Commit graph

5479 commits

Author SHA1 Message Date
Jouni Malinen
f55acd909e FILS: Set FILS Capability bit in management frames from AP
If FILS is enabled, indicate that in Beacon, Probe Response, and
(Re)Association Response frames in the Extended Capabilities element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
198a942c83 FILS: Add FILS Indication element to Beacon and Probe Response frames
If FILS is enabled, indicate that in AP Beacon/Probe Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
903ecbe8da FILS: Add hostapd configuration options
This adds CONFIG_FILS=y build configuration option and new key
management options for FILS authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:27 +03:00
Jouni Malinen
274d8b776f FILS: Add definitions for new frames and values
This adds definitions for various management frame elements and values
from P802.11ai/D11.0.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:46:36 +03:00
Jouni Malinen
94318a0d30 FILS: Add AKM definitions
This adds definitions for the new AKM suite values from P802.11ai/D11.0.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:46:36 +03:00
Jouni Malinen
1d29163035 FILS: Add new information elements
This adds definitions for new information elements from P802.11ai/D11.0
and parsing of these IEs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:46:33 +03:00
Jouni Malinen
325a85be36 Extend AES-SIV implementation to support different key lengths
The previous implementation was hardcoded to use 128-bit AES key
(AEAD_AES_SIV_CMAC_256). Extend this by allowing AEAD_AES_SIV_CMAC_384
and AEAD_AES_SIV_CMAC_512 with 192-bit and 256-bit AES keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 19:40:59 +03:00
Jouni Malinen
e2991ee580 Move CRC-32 routine from wlantest to src/utils
This allows the CRC-32 routine to be shared for other purposes in
addition to the WEP/TKIP/FCS within wlantest.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-09 17:13:23 +03:00
Michael Braun
96590564d6 FT: Allow PMK-R0 and PMK-R1 for FT-PSK to be generated locally
Station should be able to connect initially without ft_pmk_cache filled,
so the target AP has the PSK available and thus the same information as
the origin AP. Therefore neither caching nor communication between the
APs with respect to PMK-R0 or PMK-R1 or VLANs is required if the target
AP derives the required PMKs locally.

This patch introduces the generation of the required PMKs locally for
FT-PSK. Additionally, PMK-R0 is not stored (and thus pushed) for FT-PSK.

So for FT-PSK networks, no configuration of inter-AP communication is
needed anymore when using ft_psk_generate_local=1 configuration. The
default behavior (ft_psk_generate_local=0) remains to use the pull/push
protocol.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-10-09 11:57:56 +03:00
Sabrina Dubroca
a25e4efc9e mka: Add driver op to get macsec capabilities
This also implements the macsec_get_capability for the macsec_qca
driver to maintain the existing behavior.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-09 11:30:48 +03:00
Jouni Malinen
53b2555f67 EAP-pwd: Validate Prep field in EAP-pwd-ID/Response
RFC 5931 Section 2.8.5.1 does not list the Prep field as something that
the server validates to match the Request. However, the supplicant side
has to use the same pre-processing mechanism for the password for the
authentication to work, so we may as well as enforce this field to match
the requested value now that wpa_supplicant implementation is fixed to
copy the value from the request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-08 19:43:36 +03:00
Brian Candler
2875e32333 EAP-pwd: Fix Prep in EAP-pwd-ID/Response when EAP_PWD_PREP_MS is used
Fix the pre-processing field in the response when EAP_PWD_PREP_MS is
being used. This fixes interoperability with EAP-pwd servers that
validate the Prep field in EAP-pwd-ID/Response when the RFC2759
(PasswordHashHash) pre-processing is used.

Signed-off-by: Brian Candler <B.Candler@pobox.com>
2016-10-08 19:43:09 +03:00
Sabrina Dubroca
5f5ca28414 mka: Pass full structures down to macsec drivers' receive SC ops
Clean up the driver interface by passing pointers to struct receive_sc
down the stack to the {create,delete}_recevie_sc() ops, instead of
passing the individual properties of the SC.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-08 00:45:19 +03:00
Sabrina Dubroca
8ebfc7c2ba mka: Pass full structures down to macsec drivers' transmit SC ops
Clean up the driver interface by passing pointers to struct transmit_sc
down the stack to the {create,delete}_transmit_sc() ops, instead of
passing the individual arguments.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-08 00:45:03 +03:00
Julian Ospald
b70d508c50 LibreSSL: Fix compatibility for EAP-FAST
This basically just follows commit
587b0457e0 ('LibreSSL: Fix build with
LibreSSL') with the same pattern, which was missed here.

Signed-off-by: Julian Ospald <hasufell@hasufell.de>
2016-10-08 00:36:18 +03:00
Christian Neukirchen
df426738fb LibreSSL: Fix TLS initialization/deinitialization
Due to a missing guard for old OpenSSL code, SSL_library_init() was not
called, which is required for LibreSSL. Likewise for cleanup.

Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
2016-10-08 00:27:56 +03:00
Christian Neukirchen
0d42179e12 LibreSSL: Fix dh5 code
Add LibreSSL check to old OpenSSL #ifdef guard as DH_{get0,set0}_key()
is not implemented in LibreSSL.

Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
2016-10-08 00:26:18 +03:00
Lior David
32d08d5bf6 Add QCA vendor attributes for measurement frequency for FTM/AOA
Add attributes for specifing the frequency where FTM/AOA measurement is
done over the air. This allows the user space framework to maintain its
own cache of peers without depending on the kernel scan results cache,
or perform scans less often (since entries in the kernel scan results
cache expire quickly). The change is backward compatible. If the
frequency attribute is not specified, the kernel scan results cache will
be queried, like done today.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-10-04 23:44:18 +03:00
Sabrina Dubroca
cecdecdbe8 mka: Pass full structures down to macsec drivers' receive SA ops
Clean up the driver interface by passing pointers to struct receive_sa
down the stack to the {create,enable,disable}_receive_sa() ops, instead
of passing the individual properties of the SA.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 13:26:26 +03:00
Sabrina Dubroca
909c1b9835 mka: Pass full structures down to macsec drivers' transmit SA ops
Clean up the driver interface by passing pointers to struct transmit_sa
down the stack to the {create,enable,disable}_transmit_sa ops, instead
of passing the individual properties of the SA.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 13:17:21 +03:00
Sabrina Dubroca
7fa5eff8ab mka: Pass full structures down to macsec drivers' packet number ops
Clean up the driver interface by passing pointers to structs transmit_sa
and receive_sa down the stack to get_receive_lowest_pn(),
get_transmit_next_pn(), and set_transmit_next_pn() ops, instead of
passing the individual arguments.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 12:54:08 +03:00
Sabrina Dubroca
f75f6e2b03 mka: Move structs {transmit,receive}_{sa,sc} to a common header
These structs will be passed down to macsec drivers in a coming patch to
make the driver interface cleaner, so they need to be shared between the
core MKA implementation and the drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 12:50:07 +03:00
Jouni Malinen
98529f3857 The master branch is now used for v2.7 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-02 22:27:26 +03:00
Jouni Malinen
2462f347bc Change version number to v2.6 for the release
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-02 21:51:11 +03:00
Nishant Chaprana
746e5c2565 Fix spelling mistakes in number of comments
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-09-30 22:45:03 +03:00
Sunil Dutt
8b6688847e Add explicit enum values for QCA vendor config attributes
This makes it easier to copy a subset of definitions without
accidentally getting mismatching values.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-30 22:45:03 +03:00
vamsi krishna
8f47917493 MBO: Add support to send ANQP request to get cellular preference
This extends ANQP_GET command to support querying MBO cellular
preference also. The cellular preference can be requested along with
neigbor report by appending mbo:1 to the command arguments.

For example:
ANQP_GET <bssid> 272,mbo:1

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-30 22:45:03 +03:00
lifeng
8b7c5b8941 QCA vendor command for antenna diversity feature
The user space app use QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI cmd to
get the corresponding antenna rssi value for the specific chain. And the
associcated attributes are added to configure the antenna diversity and
related selftest.

Signed-off-by: Li Feng <lifeng@qti.qualcomm.com>
2016-09-26 23:46:59 +03:00
vamsi krishna
64c92c0757 MBO: Do not parse reason_detail in non_pref_chan attr (AP)
The reason detail field was removed from non_pref_chan attr in MBO
v0.0_r25 draft. Don't parse for this element to be compliant with the
latest drafr.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-25 17:31:26 +03:00
vamsi krishna
2800ec85d2 MBO: Add QCA vendor option to configure driver to ignore assoc disallow
MBO capable APs can set association disallowed in the Beacon/Probe
Response frames. For testing purposes, the STA needs to be configured to
not ignore the association disallowed set by APs and continue to connect
to such AP like non-MBO enabled STA. Add a QCA vendor attribute for
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION vendor sub command to
configure the driver to ignore association disallowed functionality.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-25 17:31:26 +03:00
Zhang Qian
320caeab29 Add attributes for QCA_NL80211_VENDOR_SUBCMD_LL_STATS_EXT
More attributes are added for QCA_NL80211_VENDOR_SUBCMD_LL_STATS_EXT
1. Peer signal stats;
2. Peer TX stats;
3. Peer RX stats

Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
2016-09-23 21:13:58 +03:00
Jouni Malinen
ef24ad3ec5 nl80211: Remove unnecessary duplication from nl80211_set_param()
There is no need to find bss->drv separately for each parameter, so do
this once at the beginning of the function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-23 17:36:55 +03:00
Mikael Kanstrup
4d584d8c2b nl80211: Add driver parameter force_bss_selection
Add driver parameter command to force capability flag
WPA_DRIVER_FLAGS_BSS_SELECTION even if driver states otherwise. This is
mainly for testing purposes.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Ilan Peer
dc2744f922 P2P: Fix common frequencies calculation for a group
Ignore group members for which there is no supported channels
information when calculating common group frequencies.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-09-22 23:48:14 +03:00
Srinivas Dasari
0d7eba5417 Define a QCA vendor command to validate encryption engine
This command carries 802.11 header and payload along with key (TK) and
PN for encryption/decryption purpose. Firmware/driver encrypts/decrypts
the given data and sends to userspace as a response to the command. User
space component can validate the data received from the driver to unit
test the hardware's encryption engine.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-22 20:30:05 +03:00
Denton Gentry
442819406c taxonomy: Store Probe Request frames in hostapd_sta_info
A weakness in the initial client taxonomy mechanism is from storing both
the Probe and Associate in struct sta_info. struct sta_info is created
after a client associates (or starts authentication frame exchange),
which means that any Probe Request frames sent prior to association are
not retained. The Associate Request frame has to be seen, and then
another Probe Request frame after association, before we have a
signature for the client.

Most clients send lots of Probe Request frames (lots and lots and lots
of Probes, actually), but a few do not. ChromeOS is notably sparing in
sending Probe Request frames, it can take a long time before a signature
for a ChromeOS device is available.

Store the most recent Probe Request frame in struct hostapd_sta_info
tracking list. When a struct sta_info is created, move the Probe Request
frame information from struct hostapd_sta_info to struct sta_info.

Signed-off-by: dgentry@google.com (Denton Gentry)
Signed-off-by: denny@geekhold.com (Denton Gentry)
Signed-off-by: rofrankel@google.com (Richard Frankel)
Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-09-22 00:45:24 +03:00
Denton Gentry
04059ab844 Passive Client Taxonomy
Implement the signature mechanism described in the paper
"Passive Taxonomy of Wifi Clients using MLME Frame Contents"
published by Denton Gentry and Avery Pennarun.

http://research.google.com/pubs/pub45429.html
https://arxiv.org/abs/1608.01725

This involves:
1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs
   a memory overhead of up to several kilobytes per associated
   station.
2. If enabled, store the Probe Request and (Re)Associate Request frame in
   struct sta_info.
3. Implement code to extract the ID of each Information Element,
   plus selected fields and bitmasks from certain IEs, into a
   descriptive text string. This is done in a new source file,
   src/ap/taxonomy.c.
4. Implement a "signature qq:rr:ss:tt:uu:vv" command
   in hostapd_cli to retrieve the signature.

Signatures take the form of a text string. For example, a signature
for the Nexus 5X is:
  wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2,
  vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45,
  221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2,
  vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040

Signed-off-by: dgentry@google.com (Denton Gentry)
Signed-off-by: denny@geekhold.com (Denton Gentry)
Signed-off-by: rofrankel@google.com (Richard Frankel)
Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-09-22 00:45:24 +03:00
Jouni Malinen
5e993390f6 Initialize iface->sta_seen on allocation
Previously, struct hostapd_iface sta_seen list head was initialized only
when completing interface setup. This left a window for operation that
could potentially iterate through the list before the list head has been
initialized. While the existing code checked iface->num_sta_seen to
avoid this case, it is much cleaner to initialize the list when struct
hostapd_iface is allocated to avoid any accidental missing of the extra
checks before list iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-22 00:45:24 +03:00
Nick Lowe
81258efacb Remove unused generation of Request Authenticator in Account-Request
Do not generate an unused and invalid Request Authenticator (random
value) when constructing Accounting-Request packets. The correct Request
Authenticator is calculated subsequently in radius_msg_finish_acct()
using MD5(msg + shared secret).

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-09-22 00:34:19 +03:00
Rafał Miłecki
ea19b39f60 Revert "nl80211: Remove duplicated check in nl80211_setup_ap()"
This reverts commit 647862eb60.

The second check of device_ap_sme looks like duplicated, but it isn't
actually. The trick is nl80211_create_monitor_interface may change that
variable value and the second evaluation may give a different result.

This definitely isn't a very clear code, but that change caused a
regression for drivers that:
1) Don't report NL80211_ATTR_DEVICE_AP_SME
2) Don't support monitor mode
3) Don't support subscribing for PROBE_REQ and/or ACTION frames
like brcmfmac. With such drivers hostapd doesn't start anymore.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-17 20:08:24 +03:00
Jouni Malinen
205d2d1ff5 Fix typos in wpa_supplicant configuration parameter documentation
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-10 21:09:52 +03:00
Sunil Dutt
660103eca9 nl80211: Use the monitor interface only without device_ap_sme support
The places using drv->use_monitor were already skipping creation of the
monitor interface if drv->device_ap_sme == 0. This means that the
monitor interface operations would not have worked anyway and it is safe
to set drv->use_monitor to zero for all such cases. This fixes an issue
with management frame subscription not happening properly for the case
where the AP SME is in the driver and the driver supports monitor
interfaces (for other purposes).

This commit also removes the check for monitor support and the
previously used workaround that cleared drv->use_monitor in
drv->device_ap_sme == 1 case if monitor interface was not supported
since that condition cannot occur anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-08 23:19:07 +03:00
Dedy Lansky
c7f9d44825 FST: Fix search for peer's "other" connection
Upon receiving FST Setup Request from some peer on some interface,
search is made to see if same peer is connected on other interface with
specific band_id. With multiple peers, bug in
fst_group_does_iface_appear_in_other_mbies() caused wrong peer address
to be returned sometimes.

Fix this with a modified, simplified search algorithm of peer's "other"
connection.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-09-08 11:17:45 +03:00
Lior David
a62dea4156 Fix mistakes in definition of QCA vendor commands for indoor location
Fix some mistakes in the previous commit for adding QCA vendor commands
for indoor location.

Note: The renamed enum value does not change the ABI, but the addition
of QCA_WLAN_VENDOR_ATTR_FTM_MEAS_INVALID in the beginning of enum
qca_wlan_vendor_attr_ftm_meas does renumber
QCA_WLAN_VENDOR_ATTR_FTM_MEAS_* values. The previous values were
committed yesterday and have not been used in any released code yet, so
this is a justifiable quick fix.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-06 23:38:47 +03:00
Joel Cunningham
711e3cab07 Handle NULL return from os_zalloc() in sta_track_add()
This adds handling for a memory allocation failure in sta_track_add().

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-09-06 18:58:08 +03:00
Lior David
fcd85d9a3f Add QCA vendor commands/attributes for indoor location
Assign QCA vendor specific commands, attributes, and events for
supporting indoor location features.

These features include:

1. Fine timing measurement (FTM) - allows measurement of distance
between two stations. Based on IEEE P802.11-REVmc/D7.0, 11.24.6 FTM is
performed between two stations: one is an initiator, typically a client
that wants to measure distance to another AP, and one is a responder,
typically an AP which responds to measurement requests from other
clients. The responder can be configured to report its location, either
in absolute coordinates (LCI) or free-form description (LCR).

2. Angle of arrival (AOA) - allows measurement of azimuth and elevation
between two stations.

The above features can be combined to allow a station to get an accurate
indoor location.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-05 21:59:18 +03:00
Lior David
faecb39236 hostapd: Allow FTM functionality to be published
Add configuration options that control publishing of fine timing
measurement (FTM) responder and initiator functionality via bits 70, 71
of Extended Capabilities element. Typically, FTM functionality is
controlled by a location framework outside hostapd. When framework is
activated, it will use hostapd to configure the AP to publish the FTM
functionality. See IEEE P802.11-REVmc/D7.0, 9.4.2.27.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-05 21:23:07 +03:00
Tamizh chelvam
fc72a48a63 hostapd: Use stations nsts capability in (Re)Association Response frame
Some deployed stations incorrectly consider nsts capability in
(Re)Association Response frame as required capability instead of maximum
capability and if it is greater than station's capability then beamform
will not happen in uplink traffic.

This commit adds support for an optional workaround to use station's
nsts capability in (Re)Association Response frame if the station's nsts
is less than AP by using the use_sta_nsts=1 configuration parameter.
This configuration is introduced in this commit and it is disabled by
default.

Signed-off-by: Tamizh chelvam <c_traja@qti.qualcomm.com>
2016-09-05 21:14:40 +03:00
Zhang Qian
22950d0568 QCA vendor subcommand for LL_STATS extension
Some user space monitor wants to offload link layer statistics to
firmware. A new command QCA_NL80211_VENDOR_SUBCMD_LL_STATS_EXT and
associcated attributes are added. The monitor will use this new command
to configure monitoring paramters and get link layer statistics.
Attributes added in this change:
1. Parameters for FW to trigger the statistics report
2. Peer STA power state
3. TX failure statistics

Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
2016-09-05 20:50:10 +03:00
Sabrina Dubroca
7dcec24881 mka: Clean up key allocation
Assign cs in ieee802_1x_mka_decode_dist_sak_body and reuse it.

Cleanup of key allocation: ieee802_1x_kay_generate_new_sak() and
ieee802_1x_mka_decode_dist_sak_body() both allocate a struct key_conf,
fill it, and ask ieee802_1x_kay_init_data_key() to allocate and set up a
struct data_key. They also allocate multiple key buffers and copy the
same data around. Stop moving data from buffer to buffer, and just
allocate what we really need.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 22:24:33 +03:00