Commit graph

18147 commits

Author SHA1 Message Date
Jouni Malinen
f723f7f8ad P2P: Check dev pointer consistently when building PD Response
The dev pointer could potentially be NULL here in some P2PS cases, so
check it explicitly before dereferencing it when checking for 6 GHz
capability.

Fixes: b9e2826b9d ("P2P: Filter 6 GHz channels if peer doesn't support them")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 15:15:58 +02:00
Jouni Malinen
30403e9657 WPS: Check NDEF record length fields separately
Try to make the bounds checking easier for static analyzers by checking
each length field separately in addition to checking them all in the end
against the total buffer length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 15:15:58 +02:00
Jouni Malinen
cd0e8653a2 TDLS: Use stored FTE length in MIC calculation
Try to avoid static analyzer warnings due to use of the FTE length
field instead of the separately stored and validated length field value
when deriving FTE MIC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 15:15:58 +02:00
Jouni Malinen
7e85e24f35 TDLS: Use stored peer RSNE length in MIC calculation
Try to avoid static analyzer warnings due to use of the RSNE length
field instead of the separately stored and validated length field value
when deriving FTE MIC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 12:01:36 +02:00
Jouni Malinen
40a42613e6 FT: Simplify FTE parsing for FT-SAE-EXT-KEY using MIC Length subfield
Commit 25b52e5f83 ("FT: Extend FTE parsing for FT-SAE-EXT-KEY") used
possible MIC length iteration to try to figure out the length of the MIC
field in FTE. That was the only option available at the time, but FTE is
now being extended in IEEE 802.11-REVme to explicitly indicate the
length of the MIC field for the new FT-SAE-EXT-KEY AKM to make this
easier.

Use the new design from the approved comment resolution (*) in
REVme/D2.0 ballot CID 3135 to simplify implementation. This gets rid of
the need to pass in key length and the somewhat strange need_{r0kh,r1kh}
parameters to wpa_ft_parse_ies().

(*)
https://mentor.ieee.org/802.11/dcn/22/11-22-1991-02-000m-proposed-resolutions-to-some-lb270-comments.docx

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:43:53 +02:00
Jouni Malinen
bb171f0020 tests: DPP network introduction with PMKSA cleared on AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
5ea7a2f545 DPP: Drop PMKSA entry if AP reject association due to invalid PMKID
This is needed to avoid trying the subsequent connections with the old
PMKID that the AP claims not to hold and continues connection failures.
This was already handled for the SME-in-the-driver case in commit commit
50b77f50e8 ("DPP: Flush PMKSA if an assoc reject without timeout is
received"), but the wpa_supplicant SME case did not have matching
processing.

Add the needed check to avoid recover from cases where the AP has
dropped its PMKSA cache entry. Do this only based on the specific status
code value (53 = invalid PMKID) and only for the PMKSA entry that
triggered this failure to minimize actions taken based on an unprotected
(Re)Association Response frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
1e602adabb tests: Add PMKSA cache entry again in dpp_akm_sha*
This is going to be needed once wpa_supplicant starts dropping the PMKSA
cache entry on status code 53 (invalid PMKID) rejection of association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
f49b604555 tests: Fix pasn-init fuzz tester build
Change of the wpas_pasn_start() prototype did not update the fuzzer
tool.

Fixes: 309765eb66 ("PASN: Use separate variables for BSSID and peer address")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-19 17:21:45 +02:00
Jouni Malinen
4840b45a26 Fix empty pmksa_cache_get()
The addition of the "spa" argument was missed in the empty inline
function.

Fixes: 9ff778fa4b ("Check for own address (SPA) match when finding PMKSA entries")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-19 17:19:49 +02:00
Jouni Malinen
3abd0c4719 SAE: Print rejection of peer element clearly in debug log
Depending on the crypto library, crypto_ec_point_from_bin() can fail if
the element is not on curve, i.e., that error may show up before getting
to the explicit crypto_ec_point_is_on_curve() check. Add a debug print
for that earlier call so that the debug log is clearly identifying
reason for rejecting the SAE commit message.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:31:14 +02:00
Jouni Malinen
6cb34798f8 tests: SAE-EXT-KEY, H2E, and rejected groups indication
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
252729d902 tests: Random MAC address with PMKSA caching
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
9ff778fa4b Check for own address (SPA) match when finding PMKSA entries
This prevents attempts of trying to use PMKSA caching when the existing
entry was created using a different MAC address than the one that is
currently being used. This avoids exposing the longer term PMKID value
when using random MAC addresses for connections.

In practice, similar restriction was already done by flushing the PMKSA
cache entries whenever wpas_update_random_addr() changed the local
address or when the interface was marked down (e.g., for an external
operation to change the MAC address).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
9f04a9c8dd Store own MAC address (SPA) in supplicant PMKSA cache entries
This is needed to be able to determine whether a PMKSA cache entry is
valid when using changing MAC addresses. This could also be used to
implement a mechanism to restore a previously used MAC address instead
of a new random MAC address.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
f1f796a39f tests: hostapd dump_msk_file
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Vinay Gannevaram
309765eb66 PASN: Use separate variables for BSSID and peer address
Using separate variables for BSSID and peer address is needed to support
Wi-Fi Aware (NAN) use cases where the group address is used as the BSSID
and that could be different from any other peer address. The
infrastructure BSS cases will continue to use the AP's BSSID as both the
peer address and BSSID for the PASN exchanges.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:12:50 +02:00
Vinay Gannevaram
42f0c44d84 PASN: Use peer address instead of BSSID as the destination for initiator
Rename struct pasn_data::bssid to peer_addr to be better aligned with
different use cases of PASN and its extensions. This is a step towards
having option to use different peer address and BSSID values for NAN use
cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:03:23 +02:00
Jouni Malinen
153739b4ff wlantest: Clone new PTK to all potentially matching STA entries for MLO
It is possible for there to be multiple STA entries (e.g., one for each
BSS) when a sniffer capture contains multiple associations using MLO.
For such cases, the new PTK information needs to be updated to all
existing STA entries to be able to find the latest TK when decrypting
following frames since the other STA entries might be located first when
trying to figure out how to decrypt a frame.

In addition to the PTK, copy the MLD MAC addresses to the other STA and
BSS entries to make sure the latest values are used when trying to
decrypt frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 22:55:35 +02:00
Veerendranath Jakkam
15583802b9 nl80211: Allow up to 64-byte PMK in NL80211_CMD_SET_PMKSA
Kernel commit 22e76844c566 - ("ieee80211: Increase PMK maximum length to
 64 bytes") increased the maximum allowed length for NL80211_ATTR_PMK to
64 bytes. Thus, allow sending 64 bytes PMK in NL80211_CMD_SET_PMKSA and
if NL80211_CMD_SET_PMKSA fails with ERANGE try NL80211_CMD_SET_PMKSA
again without PMK. Also, skip sending PMK when PMK length is greater
than 64 bytes.

This is needed for some newer cases like DPP with NIST P-521 and
SAE-EXT-KEY with group 21. The kernel change from 48 to 64 octets is
from February 2018, so the new limit should be available in most cases
that might want to use these new mechanisms. Maintain a backwards
compatible fallback option for now to cover some earlier needs for DPP.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-09 13:21:46 +02:00
Jouni Malinen
1e0b7379d6 tests: FT with mobility domain changes
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Jouni Malinen
bbe5f0c1eb FT: Do not try to use FT protocol between mobility domains
wpa_supplicant has support for only a single FT key hierarchy and as
such, cannot use more than a single mobility domain at a time. Do not
allow FT protocol to be started if there is a request to reassociate to
a different BSS within the same ESS if that BSS is in a different
mobility domain. This results in the initial mobility domain association
being used whenever moving to another mobility domain.

While it would be possible to add support for multiple FT key hierachies
and multiple mobility domains in theory, there does not yet seem to be
sufficient justification to add the complexity needed for that due to
limited, if any, deployment of such networks. As such, it is simplest to
just prevent these attempts for now and start with a clean initial
mobility domain association.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Utkarsh Soni
b92f61885c Don't use default RSNE/RSNXE when the driver indicates cross SSID roaming
During cross SSID roaming wpa_supplicant ended up using the default
RSNE/RSNXE in EAPOL-Key msg 2/4 though the driver indicated
(Re)Association Request frame elements without RSNE/RSNXE. This causes
RSNE/RSNXE mismatch between (Re)Association Request frame and EAPOL-Key
msg 2/4.

To avoid this skip copying the default RSNE/RSNXE if the driver
indicates the actually used (Re)Association Request frame elements in
the association event.

Signed-off-by: Utkarsh Soni <quic_usoni@quicinc.com>
2022-11-08 16:01:12 +02:00
Jouni Malinen
d7febe33f6 MLO: Remove unnecessary debug prints about clearing AP RSNE/RSNXE
There is no help from seeing 32 lines of debug prints about clearing
AP's RSNE/RSNXE information for each potential link when such
information has not been set in the first place. These were printed even
when there is no use of MLO whatsoever, so get rid of the prints for any
case where the value has not yet been set.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-08 14:35:35 +02:00
Rhythm Patwa
16d913bfd8 Define AFC vendor commands and events
Wi-Fi Alliance specification for Automated Frequency Coordination (AFC)
system ensures that the Standard Power Wi-Fi devices can operate in 6
GHz spectrum under favorable conditions, without any interference with
the incumbent devices.

Add support for vendor command/events and corresponding
attributes to define the interface for exchanging AFC requests and
responses between the driver and a userspace application.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 21:09:09 +02:00
Jouni Malinen
46f5cf9280 OpenSSL: Fix additional HPKE corner cases
Commit 820211245b ("OpenSSL: Fix HPKE in some corner cases") increased
the buffer size for EVP_PKEY_derive() by 16 octets, but it turns out
that OpenSSL might need significantly more room in some cases. Replace a
fixed length buffer with dynamic query for the maximum size and
allocated buffer to cover that need.

This showed up using the following test case sequence:
dbus_pkcs11 module_wpa_supplicant

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 18:01:33 +02:00
Jouni Malinen
0ccb3b6cf2 tests: External password storage for SAE
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:55 +02:00
Ben Wolsieffer
bdc35acd5a SAE: Allow loading of the password from an external database
There was no support for loading SAE passwords from an external password
database.

Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
2022-11-07 14:02:55 +02:00
Ben Wolsieffer
48dd8994ac Fix external passwords with 4-way handshake offloading
Passphrases/PSKs from external password databases were ignored if 4-way
handshake offloading was supported by the driver. Split the PSK loading
functionality into a separate function and calls if to get the PSK for
handshake offloading.

I tested connecting to a WPA2-PSK network with both inline and external
passphrases, using the iwlwifi and brcmfmac drivers.

Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
2022-11-07 14:02:55 +02:00
Gioele Barabucci
e5a7c852cc systemd: Use interface name in description of interface-specific units
In a system with multiple interfaces, the boot messages as well as the
status information provided by `systemctl` can be confusing without
an immediate way to differentiate between the different interfaces.

Fix this by adding the interface name to the unit description.

Signed-off-by: Gioele Barabucci <gioele@svario.it>
2022-11-07 14:02:55 +02:00
Jouni Malinen
a0628f8a50 OpenSSL: Remove unused assignment from HPKE expand
The length of labeled_info is determined separately, so there is no need
to increment the pos pointer after the final entry has been added.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:55 +02:00
Jouni Malinen
3e1a04afa1 nl80211: Check that attribute addition succeeds in offloaded PASN case
Check nla_put_flag() return value to be consistent with other nla_put*()
uses.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:55 +02:00
Jouni Malinen
0658a22ef1 GAS: Try to make buffer length determination easier for static analyzers
The received frame buffer was already verified to be long enough to
include the Advertisement Protocol element and that element was verified
to have a valid length value, but use of adv_proto[1] in another
function may have been too difficult to figure out for analyzers.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:28 +02:00
Jouni Malinen
271ce71c7a FT: Fix PMK-R0 derivation for FT-SAE-EXT-KEY with SHA512
Not only the hash[] array, but also the r0_key_data[] array needs to be
extended in size to fit the longer key and salt.

Fixes: a76a314c15 ("FT: Extend PMK-R0 derivation for FT-SAE-EXT-KEY")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-07 00:29:39 +02:00
Rohan Dutta
2f61d703a1 MLD STA: Group key handshake processing for GTK/IGTK/BIGTK rekeying
Add support for group rekeying in MLO connection. Parse per link MLO
GTK/IGTK/BIGTK KDEs from Group Key msg 1/2 and configure to the driver.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Rohan Dutta
f0760aa6dd MLD STA: Use AP MLD address as destination for 4-way handshake EAPOL-Key frames
Use AP MLD address as the destination address for EAPOL-Key 4-way
handshake frames since authenticator/supplicant operates above MLD. The
driver/firmware will use RA/TA based on the link used for transmitting
the EAPOL frames.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
8f2e493bec MLD STA: Validation of MLO KDEs for 4-way handshake EAPOL-Key frames
Validate new KDEs defined for MLO connection in EAPOL-Key msg 1/4 and
3/4 and reject the 4-way handshake frames if any of the new KDE data is
not matching expected key data.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
f15cc834cb MLD STA: Processing of EAPOL-Key msg 3/4 frame when using MLO
Process EAPOL-Key msg 3/4 and configure PTK and per-link GTK/IGTK/BIGTK
keys to the driver when MLO is used.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
08512e5f35 MLD STA: Extend key configuration functions to support Link ID
Add support to specify a Link ID for set key operation for MLO
connection. This does not change the existing uses and only provides the
mechanism for extension in following commits.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Rohan Dutta
a4adb2f3e1 MLD STA: Configure TK to the driver using AP MLD address
Configure TK to the driver with AP MLD address with MLO is used. Current
changes are handling only EAPOL-Key 4-way handshake and FILS
authentication cases, i.e., FT protocol case needs to be addressed
separately.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Veerendranath Jakkam
fa5cad61a4 MLD STA: Use AP MLD address in PMKSA entry
Use the AP MLD address instead of the BSSID of a link as the
authenticator address in the PMKSA entry.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:36 +02:00
Rohan Dutta
052bf8a51b MLD STA: Use AP MLD address to derive pairwise keys
Use AP MLD address to derive pairwise keys for MLO connection. Current
changes are handling only PTK derivation during EAPOL-Key 4-way
handshake and FILS authentication, i.e., FT protocol case needs to be
addressed separately.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 18:29:36 +02:00
Veerendranath Jakkam
e784372564 MLD STA: Add MLO KDEs for EAPOL-Key msg 2/4 and 4/4
Add new KDEs introduced for MLO connection as specified in
12.7.2 EAPOL-Key frames, IEEE P802.11be/D2.2.
- Add MAC and MLO Link KDE for each own affliated link (other than the
  link on which association happened) in EAPOL-Key msg 2/4.
- Add MAC KDE in 4/4 EAPOL frame.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 18:19:22 +02:00
Veerendranath Jakkam
472a0b8d60 MLD STA: Set MLO connection info to wpa_sm
Update the following MLO connection information to wpa_sm:
- AP MLD address and link ID of the (re)association link.
- Bitmap of requested links and accepted links
- Own link address for each requested link
- AP link address, RSNE and RSNXE for each requested link

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 18:04:09 +02:00
Veerendranath Jakkam
cc2236299f nl80211: Get all requested MLO links information from (re)association events
Currently only accepted MLO links information is getting parsed from
(re)association events. Add support to parse all the requested MLO links
information including rejected links. Get the rejected MLO links
information from netlink attributes if the kernel supports indicating
per link status. Otherwise get the rejected MLO links information by
parsing (Re)association Request and Response frame elements.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 17:49:09 +02:00
Jouni Malinen
66d7f554e2 tests: Fuzz testing for PASN
Add test tools for fuzzing PASN initiator and responder handling of
received PASN Authentication frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:22:14 +02:00
Jouni Malinen
2e840fb2ab tests: Fix CC and CFLAGS default processing for fuzzing
"make LIBFUZZER=y" was supposed to set CC and CFLAGS to working values
by default if not overridden by something external. That did not seem to
work since the defaults from the other build system components ended up
setting these variables before the checks here. Fix this by replacing
the known default values for non-fuzzing builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:11:47 +02:00
Jouni Malinen
1ca5c2ec2a PASN: Fix spelling of RSNE in debug messages
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:11:47 +02:00
Jouni Malinen
a43536a72b PASN: Verify explicitly that elements are present before parsing
Make sure the elements were present before trying to parse them. This
was already done for most cases, but be consistent and check each item
explicitly before use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:10:45 +02:00
Jouni Malinen
7e38524076 PASN: Fix MIC check not to modify const data
The previous version was using typecasting to ignore const marking for
the input buffer to be able to clear the MIC field for MIC calculation.
That is not really appropriate and could result in issues in the future
if the input data cannot be modified. Fix this by using an allocated
copy of the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 16:52:06 +02:00