Jouni Malinen [Thu, 17 May 2018 19:02:02 +0000 (22:02 +0300)]
wolfSSL: Fix crypto_bignum_rshift() wrapper
The n argument to this function is number of bits, not bytes, to shift.
As such, need to use mp_rshb() instead of mp_rshd(). This fixes EAP-pwd
with P-521 curve.
Jouni Malinen [Wed, 16 May 2018 16:01:23 +0000 (19:01 +0300)]
OWE: Mark connection failed in the unlikely no-bss-entry case
If no BSS entry can be found when processing association rejected event
from the driver for the special OWE case of unsupported
finite-cyclic-group, process the event as a connection failure instead
of just skipping the the OWE retry with another DH group.
This is since VHT config from chan_switch is processed only for
bandwidths 80 and above (80P80, 160) and for VHT20, VHT40 cases, only
NLA chan type and chan width are updated.
There is no NL attribute for determining if it is HT or VHT for
bandwidths 20 & 40 and currently they are updated as HT20, HT40 (+ or -
depending on offset). Same is notified back via
NL80211_CMD_CH_SWITCH_NOTIFY.
Instead of adding new NL attribute for tracking HT/VHT enabled config,
we are adding new hostapd VHT config parameter to save the chan_switch
config and use only for chan_switch case of VHT20 and VHT40.
Tested with all combinations of chan_switch (noHT->20->40->80->) HT/VHT
and confirmed to be working.
Srinivas Dasari [Mon, 7 May 2018 14:07:08 +0000 (19:37 +0530)]
OWE: Get the bss from bssid of assoc_reject to try for next group
On an assoc_reject from the BSS with the status=77, a connection attempt
with the next supported group happens. The BSS considered here is from
current_bss which may be NULL at this point of time with SME-in-driver
case. Address this by getting the BSS from the bssid obtained in
association reject indication and skip the step if no BSS entry can be
found.
ACS: Avoid invalid interference factor when survey channel time is zero
When the channel time is zero the interference factor calculation falls
under divide by zero operation which results in invalid (NaN =
not-a-number) interference factor value. This leads to wrong ideal
channel selection in ACS during the scenario described below.
Scenario:
In VHT80 mode, the channel 36 (first channel) gets the channel time as
zero which causes the interfactor factor to be an invalid number (NaN).
Any operations (like addition, mulitplication, divide, etc.) with NaN
value results in a NaN value, so that average factor for the primary
channel 36 got the invalid value (NaN). Since channel 36 is the first
channel, ideal factor is assigned as NaN in the first iteration. The
following iteration condition check (factor < ideal_factor) with a NaN
value fail for all other primary channels. This results in channel 36
being chosen as the ideal channel in ACS which holds a NaN value.
Logs:
ACS: Survey analysis for channel 36 (5180 MHz)
ACS: 1: min_nf=-103 interference_factor=nan nf=0 time=0 busy=0 rx=0
ACS: 2: min_nf=-103 interference_factor=0.615385 nf=-102 time=13 busy=8 rx=0
ACS: 3: min_nf=-103 interference_factor=2.45455 nf=0 time=22 busy=16 rx=0
ACS: 4: min_nf=-103 interference_factor=0.785714 nf=-103 time=42 busy=33 rx=0
ACS: 5: min_nf=-103 interference_factor=nan nf=0 time=0 busy=0 rx=0
ACS: * interference factor average: nan
...
ACS: * channel 36: total interference = nan
..
ACS: * channel 149: total interference = 5.93174e-21
..
ACS: Ideal channel is 36 (5180 MHz) with total interference factor of nan
Jeff Johnson [Mon, 14 May 2018 19:00:19 +0000 (12:00 -0700)]
Fix style issues in qca-vendor.h
Over time a number of style issues have crept into qca-vendor.h,
so fix most of them. There are some identifiers and comments which
exceed 80 columns, but these are left as-is for readability.
Srinivas Dasari [Thu, 10 May 2018 10:13:28 +0000 (15:43 +0530)]
SAE: Flush PMKSA if an assoc reject without timeout is received
Flush the PMKSA upon receiving association reject event without timeout
in the event data in SME-in-driver case to avoid trying to use the old
PMKSA entry in subsequent connection attempts. Do not flush PMKSA if
association reject is received with timeout as it is generated
internally from the driver without reaching the AP. This is similar to
the SME-in-wpa_supplicant case that was already addressed within
sme_event_assoc_reject().
Jouni Malinen [Tue, 15 May 2018 17:40:24 +0000 (20:40 +0300)]
wext: Avoid gcc warnings on restricted pointer aliasing
The first two parameters to readlink() are marked restricted and at
least gcc 8.2 warns about used the same pointer for then, so avoid this
by using separate buffers for the pathname and response buffer.
Jouni Malinen [Fri, 4 May 2018 20:56:32 +0000 (23:56 +0300)]
tests: Do not fail if driver supports power saving
Couple of "invalid value" tests started to fail now that mac80211_hwsim
actually accepts power save configuration. Fix these by running the same
command for more code coverage, but in a way that ignores the result of
the operation (succeeds with older kernel versions and fails with
newer).
Ahmad Masri [Mon, 30 Apr 2018 10:42:04 +0000 (13:42 +0300)]
FT: Clear SME FT data on disassoc
SME ft_used flag is sometimes not cleared on disassoc. For example,
after initial FT connection, ft_used is set while ft_ies stays NULL.
Later on, upon disassoc, sme_update_ft_ies() is not invoked and ft_used
is not cleared. Fix this by invoking sme_update_ft_ies() also in case
ft_used is set.
This is needed to fix an issue with drivers that use nl80211 Connect API
with FT and expect to the NL80211_AUTHTYPE_OPEN specified in the Connect
command for the initial mobility domain association.
Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Sean Parkinson [Thu, 29 Mar 2018 04:55:55 +0000 (14:55 +1000)]
wolfSSL: Fix crypto_ec_point_solve_y_coord()
Provide full uncompressed DER data length to wc_ecc_import_point_der()
even though a compressed form is used here. In addition, use
ECC_POINT_COMP_* defined values to make this more readable.
Jouni Malinen [Tue, 1 May 2018 19:11:48 +0000 (22:11 +0300)]
tests: Enable TLS v1.3 explicitly in the authentication server
For testing purposes, enable TLS v1.3 in the authentication server so
that the protocol version can be controlled from wpa_supplicant side
more easily.
Jouni Malinen [Tue, 1 May 2018 19:12:37 +0000 (22:12 +0300)]
EAP-TLS server: Disable TLS v1.3 by default
The current EAP peer implementation is not yet ready for the TLS v1.3
changes with EAP-TTLS, EAP-PEAP, and EAP-FAST, so disable TLS v1.3 for
this EAP method for now.
While the current EAP-TLS implementation is more or less complete for
TLS v1.3, there has been no interoperability testing with other
implementations, so disable for by default for now until there has been
chance to confirm that no significant interoperability issues show up
with TLS version update. tls_flags=[ENABLE-TLSv1.3] configuration
parameter can be used to enable TLS v1.3 (assuming the TLS library
supports it; e.g., when using OpenSSL 1.1.1).
Jouni Malinen [Tue, 1 May 2018 18:58:35 +0000 (21:58 +0300)]
EAP-TLS peer: Disable TLS v1.3 by default
The current EAP peer implementation is not yet ready for the TLS v1.3
changes with EAP-TTLS, EAP-PEAP, and EAP-FAST, so disable TLS v1.3 for
this EAP method for now.
While the current EAP-TLS implementation is more or less complete for
TLS v1.3, there has been no interoperability testing with other
implementations, so disable for by default for now until there has been
chance to confirm that no significant interoperability issues show up
with TLS version update. phase1="tls_disable_tlsv1_3=0" configuration
parameter can be used to enable TLS v1.3 (assuming the TLS library
supports it; e.g., when using OpenSSL 1.1.1).
Jouni Malinen [Tue, 1 May 2018 18:52:45 +0000 (21:52 +0300)]
EAP-TLS: Extend TLS version config to allow TLS v1.3 to be disabled
This may be needed to avoid interoperability issues with the new
protocol version and significant changes for EAP use cases in both key
derivation and handshake termination.
It looks like OpenSSL 1.1.1 accepted the openssl_ciphers=FOO test
configuration or well, at least does not reject it like previous
versions did. For now, ignore this failure.
Jouni Malinen [Tue, 1 May 2018 18:45:29 +0000 (21:45 +0300)]
OpenSSL: Move server vs. client information into connection data
This makes this more easily available throughout the handshake
processing, if needed, compared to having to pass through the function
argument through the full path from
tls_connection{,_server}_handshake().
Jouni Malinen [Tue, 1 May 2018 14:51:34 +0000 (17:51 +0300)]
EAP-TLS peer: Allow NewSessionTicket after Client Finished with TLS v1.3
The EAP session cannot be marked fully completed on sending Client
Finished with TLS v1.3 since the server may still send NewSessionTicket
before EAP-Success.
Jouni Malinen [Tue, 1 May 2018 14:49:19 +0000 (17:49 +0300)]
EAP-TLS peer: Support fragmentation of last message
With TLS v1.3, the Finished message from the client can require
fragmentation. Postpone key derivation and marking of the EAP session
fully completed until all the fragments of that last message are sent to
avoid losing all the subsequent fragments.
Jouni Malinen [Tue, 1 May 2018 14:42:33 +0000 (17:42 +0300)]
Mark eap_server_tls_derive_key() label argument const
This value is going to be used only with a helper function that takes it
in as a const value, so use the same style here to simplify callers in
upcoming TLS v1.3 changes.
Jouni Malinen [Tue, 1 May 2018 09:41:28 +0000 (12:41 +0300)]
OpenSSL: Terminate TLS handshake if ClientHello cannot be generated
OpenSSL 1.1.1 added cases where ClientHello generation may fail due to
"no ciphers available". There is no point in sending out the resulting
TLS Alert message to the server since the server does not know what to
do with it before ClientHello. Instead, simply terminate the TLS
handshake locally and report EAP failure to avoid getting stuck waiting
for a timeout.
Jouni Malinen [Tue, 1 May 2018 09:10:07 +0000 (12:10 +0300)]
tests: Fix ap_wpa2_eap_fast_cipher_suites with OpenSSL 1.1.1
RC4-SHA cipher case ended up allowing the handshake to be started just
to fail with "no ciphers available" when trying to generate ClientHello.
Fix this by handling an EAP failure case for the RC4-SHA test step with
OpenSSL 1.1.*.
Jouni Malinen [Tue, 1 May 2018 09:02:57 +0000 (12:02 +0300)]
DPP: Fix testing code for invalid keys with OpenSSL 1.1.1
OpenSSL started reporting failures from
EC_POINT_set_affine_coordinates_GFp() similarly to BoringSSL, so use the
same workaround to enable this protocol testing case.
HS 2.0: Maintain a database of pending T&C acceptance sessions
The new SQLite table pending_tc is used to maintain a list of sessions
that need to accept Terms and Conditions. This information can be used
on an external Terms and Conditions server to map the incoming MAC
address information into user identity.
Add QCA vendor command/attr to filter frames from other BSSs
Add commands to allow an AP to configure filtering rules to capture
frames from stations that are active on the operating channel, but
not associated to this AP. Operations include add/delete the filter
and get the statistics information of the unassociated stations.
HS 2.0: Terms and Conditions testing feature in authentication server
Allow hostapd RADIUS authentication server with SQLite EAP user DB to be
used for testing Terms and Conditions functionality. This could be used
for the HO AAA part of functionality (merging HO AAA and SP AAA into a
single component to avoid separate RADIUS proxy in testing setup).
A T&C server with HTTPS processing is needed to allow this to be used
for full over-the-air testing. This commit adds sufficient functionality
to allow hwsim test cases to cover the RADIUS server part.
DFS: Mark channels required DFS based on reg-domain info from the driver
Mark a channel as required DFS based on regulatory information received
from the driver/kernel rather than deciding based on hardcoded
boundaries on the frequency. Previously few channels were being marked
as requiring DFS even though they were non-DFS in a particular country.
If the driver does not provide channel list information, fall back to
the previously used frequency-based determination.
HS 2.0: Process received Terms and Conditions Acceptance notification
Extend wpa_supplicant WNM-Notification RX handling to parse and process
received Terms and Conditions Acceptance notifications. If PMF is
enabled for the association, this frame results in control interface
indication (HS20-T-C-ACCEPTANCE <URL>) to get upper layers to guide the
user through the required acceptance steps.
HS 2.0: Send Terms and Conditions Acceptance notification
This extends hostapd Access-Accept processing to check if the RADIUS
server indicated that Terms and Conditions Acceptance is required. The
new hs20_t_c_server_url parameter is used to specify the server URL
template that the STA is requested to visit.
This commit does not enable any kind of filtering, i.e., only the part
of forwarding a request from Access-Accept to the STA using
WNM-Notification is covered.
HS 2.0: Terms and Conditions attributes in Access-Request messages
This extends hostapd with two new configuration parameters
(hs20_t_c_filename and hs20_t_c_timestamp) that can be used to specify
that the Terms and Conditions attributes are to be added into all
Access-Request messages for Hotspot 2.0 STAs.
hostapd: Add ctrl iface indications for WDS STA interface
This allows user to get event indication when a new interface is
added/removed for 4addr WDS STA and also WDS STA ifname is informed
through the STA command.
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
FILS: Enable SHA256 KDF even without PMF/SAE in the build
While it is unlikely that FILS would be used without PMF or SAE in the
build, it is possible to generate such a build and as such, it would be
good for the KDF selection to work properly. Add CONFIG_FILS as an
independent condition for the SHA256-based KDF. Previously, this
combination would have resulted in failure to derive keys and terminated
key management exchange.
Do not remove CCMP group cipher if any CCMP/GCMP cipher is enabled
CCMP group cipher was removed if CCMP was not allowed as a pairwise
cipher when loading a configuration file (but not actually when changing
configuration during runtime). This is needed to avoid issues with
configurations that use the default group cipher (TKIP CCMP) while
modifying pairwise cipher from the default CCMP TKIP) to TKIP. However,
there is not really a need to remove the CCMP group cipher if any GCMP
or CCMP cipher is enabled as a pairwise cipher.
Change the network profile validation routine to not remove CCMP as
group cipher if CCMP-256, GCMP, or GCMP-256 is enabled as a pairwise
cipher even if CCMP is not.
Tova Mussai [Mon, 21 Aug 2017 16:42:19 +0000 (19:42 +0300)]
AP: Handle AP initalization failure in async flow
When AP initialization is completed in a callback (e.g., OBSS scan),
wpa_supplicant_deinit_ap() is not called in case of failure. Fix this by
calling setup_complete_cb in case of failure, too, which in turn calls
wpa_supplicant_deinit_ap() if needed.
Ahmad Masri [Mon, 16 Apr 2018 10:52:27 +0000 (13:52 +0300)]
FT: Add MDE to assoc request IEs in connect params
Add MDE (mobility domain element) to Association Request frame IEs in
the driver assoc params. wpa_supplicant will add MDE only if the network
profile allows FT, the selected AP supports FT, and the mobility domain
ID matches.
Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
HS 2.0: Add Roaming Consortium Selection element into AssocReq
This makes wpa_supplicant add Hotspot 2.0 Roaming Consortium Selection
element into (Re)Association Request frames if the network profile
includes roaming_consortium_selection parameter.
This adds new roaming_consortium_selection network profile parameter
into wpa_supplicant. This is used to store the OI that was used for
network selection (INTERWORKING_SELECT) based on matching against the
Roaming Consortium OIs advertised by the AP. This can also be used when
using an external component to perform selection.
This commit adds the network profile parameter, but does not yet include
it in (Re)Association Request frames.
HS 2.0: Use roaming_consortiums list to match OIs for access
This extends Hotspot 2.0 credential matching to consider the
roaming_consortiums parameter when determining whether the cred block
matches the information advertised by an AP.
HS 2.0: Add a new cred block parameter roaming_consortiums
This new string parameter contains a comma delimited list of OIs
(hexdump) in a string. This is used to store Hotspot 2.0
PerProviderSubscription/<X+>/HomeSP/RoamingConsortiumOI. This commit
includes the configuration changes to parse and write the parameter. The
actual values are not yet used in Interworking network selection.
HS 2.0: Copy Roaming Consortium OI from (Re)AssocReq to Access-Request
This extends hostapd processing of (Re)Association Request frames to
store a local copy of the Consortium OI within the Roaming Consortium
Selection element, if present, and then add that in HS 2.0 Roaming
Consortium attribute into RADIUS Access-Request messages.
This extends hostapd Hotspot 2.0 implementation to allow operator icons
to be made available. The existing hs20_icon parameter is used to define
the icons and the new operator_icon parameter (zero or more entries) is
used to specify which of the available icons are operator icons. The
operator icons are advertised in the Operator Icon Metadata ANQP-element
while the icon data can be fetched using the same mechanism (icon
request/binary file) that was added for the OSU Providers icons.
HS 2.0: Add fetching of Operator Icon Metadata ANQP-element
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.
projects / thirdparty / hostap.git / log
