Make struct wpa_eapol_key easier to use with variable length MIC
Suite B 192-bit addition from IEEE Std 802.11ac-2013 replaced the
previous fixed length Key MIC field with a variable length field. That
change was addressed with an addition of a new struct defined for the
second MIC length. This is not really scalable and with FILS coming up
with a zero-length MIC case for AEAD, a more thorough change to support
variable length MIC is needed.
Remove the Key MIC and Key Data Length fields from the struct
wpa_eapol_key and find their location based on the MIC length
information (which is determined by the AKMP). This change allows the
separate struct wpa_eapol_key_192 to be removed since struct
wpa_eapol_key will now include only the fixed length fields that are
shared with all EAPOL-Key cases in IEEE Std 802.11.
Jouni Malinen [Mon, 10 Oct 2016 17:23:57 +0000 (20:23 +0300)]
tests: Update eap_proto_psk_errors and ap_wpa2_eap_psk_oom
The extension of aes_128_ctr_encrypt() to allow AES-192 and AES-256 to
be used in addition to AES-128 for CTR mode encryption resulted in the
backtrace for the function calls changing. Update the test cases that
started failing due to that change.
Jouni Malinen [Mon, 10 Oct 2016 16:27:57 +0000 (19:27 +0300)]
Extend AES-SIV implementation to support different key lengths
The previous implementation was hardcoded to use 128-bit AES key
(AEAD_AES_SIV_CMAC_256). Extend this by allowing AEAD_AES_SIV_CMAC_384
and AEAD_AES_SIV_CMAC_512 with 192-bit and 256-bit AES keys.
Michael Braun [Sat, 24 Sep 2016 20:53:42 +0000 (22:53 +0200)]
FT: Allow PMK-R0 and PMK-R1 for FT-PSK to be generated locally
Station should be able to connect initially without ft_pmk_cache filled,
so the target AP has the PSK available and thus the same information as
the origin AP. Therefore neither caching nor communication between the
APs with respect to PMK-R0 or PMK-R1 or VLANs is required if the target
AP derives the required PMKs locally.
This patch introduces the generation of the required PMKs locally for
FT-PSK. Additionally, PMK-R0 is not stored (and thus pushed) for FT-PSK.
So for FT-PSK networks, no configuration of inter-AP communication is
needed anymore when using ft_psk_generate_local=1 configuration. The
default behavior (ft_psk_generate_local=0) remains to use the pull/push
protocol.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Sat, 8 Oct 2016 16:43:36 +0000 (19:43 +0300)]
EAP-pwd: Validate Prep field in EAP-pwd-ID/Response
RFC 5931 Section 2.8.5.1 does not list the Prep field as something that
the server validates to match the Request. However, the supplicant side
has to use the same pre-processing mechanism for the password for the
authentication to work, so we may as well as enforce this field to match
the requested value now that wpa_supplicant implementation is fixed to
copy the value from the request.
Brian Candler [Sat, 8 Oct 2016 07:09:07 +0000 (08:09 +0100)]
EAP-pwd: Fix Prep in EAP-pwd-ID/Response when EAP_PWD_PREP_MS is used
Fix the pre-processing field in the response when EAP_PWD_PREP_MS is
being used. This fixes interoperability with EAP-pwd servers that
validate the Prep field in EAP-pwd-ID/Response when the RFC2759
(PasswordHashHash) pre-processing is used.
Signed-off-by: Brian Candler <B.Candler@pobox.com>
Sabrina Dubroca [Fri, 7 Oct 2016 10:08:10 +0000 (12:08 +0200)]
mka: Pass full structures down to macsec drivers' receive SC ops
Clean up the driver interface by passing pointers to struct receive_sc
down the stack to the {create,delete}_recevie_sc() ops, instead of
passing the individual properties of the SC.
Sabrina Dubroca [Fri, 7 Oct 2016 10:08:09 +0000 (12:08 +0200)]
mka: Pass full structures down to macsec drivers' transmit SC ops
Clean up the driver interface by passing pointers to struct transmit_sc
down the stack to the {create,delete}_transmit_sc() ops, instead of
passing the individual arguments.
Lior David [Sun, 25 Sep 2016 09:29:07 +0000 (12:29 +0300)]
Add QCA vendor attributes for measurement frequency for FTM/AOA
Add attributes for specifing the frequency where FTM/AOA measurement is
done over the air. This allows the user space framework to maintain its
own cache of peers without depending on the kernel scan results cache,
or perform scans less often (since entries in the kernel scan results
cache expire quickly). The change is backward compatible. If the
frequency attribute is not specified, the kernel scan results cache will
be queried, like done today.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
mka: Pass full structures down to macsec drivers' receive SA ops
Clean up the driver interface by passing pointers to struct receive_sa
down the stack to the {create,enable,disable}_receive_sa() ops, instead
of passing the individual properties of the SA.
mka: Pass full structures down to macsec drivers' transmit SA ops
Clean up the driver interface by passing pointers to struct transmit_sa
down the stack to the {create,enable,disable}_transmit_sa ops, instead
of passing the individual properties of the SA.
mka: Pass full structures down to macsec drivers' packet number ops
Clean up the driver interface by passing pointers to structs transmit_sa
and receive_sa down the stack to get_receive_lowest_pn(),
get_transmit_next_pn(), and set_transmit_next_pn() ops, instead of
passing the individual arguments.
mka: Move structs {transmit,receive}_{sa,sc} to a common header
These structs will be passed down to macsec drivers in a coming patch to
make the driver interface cleaner, so they need to be shared between the
core MKA implementation and the drivers.
Jouni Malinen [Mon, 3 Oct 2016 08:35:42 +0000 (11:35 +0300)]
tests: Fix wpas_ctrl_sched_scan_plans without WPA_TRACE
This test case did not clear sched_scan_plans if alloc_fail() resulted
in skipping the test case. This would result in the following
autoscan_exponential and autoscan_periodic test cases failing.
In case that a dedicated P2P Device interface is used, a new interface
must be create for a P2P group. Thus, in order to send mgmt
frames, attach a new WpaSupplicant object to the newly created group
and use this object for sending the frames.
Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Mon, 5 Sep 2016 14:33:08 +0000 (17:33 +0300)]
tests: Use global control interface to remove P2P networks
Use the global control interface to remove P2P networks in
persistent_group_peer_dropped3 to support configurations that use a
dedicated P2P Device interface.
tests: Fix p2p_ext_vendor_elem_assoc test with P2P Device interface
For configurations that use a dedicated P2P Device interface, which
mandates that a separate interface is used for the P2P group, vendor
specific IE's must be added to the VENDOR_ELEM_P2P_* frame types in
order to be used by the P2P group interface. The VENDOR_ELEM_ASSOC_REQ
(13) parameter would need to be issued on the group interface which
would be challenging to do due to timing in case a separate group
interface gets used.
In case a dedicated P2P Device interface is used, don't include a test
for VENDOR_ELEM_ASSOC_REQ to avoid failing this part of the test case.
PNO is sometimes restarted due to changes in scan parameters
(e.g., selected network changed or MAC randomization being
enabled/disabled). Restart is done by stopping PNO and immediately
starting it again. This may result in the SCHED_SCAN_STOPPED event being
received after the request for new PNO, which will make wpa_supplicant
believe PNO is not active although it is actually is. As a result, the
next request to start PNO will fail because PNO is active and should be
stopped first.
Fix this by deferring the request to start PNO until the
SCHED_SCAN_STOPPED event is received in case sched_scan is being
stopped.
Continue scanning if sched_scan stops unexpectedly
When scheduled scan stops without the interface request (for example,
driver stopped it unexpectedly), start a regular scan to continue
scanning for networks and avoid being left with no scan at all.
David Spinadel [Mon, 5 Sep 2016 14:33:07 +0000 (17:33 +0300)]
Remove disconnected APs from BSS table if likely out-of-range
In some cases, after a sudden AP disappearing and reconnection to
another AP in the same ESS, if another scan occurs, wpa_supplicant might
try to roam to the old AP (if it was better ranked than the new one)
because it is still saved in BSS list and the blacklist entry was
cleared in previous reconnect. This attempt is going to fail if the AP
is not present anymore and it'll cause long disconnections.
Remove an AP that is probably out of range from the BSS list to avoid
such disconnections. In particular mac80211-based drivers use the
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated
disconnection events for cases where the AP does not reply anymore.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
tests: Fix ap_track_taxonomy to clear country code setting
This test case could have ended with the station devices still in US
regulatory domain and that could make a following test case fail in some
sequences. For example, "ap_track_taxonomy ibss_5ghz" sequence made
ibss_5ghz fail to see the regdom change event since there was not one
due to the US country code already being in use at the beginning of the
test case. Fix this by clearing the country code at the end of
ap_track_taxonomy.
As the scan channels might need to change when the channel list has been
updated by the kernel. Use the simulated sched_scan timeout
(wpas_scan_restart_sched_scan()) to handle a possible race where an
ongoing sched_scan has stopped asynchronously while trying to restart a
new sched_scan.
MBO: Add support to send ANQP request to get cellular preference
This extends ANQP_GET command to support querying MBO cellular
preference also. The cellular preference can be requested along with
neigbor report by appending mbo:1 to the command arguments.
Share a common helper function for restarting sched_scan
This code sequence was already used at two different places (and an
additional one has been proposed), so add a common helper function to
avoid having to copy-paste this functionality in multiple locations.
The user space app use QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI cmd to
get the corresponding antenna rssi value for the specific chain. And the
associcated attributes are added to configure the antenna diversity and
related selftest.
MBO: Do not add reason_detail in non_pref_chan attr (STA)
The reason detail field in non_pref_chan attribute was removed from MBO
draft v0.0_r25, so the STA should not include this field to be compliant
with the latest draft.
WNM: Add testing option to reject BSS Transition Management Request
For testing purposes, it is useful to have an option to be able to
reject BTM Request sent by AP in order to verify the AP behavior upon
BTM Request rejection.
MBO: Add QCA vendor option to configure driver to ignore assoc disallow
MBO capable APs can set association disallowed in the Beacon/Probe
Response frames. For testing purposes, the STA needs to be configured to
not ignore the association disallowed set by APs and continue to connect
to such AP like non-MBO enabled STA. Add a QCA vendor attribute for
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION vendor sub command to
configure the driver to ignore association disallowed functionality.
MBO: Add support to ignore association disallowed set by AP
Add a testing mechanism to allow association disallowed set by AP to be
ignored. This can be used to verify AP behavior for disallowing a
specific association.
Mikael Kanstrup [Tue, 20 Sep 2016 06:40:06 +0000 (08:40 +0200)]
tests: Add testcase for reconnect failure due to auth timeout
Add testcase to verify a failed reconnect attempt due to authentication
timeout blacklists the correct AP. Driver capabilities are forced to
non-SME and driver roaming (BSS selection) mode.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Tue, 20 Sep 2016 06:40:05 +0000 (08:40 +0200)]
tests: Add testcase for (reassoc) roam failure due to auth timeout
Add testcase to verify failed roaming attempt due to authentication
timeout blacklists the correct AP. Roaming attempt is performed
with the reassociate command and bssid_set=1. Driver capabilities
are forced to non-SME and driver roaming (BSS selection) mode.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Tue, 20 Sep 2016 06:40:04 +0000 (08:40 +0200)]
Add ignore_auth_resp control interface debug parameter
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Tue, 20 Sep 2016 06:40:03 +0000 (08:40 +0200)]
nl80211: Add driver parameter force_bss_selection
Add driver parameter command to force capability flag
WPA_DRIVER_FLAGS_BSS_SELECTION even if driver states otherwise. This is
mainly for testing purposes.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Mikael Kanstrup [Tue, 20 Sep 2016 06:40:07 +0000 (08:40 +0200)]
Blacklist correct BSSID on authentication timeout
If authentication times out while reassociating to same ESS incorrect
BSSID may end up being blacklisted. Use pending_bssid field on
authentication timeout and deauthentication to ensure the correct AP
gets blacklisted. This is mainly to address cases related to Android
framework roaming behavior.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
tests: Make pmksa_cache_{,opportunistic_}multiple_sta more robust
Clear wpa_supplicant scan cache before starting these test cases since
the ROAM command depends on the correct BSS entry being found.
scan_for_bss() does not enforce that correct entry to be present if
there was an earlier BSS entry with the same BSSID.
This moves the wpa_supplicant debug entries from the end of a test case
using a dynamically added wlan5 interface to the correct test case,
i.e., the test case that added the interface instead of whatever test
case happens to follow this.
Flush the BSS (scan) entries when an interface becomes disabled
When an interface becomes disabled (e.g., when RF-kill becomes blocked)
we should clear the stored scan results to avoid maintaining stale
information.
Fix this by flushing the BSS entries when an interface becomes
disabled.
Define a QCA vendor command to validate encryption engine
This command carries 802.11 header and payload along with key (TK) and
PN for encryption/decryption purpose. Firmware/driver encrypts/decrypts
the given data and sends to userspace as a response to the command. User
space component can validate the data received from the driver to unit
test the hardware's encryption engine.
Denton Gentry [Mon, 15 Aug 2016 04:42:49 +0000 (21:42 -0700)]
taxonomy: Store Probe Request frames in hostapd_sta_info
A weakness in the initial client taxonomy mechanism is from storing both
the Probe and Associate in struct sta_info. struct sta_info is created
after a client associates (or starts authentication frame exchange),
which means that any Probe Request frames sent prior to association are
not retained. The Associate Request frame has to be seen, and then
another Probe Request frame after association, before we have a
signature for the client.
Most clients send lots of Probe Request frames (lots and lots and lots
of Probes, actually), but a few do not. ChromeOS is notably sparing in
sending Probe Request frames, it can take a long time before a signature
for a ChromeOS device is available.
Store the most recent Probe Request frame in struct hostapd_sta_info
tracking list. When a struct sta_info is created, move the Probe Request
frame information from struct hostapd_sta_info to struct sta_info.
Denton Gentry [Mon, 15 Aug 2016 04:42:48 +0000 (21:42 -0700)]
Passive Client Taxonomy
Implement the signature mechanism described in the paper
"Passive Taxonomy of Wifi Clients using MLME Frame Contents"
published by Denton Gentry and Avery Pennarun.
This involves:
1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs
a memory overhead of up to several kilobytes per associated
station.
2. If enabled, store the Probe Request and (Re)Associate Request frame in
struct sta_info.
3. Implement code to extract the ID of each Information Element,
plus selected fields and bitmasks from certain IEs, into a
descriptive text string. This is done in a new source file,
src/ap/taxonomy.c.
4. Implement a "signature qq:rr:ss:tt:uu:vv" command
in hostapd_cli to retrieve the signature.
Previously, struct hostapd_iface sta_seen list head was initialized only
when completing interface setup. This left a window for operation that
could potentially iterate through the list before the list head has been
initialized. While the existing code checked iface->num_sta_seen to
avoid this case, it is much cleaner to initialize the list when struct
hostapd_iface is allocated to avoid any accidental missing of the extra
checks before list iteration.
P2P: Fix D-Bus persistent parameter in group started event on GO
When starting a P2P GO, the struct p2p_go_neg_results may use
persistent_group == 2 to indicate use of persistent reconnect. Setting
ssid->p2p_persistent_group based on this did not take into account this
special case and that ended up in D-Bus code trying to encode 2 as a
DBUS_TYPE_BOOLEAN value which results in an assert from the library. Fix
this by setting ssid->p2p_persistent_group to 0 or 1 instead of raw
params->persistent_group value without any filtering.
This is similar to an earlier fix in commit 112fdee738d28c4e8bfb66ad7202d4348c4e7771 ('P2P: Fix D-Bus persistent
parameter in group started event') that addressed another code path in
sending out this D-Bus signal.
Nick Lowe [Sun, 14 Aug 2016 14:40:11 +0000 (15:40 +0100)]
Remove unused generation of Request Authenticator in Account-Request
Do not generate an unused and invalid Request Authenticator (random
value) when constructing Accounting-Request packets. The correct Request
Authenticator is calculated subsequently in radius_msg_finish_acct()
using MD5(msg + shared secret).
Jonathan Afek [Wed, 13 Jul 2016 17:06:05 +0000 (20:06 +0300)]
tests: Setup wlantest once for qosmap tests
Some tests call the check_qos_map() function more than once. Make sure
each test sets up wlantest only once before the first time the function
is called.
The wlantest setup sets the channel for the wlantest interface and
executes the wlantest executable. It is more efficient to do that only
once for each test.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The second check of device_ap_sme looks like duplicated, but it isn't
actually. The trick is nl80211_create_monitor_interface may change that
variable value and the second evaluation may give a different result.
This definitely isn't a very clear code, but that change caused a
regression for drivers that:
1) Don't report NL80211_ATTR_DEVICE_AP_SME
2) Don't support monitor mode
3) Don't support subscribing for PROBE_REQ and/or ACTION frames
like brcmfmac. With such drivers hostapd doesn't start anymore.
nl80211: Use the monitor interface only without device_ap_sme support
The places using drv->use_monitor were already skipping creation of the
monitor interface if drv->device_ap_sme == 0. This means that the
monitor interface operations would not have worked anyway and it is safe
to set drv->use_monitor to zero for all such cases. This fixes an issue
with management frame subscription not happening properly for the case
where the AP SME is in the driver and the driver supports monitor
interfaces (for other purposes).
This commit also removes the check for monitor support and the
previously used workaround that cleared drv->use_monitor in
drv->device_ap_sme == 1 case if monitor interface was not supported
since that condition cannot occur anymore.
Upon receiving FST Setup Request from some peer on some interface,
search is made to see if same peer is connected on other interface with
specific band_id. With multiple peers, bug in
fst_group_does_iface_appear_in_other_mbies() caused wrong peer address
to be returned sometimes.
Fix this with a modified, simplified search algorithm of peer's "other"
connection.
Lior David [Tue, 6 Sep 2016 13:16:42 +0000 (16:16 +0300)]
Fix mistakes in definition of QCA vendor commands for indoor location
Fix some mistakes in the previous commit for adding QCA vendor commands
for indoor location.
Note: The renamed enum value does not change the ABI, but the addition
of QCA_WLAN_VENDOR_ATTR_FTM_MEAS_INVALID in the beginning of enum
qca_wlan_vendor_attr_ftm_meas does renumber
QCA_WLAN_VENDOR_ATTR_FTM_MEAS_* values. The previous values were
committed yesterday and have not been used in any released code yet, so
this is a justifiable quick fix.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
projects / thirdparty / hostap.git / log
