_INIT or dpp_configurator_params
This enhances DPP_AUTH_INIT, DPP_CONFIGURATOR_SIGN, and SET
dpp_configurator_params to allow optional setting of the DPP groupId
string for a Connector. If the value is not set, the previously wildcard
value ("*") is used by default.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 23:34:00 +03:00
Nachiket Kukade
495aebd39f Add new QCA vendor command and attributes to enhance NAN
The payload used for the existing NAN vendor command,
QCA_NL80211_VENDOR_SUBCMD_NAN is a binary blob of data. This
command is not extendable to send additional information. Hence
define a new vendor command QCA_NL80211_VENDOR_SUBCMD_NAN_EXT,
that can carry the binary blob encapsulated within an attribute
and can carry additional attributes to enhance the NAN command
interface. Define additional 3 new attributes for conveying
type of NAN subcmd and channel information.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 22:55:19 +03:00
Nachiket Kukade
28c7f77a85 Correct the documentation of NAN vendor command
Present implementation of NAN vendor command does not use
attribute encapsulation for sending the command from userspace
to the driver, payload is directly sent as is. Attribute
QCA_WLAN_VENDOR_ATTR_NAN is used only for receiving vendor
events in the userspace from the driver. Update the doc as per
this implementation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 22:50:17 +03:00
xiaofeis
b3f24b06e3 mka: Fix confidentiality offset issue in macsec_qca driver interface
Confidentiality offset from MKA should be configured to the
driver/hardware when creating SA.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-24 16:27:34 +03:00
xiaofeis
bed30e8d3b mka: Fix sci port mask issue in macsec_qca driver interface
Need to use full 8-bit mask here when swapping byte order.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-24 16:27:34 +03:00
Kiran Kumar Lokere
1bac151eaf Change the ADDBA buffer size attribute type to U16 from U8
The max supported ADDBA buffer size value is 256, so change
the buffer size attribute type to U16 to configure the testbed
device to use the 256 buffer size in ADDBA negotiation in 11ax
testing.

This attribute is used only to configure a testbed device and the old
definition of this attribute was not used in any deployed implementation
hence it is still justifiable to change the definition.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-24 16:27:34 +03:00
Srinivas Dasari
d35003e501 Vendor attribute to get max blacklist BSSIDs capability
Add a QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_GSCAN_MAX_BLACKLIST_BSSID to get maximum
blacklist BSSIDs capability from the driver for gscan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-24 16:27:34 +03:00
Bhagavathi Perumal S
8bfbb295df nl80211: Fix sending of WDS STA event to the correct BSS context
The WDS-STA-INTERFACE-ADDED/WDS-STA-INTERFACE-REMOVED events were always
sent to the first BSS instead of the specific BSS that the STA was
connected to in multi-BSS cases. Fix this by using the BSS specific
context pointer.

Fixes: 1952b626ba ("hostapd: Add ctrl iface indications for WDS STA interface")
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-08-24 16:27:34 +03:00
Jouni Malinen
add3c2a1bf tests: FILS SK ERP and ERP flush on server, but not on peer
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-24 16:27:34 +03:00
Ankita Bajaj
af835d75b7 FILS: Fix FILS connect failures after ERP key invalidation
If the RADIUS authentication server dropped the cached ERP keys for any
reason, FILS authentication attempts with ERP fails and the previous
wpa_supplicant implementation ended up trying to use the same keys for
all consecutive attempts as well. This did not allow recovery from state
mismatch between the ERP server and peer using full EAP authentication.

Address this by trying to use full (non-FILS) authentication when trying
to connect to an AP using the same ERP realm with FILS-enabled network
profile if the previous authentication attempt had failed. This allows
new ERP keys to be established and FILS authentication to be used again
for the consecutive connections.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-24 16:27:34 +03:00
xiaofeis
1ff8605775 mka: Support GCM-AES-256
GCM-AES-256 cipher suite is defined in IEEE Std 802.1AEbn-2011.

If authenticator configured as GCM-AES-256, the distributed SAK will be
256 bits indicated by the GCM-AES-256 ID in the MKA packet.

This patch will make AES Key Unwrap to 32 bytes of SAK when identify the
ID.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-21 19:28:20 +03:00
Jouni Malinen
1d9babdaa0 tests: HT40 disabling
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-21 19:07:53 +03:00
Sathishkumar Muruganandam
47abe29aa9 hostapd: SET ht_capab support for disabling 40 MHz bandwidth
'hostapd_cli SET ht_capab' only checked for [HT40+] or [HT40-] or both
to be present. Based on the offset + or -, secondary_channel is updated
but HT20/VHT20 mode can be brought up only from config file and can't be
done using the SET command when the current HT mode is HT40+ or HT40-.

When managing AP+STA mode from userspace doing hostapd_cli: "disable ->
set channel, ht_capab -> enable" sequence, channel switch from
HT40/VHT40 to HT20/VHT20 was not possible with this SET ht_capab
limitation.

Cover this additional case by resetting secondary_channel to 0 for
HT20/VHT20 when ht_capab has neither [HT40+] nor [HT40-] present.

Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2018-08-21 19:04:44 +03:00
Jouni Malinen
307324bf79 tests: AP with WEP and external ifconfig down
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-21 18:50:55 +03:00
Hu Wang
567df5501c Re-configure WEP keys on hostapd interface re-enable
This allows WEP mode AP to be re-enabled automatically after external
ifconfig down + up on netdev used by hostapd.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-21 18:50:12 +03:00
Jouke Witteveen
1e1245bc8b Fix QoS Mapping ext capab bit setting
Fix the typo in using WPA_DRIVER_FLAGS_QOS_MAPPING to set the QoS Map
bit in Extended Capabilities. The previous implementation ended up
adding this bit even if the driver did not actually indicate support for
the capability.

Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
2018-08-12 16:35:31 +03:00
Rosen Penev
373c796948 OpenSSL: Fix compile with OpenSSL 1.1.0 and deprecated APIs
SSL_session_reused() is the same as the deprecated SSL_cache_hit(). The
engine load stuff is now handled by OPENSSL_init().

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-12 16:26:31 +03:00
Jouni Malinen
c6e1a9a0b3 Clarify the TODO comment regarding PMKID KDE in EAPOL-Key msg 1/4
Make it clear that the consideration should be only for the IBSS case
and in infrastructure BSS case, PMKID KDE should not be added due to
risks involved with exposing this to stations that do not know the
passphrase.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-10 13:51:04 +03:00
Jouni Malinen
c773c7d5dd tests: WPA2-PSK/TKIP and MIC=0 in msg 3/4
Verify that unauthenticated EAPOL-Key message does not get decrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-08-08 16:51:35 +03:00
Mathy Vanhoef
3e34cfdff6 WPA: Ignore unauthenticated encrypted EAPOL-Key data
Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.

When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-08 16:51:35 +03:00
Jouni Malinen
2133a7cd7d tests: Check both FT and non-FT connections in ap_hs20_ft
Verify that the automatically generated network profile is able to
connect to a non-FT network automatically after having used FT for the
first connection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-03 00:40:51 +03:00
Jouni Malinen
c06cd3e0ac HS 2.0: Fix hs20-osu-client handling of HomeSP/HomeOIList/<X+>/HomeOI
This node was mapped to a SET_CRED roaming_consortium command with
quotation marks even though this is a hexdump of the OI. Remove the
quotation marks to allow this to be set correctly in the wpa_supplicant
credential.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-02 16:15:14 +03:00
Jouni Malinen
0a3742950e tests: Extend eap_proto_aka_prime to cover additional AT_KDF cases
Verify that EAP-AKA' client rejects Challenge with an appended AT_KDF
and a modified AT_KDF value during KDF negotiation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-02 15:36:24 +03:00
Jouni Malinen
63add34eb0 tests: sigma_dut with various AP KeyMgnt values
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-01 18:45:53 +03:00
Jouni Malinen
ecec4878b7 Provide more details of WPA3 modes in wpa_supplicant.conf
Clarify that proto=RSN is used for WPA3 and add the WPA3-Personal name
for SAE and include OWE as a possible key_mgmt value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-01 17:55:50 +03:00
Jouni Malinen
e7d73c378d Provide more details of WPA3 modes in hostapd.conf
Clarify that wpa=2 (i.e., RSN) is used for WPA3 and list previously
undocumented wpa_key_mgmt values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-01 17:51:42 +03:00
Kiran Kumar Lokere
cbdf5a49c8 Define test config vendor attribute to override MU EDCA
Add a new test config QCA vendor attribute to override the MU EDCA
parameters to default values in the driver for test configuration. This
is used for configuring the testbed device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-01 17:38:47 +03:00
Jouni Malinen
f5dd150aac tests: OSEN with two group ciphers allowed on client side
This verifies the new default behavior for OSEN in Single SSID capable
devices.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-31 00:33:08 +03:00
Jouni Malinen
c1721f05a0 HS 2.0: Allow CCMP as group cipher for OSEN single SSID case
When OSEN is used in the BSS that is shared both for production data and
OSU uses, the group cipher might be either GTK_NOT_USED (like in Rel 2
OSEN) or CCMP. Modify hs20-osu-client to allow both these group ciphers
to be used when requesting OSEN connection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-31 00:32:53 +03:00
Jouni Malinen
686ca5c45b tests: Verify T&C Server URL generation result
Check that the @1@ macro gets replaced correctly both when in the middle
and when in the end of the URL template.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-31 00:21:59 +03:00
Jouni Malinen
5ca1196577 HS 2.0: Fix Terms and Conditions Server URL macro replacement
The last character of the STA MAC address got replaced with 0x00 due to
truncation if the @1@ macro was used at the end of the URL. Fix this
case by allocating larger buffer for the URL.

Fixes: d4e39c51f8 ("HS 2.0: Move Terms and Conditions Server URL generation from AP to AS")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-31 00:07:36 +03:00
Kiran Kumar Lokere
420b5dd814 Define test config QCA vendor attribute for HE MAC padding duration
Add a new wifi test config QCA vendor attribute to configure HE
trigger frame MAC padding duration value in the driver.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-06 21:27:01 +03:00
Hu Wang
8a9950f7b6 nl80211: Indicate interface up only for the main netdev
ifname is checked for interface down event in commit
106fa1e97e ("nl80211: Indicate
interface-down event only for the main netdev"). Do the same for
interface up event to avoid unexpected notifications when the master
interface (e.g., a bridge interface) is set up while then WLAN interface
remains down.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-05 13:41:46 +03:00
Sathishkumar Muruganandam
c809756f9f nl80211: Allocate nl_sock for NETLINK_ROUTE when already_in_bridge
When we start hostapd having Hotspot 2.0 configuration with interface
already added to bridge interface, addition and deletion of new neighbor
to bridge ip neighbor table fails.

This is since 'bss->added_if_into_bridge' is not set which only allows
'drv->rtnl_sk' (nl_sock for NETLINK_ROUTE) allocation needed for bridge
ip neighbor table.

Add a new bit 'already_in_bridge' and set it when interface is already
added to bridge by some external component. Check this bit in addition
to 'bss->added_if_into_bridge' for 'drv->rtnl_sk' allocation done in
i802_init().

Now 'drv->rtnl_sk' is closed in wpa_driver_nl80211_deinit() regardless of
'bss->added_if_into_bridge' since when we have 'bss->already_in_bridge'
case too, this need to be removed.

brctl show

bridge name     bridge id               STP enabled     interfaces
br0             8000.8efdf006b050       no              ap

hostapd_cli raw STATUS-DRIVER

Selected interface 'ap'
ifindex=15
ifname=ap
brname=br0
addr=8e:fd:f0:06:b0:50
freq=5180
beacon_set=1
already_in_bridge=1
..

Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2018-07-05 13:36:27 +03:00
Peng Xu
946e35eace nl80211: Skip vendor specific DFS offload if upstream mechanism is used
Since the generic DFS offload support flag is added as
NL80211_EXT_FEATURE_DFS_OFFLOAD, only use the vendor command to check
DFS capablity if the flag is not already set.

Signed-off-by: Peng Xu <pxu@codeaurora.org>
2018-07-05 13:18:28 +03:00