Commit graph

7062 commits

Author SHA1 Message Date
Andrei Otcheretianski
a00ace9fd7 AP: Simplify "i" definition in hostapd_config_free_bss()
Declare the variable only once and reuse it instead of openning
unneeded scopes.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-06-23 18:03:51 +03:00
Sven Eckelmann
29f8556189 HE: Fix HE capability check for PPE threshold present
The the mask for PPE threshold present in the HE phy capability byte 6 is
0x80 and not 0x6. This incorrect mask breaks the length calculation and as
result the acceptance of the HE capabilities for STAs which either:

* don't have the PPE threshold present bit set AND the Codebook Size={7,5}
  MU Feedback or the Triggered SU Beamforming feedback bit set

* do have the PPE threshold present set AND neither the Codebook Size={7,5}
  MU Feedback nor the Triggered SU Beamforming feedback bit set

Fixes: 8f5fc369e2 ("HE: Fix HE Capabilities element variable length encoding")
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-22 20:35:26 +03:00
Jouni Malinen
e1e203c800 libtommath: Make sure fast_s_mp_mul_digs initializes the W[] array
Some compilers have started to warn about this and the use of two loops
with ix 0..pa-1 and 0..pa loop a bit suspicious, so better make sure the
array is initialized with zeros before extracting the terms from it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:56:44 +03:00
Jouni Malinen
702cc6da1a TLS: Move ASN.1 DER BOOLEAN validation into generic ASN.1 parsing
This does not need to be specific to X.509, so move the BOOLEAN DER
encoding validation into asn1_get_next() to make it apply for all cases
instead of having to have the caller handle this separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:56:44 +03:00
Jouni Malinen
34c1b75c82 TLS: Only allow 0xff value as TRUE for ASN.1 DER encoded BOOLEAN
While BER encoding allows any nonzero value to be used for TRUE, DER is
explicitly allowing only the value 0xff. Enforce this constraint in
X.509 parsing to be more strict with what is acceptable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:27:36 +03:00
Jouni Malinen
ce11c281ad TLS: Fix X.509v3 BasicConstraints parsing
Handling of the optional pathLenConstraint after cA was not done
properly. The position after cA needs to be compared to the end of the
SEQUENCE, not the end of the available buffer, to determine whether the
optional pathLenConstraint is present. In addition, when parsing
pathLenConstraint, the length of the remaining buffer was calculated
incorrectly by not subtracting the length of the header fields needed
for cA. This could result in reading couple of octets beyond the end of
the buffer before rejecting the ASN.1 data as invalid.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15408
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:11:24 +03:00
Jouni Malinen
84db90e484 OpenSSL: Send cert event for the peer even on CA cert failure
This adds a CTRL-EVENT-EAP-PEER-CERT even for depth=0 even if a depth >
0 certificate results in peer certificate validation error. Previously,
this case resulted in the upper layers not getting any information about
the used peer certificate. Now that information is available, e.g., to
allow server certificate -based overriding of the trust to be done.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-20 23:44:51 +03:00
Jouni Malinen
09448d94a7 Avoid use of a shadowed local variable
The same len variable can be used for both needs within
ieee802_1x_get_keys() to avoid compiler warning about use of shadowed
variable.

Fixes: 0ee6885dae ("macsec: Store EAP-Key-Name as eapSessionId")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-19 01:17:54 +03:00
Liangwei Dong
ef60f0121f hostapd: Process OWE IE and update DH IE to the driver if needed
This implements the required functionality in hostapd to facilitate OWE
connection with the AP SME-in-driver cases. Stations can either send DH
IE or PMKID (in RSNE) (or both) in Association Request frame during the
OWE handshake. The drivers that use this offload mechanism do not
interpret this information and instead, pass the same to hostapd for
further processing. hostapd will either validate the PMKID obtained from
the STA or generate DH IE and further indicate the same to the driver.
The driver further sends this information in the Association Response
frame.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
Liangwei Dong
d1836e2308 nl80211: Introduce the interface to update new DH IE
This command/event interface can be used by SME based host drivers that
rely on user space (hostapd/wpa_supplicant) for DH IE
processing/generation. This interface facilitates the OWE connection
with host drivers by offloading DH IE processing to the user space
(hostapd/wpa_supplicant).

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
Jouni Malinen
3539738cf5 OpenSSL: Report peer certificate before stopping due to validation issue
This is needed to allow upper layer software to learn the hash of the
server certificate for allowing user to override trust root
configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
21f1a1e66c Report TOD policy in peer certificate events
Add tod=1 to CTRL-EVENT-EAP-PEER-CERT events if the peer certificate
includes the TOD policy in the X.509v3 Certificate Policies extension.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
bc0634da4a Pass full struct to peer certificate callbacks
This makes it easier to add new information to the callbacks without
having to modify each callback function type in EAPOL and EAP code every
time.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:50 +03:00
Jouni Malinen
a6ed414c82 TLS: Be more careful in X.509 Time parsing
sscanf() can apparently read beyond the end of the buffer even if the
maximum length of the integer is specified in the format string. Replace
this parsing mechanism with helper functions that use sscanf() with NUL
terminated string to avoid this.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15158
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-11 06:34:19 +03:00
Jouni Malinen
d438b4a3ce tests: Fix CFLAGS passing for new fuzzing tools
src/*/Makefile needs to allow additional CFLAGS values to be provided
from the calling Makefiles so that the clang command line arguments to
enable sanitizers consistently. In addition, it can be useful to be able
to provide CC, CFLAGS, and LDFLAGS from external setup while still
requesing LIBFUZZER=y build. Allow that by not overriding these
variables if they are already set.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-11 06:34:19 +03:00
Vamsi Krishna
9c7e4f94de Add a QCA vendor attr to disable auto resume beacon reporting
The driver automatically starts beacon reporting if it pauses the beacon
reporting for any reason other than disconnection. In specific cases,
userspace may not want the beacon reporting to be automatically resumed
after a pause. Add interface support for userspace to specify driver not
to start beacon reporting automatically after a pause.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-05 23:10:56 +03:00
Jouni Malinen
59fcb3f0b1 RADIUS server: Add EAP-Key-Name into Access-Accept
If the EAP Session-ID is available, add it into Access-Accept
(EAP-Key-Name attribute). This is needed for MACsec.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
Jouni Malinen
b09670abfb macsec_linux: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
Jouni Malinen
524dc5bf10 macsec: Do not change eapol_version for non-MACsec cases in hostapd
It is safer to maintain the old EAPOL version (2) in EAPOL frames that
are not related to MACsec and only update the version to 3 for the
MACsec specific cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
a93b369c17 macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
a872bfcf31 macsec: Export eapSessionId
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
0ee6885dae macsec: Store EAP-Key-Name as eapSessionId
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
a90cc1c997 macsec: Note that MKA takes care of EAPOL-MKA processing
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
3e21a47eab macsec_qca: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
29c832d0ea macsec: Add configuration parameters for hostapd
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
Jouni Malinen
a1f3f88ac7 tests: New style fuzzing tool for EAP-AKA peer processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 17:02:57 +03:00
Jouni Malinen
23ddc7b810 tests: New style fuzzing tool for EAP-SIM peer processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 16:42:41 +03:00
Shiva Krishna Pittala
1006c4be2d Add QCA vendor attributes for configuring Spectral DMA debug
Add the following vendor attributes under the enum
qca_wlan_vendor_attr_spectral_scan to support the configuration of
Spectral DMA debug.

  1. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_RING_DEBUG
	Enable/disable debug of the Spectral DMA ring
  2. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG
	Enable/disable debug of the Spectral DMA buffers

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 23:06:29 +03:00
Edayilliam Jayadev
0fa0858fe7 Add QCA vendor attributes for agile spectral scan
Add QCA vendor attributes to spectral scan related vendor commands to
support agile spectral scan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-31 23:02:46 +03:00
Hai Shalom
4df4133917 EAP-SIM/AKA: Add support for anonymous@realm
SIM-based EAP authentication with IMSI encryption requires a special EAP
Identity response: anonymous@realm. Then the server sends AKA-Identity
request which is answered with the encrypted IMSI. Add logic that
indicates if the special anonymous identity is used. Otherwise, this
field is used for storing the pseudonym.

Test: Connect to Carrier Wi-Fi, verify correct behavior from captures
Test: Connect to non IMSI encrypted EAP-AKA AP, verify pseudonym usage
Signed-off-by: Hai Shalom <haishalom@google.com>
2019-05-31 16:52:15 +03:00
Srinivas Dasari
14d85a5af7 SAE: Do not send PMKID to the driver if PMKSA caching is disabled
External auth status to the driver includes the PMKID derived as part of
SAE authentication, but this is not valid if PMKSA caching is disabled.
Drivers might not be expecting PMKID when it is not valid. Do not send
the PMKID to the driver in such cases.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2019-05-31 16:52:15 +03:00
Ashok Kumar
2552a3735a SAE: Fix external_auth status in driver-SME STA case with AP SME support
A driver that uses internal AP SME may need to be able to use the
external_auth status operation in station mode, so do not skip this
solely based on drv->device_ap_sme; instead, use that condition only
when operating in AP mode.

Fix external_auth status in non SME case.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2019-05-31 16:52:15 +03:00
Hu Wang
683f86778d P2P: Send Action frame regardless if p2p_scan in progress
With radio work design, send Action frame request will be queued and
wait for p2p-scan to finish, so there is no need to delay send_action.

This change revisits the logic (added before the radio work framework)
in below commits:

3f9285f P2P: Delay send_action call if p2p_scan is in progress
f44ae20 P2P: Drop pending TX frame on new p2p_connect
9d562b7 P2P: Add p2p_unauthorize command
63a965c P2P: Fix after_scan_tx processing during ongoing operations
9a58e52 P2PS: Callback to create pending group after sending PD Response
3433721 P2P: Continue p2p_find after sending non-success Invitation Response

Signed-off-by: Hu Wang <huw@codeaurora.org>
2019-05-31 16:52:15 +03:00
Haim Dreyfuss
de6aafaa63 AP: Consider regulatory limitation when filling WMM element
In case the current channel has regulatory WMM limitations, take them
into account when filling the WMM element. Also check if the new WMM
element is different from the previous one and if so change the
parameter_set_count to imply stations to look into it.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2019-05-28 23:37:25 +03:00
Haim Dreyfuss
636c02c6e9 nl80211: Add regulatory wmm_limit to hostapd_channel_data
ETSI EN 301 893 v2.1.1 (2017-05) standard defines a new channel access
mechanism that all devices (WLAN and LAA) need to comply with.
In previous versions the device was allowed by ETSI to implement
802.11 channel access mechanism based on a set of priority classes
which are taken from 802.11. According of the new standard there
might be some exceptions which require ETSI countries to follow
more restrictive rules. In such a case the AP's wmm IE need to
comply with ETSI limitation. To be able to do so the regulatory
domain passes the new limitation values if needed.
Implement this, by storing it and use it to calculate the new
WMM parameters.

This commit adds determination of regulator limitations to
NL80211_CMD_GET_WIPHY processing so that the information is available
for upper layer implementation to use later when constructing WMM
element.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2019-05-28 18:54:05 +03:00
Pradeep Kumar Chitrapu
c36109e4d9 nl80211: Add support to probe specific mesh link by injecting frames
Add support for injecting frames to a given mesh peer, bypassing the
mpath table lookup using PROBE_MESH_LINK command. This helps to send
data frames over unexercised direct mesh path, which is not selected as
next_hop node. This can be helpful in measuring link metrics.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2019-05-28 14:32:23 +03:00
Jouni Malinen
4087957814 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-04-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 14:31:29 +03:00
Johannes Berg
b6f8b5a964 nl80211: Update freq only when CSA completes
In the case of the ap_csa_disable test, I frequently see
failures due to the kernel *not* having switched, but the
CSA-STARTED event having been processed, and thus the
frequency having been updated already.

This is wrong at least for AP mode, the frequency we store
for this case internally in nl80211 should only be updated
when the channel switch completes, otherwise we end up in
a situation where the switch is aborted and the kernel is
thus on the old channel, but the internal information has
been updated and every subsequent mgmt-frame TX fails due
to being tagged with the wrong channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:48:21 +03:00
Santtu Lakkala
8ba809f67b OpenSSL: Allow ca_cert_blob in PEM format
GnuTLS backend already accepts CA cert blobs in both DER and PEM
formats. Implement similar trial-and-error handling in OpenSSL backend.

Signed-off-by: Santtu Lakkala <santtu.lakkala@jolla.com>
2019-05-28 13:39:01 +03:00
Johannes Berg
d5d156bd92 AP: add station with basic rates configuration
When a new station is added, let it have some supported rates
(they're empty without this change), using the basic rates
that it must support to connect.

This, together with the kernel-side changes for client-side,
lets us finish the complete auth/assoc handshake with higher
rates than the mandatory ones, without any further config.

However, the downside to this is that a broken station that
doesn't check the basic rates are supported before it tries
to connect will possibly not get any response to its auth
frame.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:33:00 +03:00
John Crispin
4f3f33804a HE: Make the basic NSS/MCS configurable
Add a config option to allow setting a custom Basic NSS/MCS set. As a
default we use single stream HE-MCS 0-7.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:45:04 +03:00
John Crispin
63e1940432 HE: Verify supported capabilities
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:42:40 +03:00
John Crispin
0cd5b4ee30 HE: Enable channel switch similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:42:14 +03:00
John Crispin
958cb34886 HE: Enable DFS similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:41:49 +03:00
John Crispin
1d2c45ecfc HE: Enable ACS similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:41:23 +03:00
John Crispin
8b18d2b24e HE: Disable HE on channel 14
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:40:59 +03:00
John Crispin
de21d1d6e2 HE: Handle HE capability in neighbor DB
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:40:33 +03:00
John Crispin
88005ee98d HE: Pass in HE information into hostapd_set_freq_params()
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:33:59 +03:00
John Crispin
ad9a1bfe78 nl80211: Share VHT channel configuration for HE
Set operating channel bandwidth and center frequencies using the same
attributes for VHT and HE.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:03:39 +03:00
John Crispin
78d35b16de HE: Add AP mode MLME/SME handling for HE stations
Process HE information in (Re)Association Request frames and add HE
elements into (Re)Association Response frames when HE is enabled in the
BSS.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:40:48 +03:00