This is a generic AES CCM implementation that can be used for other
purposes than just implementing CCMP, so it fits better in a separate
file in src/crypto.
Signed-hostap: Jouni Malinen <j@w1.fi>
Now that the internal AES implementation supports 256-bit keys, enable
use of the TLS cipher suites that use AES-256 regardless of which crypto
implementation is used.
Signed-hostap: Jouni Malinen <j@w1.fi>
AES uses the same 128-bit block size with 128, 192, 256 bit keys, so use
the fixed block size definition instead of trying to dynamically set the
block size based on key length. This fixes use of 192-bit and 256-bit
AES keys with crypto_cipher_*() API when using the internal AES
implementation.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is otherwise identical to aes_gcm_ae() but does not use the
plain/crypt pointers since no data is encrypted.
Signed-hostap: Jouni Malinen <j@w1.fi>
This adds 192-bit and 256-bit key support to the internal AES
implementation and extends the AES-GCM functions to accept key length to
enable longer AES key use.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is a generic AES GCM and GMAC implementation that can be used for
other purposes than just implementing GCMP, so it fits better in a
separate file in src/crypto.
Signed-hostap: Jouni Malinen <j@w1.fi>
The conf doesn't contain any basic rates in some cases. Most notably,
when starting a P2P GO in 5 GHz. Use the iface rates which are
initialized in hostapd_prepare_rates() to the conf rates or set to
default values if no conf values exist. This fixes a bug introduced in
commit e5693c4775.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Commit e5693c4775 added a copy of the
determined basic rate set into struct hostapd_iface, but did not
actually copy the terminating -1 value. This could be problematic if
something were to actually try to use this list since would be no way to
know what is the last entry in the list. Fix this by copying the
terminating value.
Signed-hostap: Jouni Malinen <j@w1.fi>
This driver_op can now be used in station mode, too, to fetch
information about the connection with the AP, so allow this to be used
even if wpa_supplicant is built without AP mode support.
Signed-hostap: Jouni Malinen <j@w1.fi>
The group matching should be done by comparing the P2P Interface Address
(which the group_bssid here is) to the group's BSSID and not the group
ID (which uses P2P Device Address and would have also needed the SSID).
Though, it should be noted that this case cannot really happen since a
GO in an active group would never be invited to join another group in
its GO role (i.e., if it receives an Invitation Request, it will reply
in P2P Device role). As such, this fix does not really change any
observable behavior, but anyway, it is good to keep the implementation
here consistent with the Invitation Request case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When building the Invitation Request for WFD use cases, match the BSSID,
i.e., P2P Interface Address, of the group on the GO to avoid using
information from another group should the device be operating multiple
concurrent groups as GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity
so that this can be maintained between EAP sessions (e.g., after
wpa_supplicant restart) even if fast re-authentication data was cleared.
Signed-hostap: Jouni Malinen <j@w1.fi>
The EAP-SIM/AKA code is already validating the prefix and the following
lookup would not find matches if the prefix is incorrect, so there is no
need for the extra checks here.
Signed-hostap: Jouni Malinen <j@w1.fi>
If EAP-Response/Identity includes a known pseudonym or re-auth username,
skip the AKA/Identity exchange since we already know the permanent
username of the peer.
Signed-hostap: Jouni Malinen <j@w1.fi>
RFC 4186, chapter 6.3.3 mandates that EAP-Failure is used only after
Client-Error and Notification messages. Convert the direct jumps to the
FAILURE state with a notification round before sending out EAP-Failure.
Signed-hostap: Jouni Malinen <j@w1.fi>
The AT_NONCE_S value needs to be used in AT_MAC calculation for
SIM/Re-authentication response even if re-authentication is rejected
with AT_COUNTER_TOO_SMALL.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
If the peer rejects re-authentication with AT_COUNTER_TOO_SMALL, fall
back to full authentication to allow the authentication session to be
completed.
Signed-hostap: Jouni Malinen <j@w1.fi>
These fields are used only as the search key, so the value is already
known and does not need to be copied from the database.
Signed-hostap: Jouni Malinen <j@w1.fi>
Store permanent username (i.e., including prefix character) instead of
IMSI in the SQLite DB. Convert the string to a string since the EAP-AKA
prefix can start with zero. This cleans up the field names since the
value was already with the prefix included instead of just IMSI. In
addition, this explicitly removes some theoretical cases where the
different identity types could have been mixed.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since the EAP-SIM/AKA identities are ASCII strings, there is no need to
use more complex way for storing and passing them. In addition, be more
strict about enforcing username (i.e., no realm part) to be used in the
EAP-SIM DB API. Similarly, require specific username type instead of any
of the types to be used as the key in the pseudonym and reauth
operations. This allows simpler lookup operations to be used.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since we always request an identity in the request, the response
has to include AT_IDENTITY. This allows the AKA/Identity response
processing to be simplified a bit.
Signed-hostap: Jouni Malinen <j@w1.fi>
There is no need to use eap_sim_db_identity_known() here since a new
AKA/Identity message is built only if the identity in the previous
response was not recognized. The first round is always used to request
AT_ANY_ID_REQ to meet the RFC 4187 recommendation on EAP method specific
identity request.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since we always request an identity in the request, the response
has to include AT_IDENTITY. This allows the SIM/Start response
processing to be simplified a bit.
Signed-hostap: Jouni Malinen <j@w1.fi>
There is no need to use eap_sim_db_identity_known() here since a new
SIM/Start message is built only if the identity in the previous response
was not recognized. The first round will always request AT_ANY_ID_REQ to
meet the RFC 4186 recommendation on EAP method specific identity request
being used.
Signed-hostap: Jouni Malinen <j@w1.fi>
The reauth_id prefix can be used to determine which AKA version is used,
so there is no need to store the aka_prime information in a separate
field.
Signed-hostap: Jouni Malinen <j@w1.fi>
If hostapd is built and configured to use SQLite database, store
EAP-SIM/AKA reauth data into the database to allow this to persist
over hostapd restarts.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows hostapd to use an SQLite database for storing EAP-SIM/AKA
pseudonyms over process restarts. CONFIG_SQLITE=y build option adds
support for this and the SQLite database file is specified in eap_sib_db
configuration parameter.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Try to share most of the cipher information like key and RSC lengths and
suite selector conversions, etc. in wpa_common.c to avoid having similar
code throughout the WPA implementation for handling cipher specific
behavior.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_cli p2p_serv_disc_req command can now be used to request WSD
request to be sent to specified or all peers who support WSD.
format: wifi-display <list of roles> <list of subelements>
examples:
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.
Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.
This commit does not included changes to WPS or P2P to allow GCMP to be
used.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Use the NL80211_IFACE_COMB_NUM_CHANNELS value > 1 as a trigger for
enabling support for P2P multichannel channel concurrency. This does not
handle all possible details of enforcing driver capabilities, but it is
a good first step for allowing nl80211 drivers to enable multichannel
concurrency.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.
gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]
For example, ANQP query for Capability list in interactive wpa_cli
session:
> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607
It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>