Jouni Malinen [Sat, 11 Mar 2017 23:26:43 +0000 (01:26 +0200)]
OWE: Process Diffie-Hellman Parameter element in AP mode
This adds AP side processing for OWE Diffie-Hellman Parameter element in
(Re)Association Request frame and adding it in (Re)Association Response
frame.
Jouni Malinen [Sat, 11 Mar 2017 20:38:47 +0000 (22:38 +0200)]
Extend hmac_sha256_kdf() to support HKDF-Expand() as defined in RFC 5869
The KDF define in RFC 5295 is very similar to HKDF-Expand() defined in
RFC 5869. Allow a NULL label to be used to select the RFC 5869 version
with arbitrary seed (info in RFC 5869) material without forcing the
label and NULL termination to be included. HKDF-Expand() will be needed
for OWE.
Johannes Berg [Tue, 7 Mar 2017 16:20:59 +0000 (18:20 +0200)]
wpa_supplicant: Allow disabling HT in AP mode without HT overrides
Since VHT can be toggled explicitly, also expose being able to disable
HT explicitly, without requiring HT overrides. Continue making it
default to enabled though.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 7 Mar 2017 16:20:58 +0000 (18:20 +0200)]
tests: add wpa_supplicant 80 MHz VHT network test
Add a test for the configuration knobs exposed in the previous
patch; more precisely, add a test that creates an 80 MHz VHT
network through wpa_supplicant (without P2P).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jörg Krause [Thu, 9 Mar 2017 09:59:48 +0000 (10:59 +0100)]
WPS: Notify about WPS PBC event in Enrollee mode
Previously, the event "WPS-PBC-ACTIVE" was only generated when
wpa_supplicant is operating as WPS Registrar whereas "WPS-SUCCESS" or
"WPS-TIMEOUT" are generated for both, the Registrar and the Enrollee
roles.
Also generate the event when wpa_supplicant is operating as WPS Enrollee
to allow monitoring the begin and the end of a WPS PBC process.
Johannes Berg [Wed, 8 Mar 2017 20:41:17 +0000 (21:41 +0100)]
wpa_supplicant: events: Don't bounce timeout reason through a buffer
There's no point in making the code use a stack buffer and first copying
the string there, only to copy it again to the output. Make the output
directly use the reason string.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Avraham Stern [Wed, 8 Mar 2017 12:37:40 +0000 (14:37 +0200)]
WNM: Add option to configure candidates for BTM query candidate list
Add a mechanism to configure the candidates for BTM query candidate list
manually. This can be used to verify AP behavior for various candidates
preferences.
Avraham Stern [Wed, 8 Mar 2017 12:37:38 +0000 (14:37 +0200)]
WNM: Use a dynamically allocated buffer for BTM query and response
BSS transition management query and response use a large static buffer
for the frame because the candidate list may require a lot of space.
However, in most cases the actually used space will be much less than
the buffer (since the candidate list is short or completely missing).
Use a dynamically allocated buffer instead and allocate it according
to the actual space needed.
While at it, remove unneeded filling of the MAC header in the Action
frames, since this gets ignored and wpa_drv_send_action() adds the MAC
header anyway.
Jouni Malinen [Fri, 10 Mar 2017 16:57:12 +0000 (18:57 +0200)]
MBO: Parse MBO ANQP-element on STA
This extends the GAS/ANQP parser in wpa_supplicant to process MBO
ANQP-elements and indicate received Cellular Data Connection Preference
values over the control interface.
When a valid MBO ANQP-element is received, the following control
interface message is sent:
Jouni Malinen [Fri, 10 Mar 2017 16:33:51 +0000 (18:33 +0200)]
MBO: Add MBO ANQP-element processing on AP
This extends the GAS server to process MBO ANQP-elements and reply to a
query for the Cellular Data Connection Preference (if configured). The
new configuration parameter mbo_cell_data_conn_pref can be used to set
the value (0, 1, or 255) for the preference to indicate.
Jouni Malinen [Fri, 10 Mar 2017 15:02:22 +0000 (17:02 +0200)]
ANQP: Extend ANQP_GET command to request without IEEE 802.11 elements
Previously, ANQP_GET required at least one IEEE 802.11 ANQP-element to
be requested. This is not really necessary, so allow a case where
num_ids == 0 as long as the request includes at least one Hotspot 2.0 or
MBO ANQP-element.
Avraham Stern [Thu, 9 Mar 2017 13:19:58 +0000 (15:19 +0200)]
MBO: Add option to add MBO query list to ANQP query
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.
Add API to add the MBO Query List to an ANQP query.
As FCC DFS requirement does not explicitly mention about the validity of
the (pre-)CAC when channel is switched, it is safe to assume that the
pre-CAC result will not be valid once the CAC completed channel is
switched or radar detection is not active on the (CAC completed) channel
within a time period which is allowed (10 seconds - channel switch time)
as per FCC DFS requirement.
Use the new driver event to allow the driver to notify expiry of the CAC
result on a channel. Move the DFS state of the channel to 'usable' when
processing pre-CAC expired event. This means any future operation on
that channel will require a new CAC to be completed. This event is
applicable only when DFS is not offloaded to the kernel driver.
When DFS channel state is shared across multiple radios on the system it
is possible that a CAC completion event is propagated from other radio
to us. When in enabled state, do not proceed with setup completion upon
processing CAC completion event with devices where DFS is not offloaded,
when in state other than enabled make sure the configured DFS channel is
in available state before start the AP.
nl80211: Add option to delay start of schedule scan plans
The userspace may want to delay the the first scheduled scan.
This enhances sched_scan to add initial delay (in seconds) before
starting first scan cycle. The driver may optionally choose to
ignore this parameter and start immediately (or at any other time).
This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user
global configurable option: sched_scan_start_delay.
Jouni Malinen [Wed, 8 Mar 2017 14:16:37 +0000 (16:16 +0200)]
RRM: Fix wpas_rrm_send_msr_report() loop handling
The while (len) loop was updating the next pointer at the end even when
len == 0, i.e., when the new next value won't be used. This could result
in reading one octet beyond the end of the allocated response wpabuf.
While the read value is not really used in practice, this is not correct
behavior, so fix this by skipping the unnecessary next pointer update in
len == 0 case.
Avraham Stern [Wed, 8 Mar 2017 12:31:49 +0000 (14:31 +0200)]
RRM: Use dynamically allocated buffer for beacon report
The maximum required size for each Beacon Report element is known in
advance: it is the size of the Beacon Report element fixed fields + the
size of the Reported Frame Body subelement.
Allocate the buffer used for constructing the Beacon Report element
dynamically with the maximum needed size, instead of using a very
large static buffer.
Jouni Malinen [Tue, 7 Mar 2017 16:13:05 +0000 (18:13 +0200)]
tests: Fix authsrv_errors_1 and authsrv_errors_3 when running on host
Use a non-existing directory in the path to avoid SQLite from being able
to create a new database file. The previous design worked in the VM case
due to the host file system being read-only, but a bit more is needed
for the case when this is running on the host.
Johannes Berg [Tue, 7 Mar 2017 09:17:23 +0000 (10:17 +0100)]
Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.
The mechanical conversions all over the code were done with
the following spatch:
MBO: Add support for transition reject reason code
Add support for rejecting a BSS transition request using MBO reject
reason codes. A candidate is selected or rejected based on whether it is
found acceptable by both wpa_supplicant and the driver. Also accept any
candidate meeting a certain threshold if disassoc imminent is set in BTM
Request frame.
nl80211: Driver command for checking BTM accept/reject
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.
Avraham Stern [Mon, 6 Mar 2017 11:30:38 +0000 (13:30 +0200)]
tests: Make beacon report tests remote compatible
Use the new hostapd.add_ap() API (i.e., pass the ap device as a
parameter instead of the interface name) in beacon report tests to
make them remote compatible, and mark them appropriately.
Jouni Malinen [Mon, 6 Mar 2017 21:53:33 +0000 (23:53 +0200)]
tests: Make wnm_bss_tm_req a bit more efficient and robust
Use a local variable for the STA address instead of fetching it
separately for each operation. Dump control interface monitor events
between each test message to avoid increasing the socket output queue
unnecessarily.
Jouni Malinen [Sun, 5 Mar 2017 14:16:42 +0000 (16:16 +0200)]
RADIUS server: Fix error paths in new session creation
radius_server_session_free() does not remove the session from the
session list and these radius_server_get_new_session() error paths ended
up leaving a pointer to freed memory into the session list. This
resulted in the following operations failing due to use of freed memory.
Fix this by using radius_server_session_remove() which removes the entry
from the list in addition to calling radius_server_session_free().
Jouni Malinen [Sat, 4 Mar 2017 09:42:15 +0000 (11:42 +0200)]
Fix DHCP/NDISC snoop deinit followed by failing re-init
It was possible to hit a double-free on the l2_packet socket if
initialization of DHCP/NDISC snoop failed on a hostapd interface that
had previously had those enabled successfully. Fix this by clearing the
l2_packet pointers during deinit.
Hu Wang [Wed, 1 Mar 2017 14:39:30 +0000 (16:39 +0200)]
Clear scan_res_handler on no-retry failure
Previously it was possible for wpa_s->scan_res_handler to remain set to
its old value in case wpa_drv_scan() failed and no retry for the scan
trigger was scheduled (i.e., when last_scan_req == MANUAL_SCAN_REQ).
This could result in getting stuck with the next connection attempt
after a failed "SCAN TYPE=ONLY" operation when wpa_s->scan_res_handler
was set to scan_only_handler().
Fix this by clearing wpa_s->scan_res_handler if wpa_drv_scan() fails and
no retry is scheduled.
Gaole Zhang [Wed, 1 Mar 2017 07:56:32 +0000 (15:56 +0800)]
QCA nl80211 vendor attribute for specific sub-20 MHz channel width
Define a new attribute QCA_WLAN_VENDOR_ATTR_CONFIG_SUB20_CHAN_WIDTH.
This attribute can set a station device to work in 5 or 10 MHz channel
width while in disconnect state.
Jouni Malinen [Wed, 1 Mar 2017 09:25:49 +0000 (11:25 +0200)]
tests: WNM BSS TM with explicit Table E-4 indication
wnm_bss_tm_global uses an unknown country code to use Table E-4. Extend
that with otherwise identical test case wnm_bss_tm_global4, but with the
country string explicitly indicating use of Table E-4 while using a
known country code.
Jouni Malinen [Wed, 1 Mar 2017 08:58:15 +0000 (10:58 +0200)]
Make the third octet of Country String configurable
The new hostapd.conf parameter country3 can now be used to configure the
third octet of the Country String that was previously hardcoded to ' '
(= 0x20).
For example:
All environments of the current frequency band and country (default)
country3=0x20
Outdoor environment only
country3=0x4f
Indoor environment only
country3=0x49
Noncountry entity (country_code=XX)
country3=0x58
IEEE 802.11 standard Annex E table indication: 0x01 .. 0x1f
Annex E, Table E-4 (Global operating classes)
country3=0x04
Jouni Malinen [Mon, 27 Feb 2017 22:03:48 +0000 (00:03 +0200)]
tests: Fix EAPOL frame source address in protocol tests
The send_eapol() calls for delivering frames to wpa_supplicant had a
copy-paste bug from the earlier hostapd cases. These were supposed to
use the BSSID, not the address of the station, as the source address.
The local address worked for most cases since it was practically
ignored, but this could prevent the race condition workaround for
association event from working. Fix this by using the correct source
address (BSSID).
Jouni Malinen [Sun, 26 Feb 2017 23:10:02 +0000 (01:10 +0200)]
af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)
CONFIG_TLS=linux can now be used to select the crypto implementation
that uses the user space socket interface (AF_ALG) for the Linux kernel
crypto implementation. This commit includes some of the cipher, hash,
and HMAC functions. The functions that are not available through AF_ALG
(e.g., the actual TLS implementation) use the internal implementation
(CONFIG_TLS=internal).
Ashwini Patil [Fri, 24 Feb 2017 08:01:54 +0000 (13:31 +0530)]
MBO: Fix minimum length check on non_pref_chan configuration
The reason detail field in non_pref_chan attribute was removed
from MBO draft v0.0_r25. Also oper_class can be 1 character for
few country codes (e.g., country code-UK, channel number-1). So the
shortest channel configuration is 7 characters.
This was missed in the earlier commit 4a83d4b6861f6627b6b256b8c126547a19409a70 ('MBO: Do not add reason_detail
in non_pref_chan attr (STA)') that took care of other changes related to
removal of the reason detail.
Peng Xu [Wed, 22 Feb 2017 22:05:35 +0000 (14:05 -0800)]
hostapd: Get channel number from frequency based on other modes as well
When getting the channel number from a frequency, all supported modes
should be checked rather than just the current mode. This is needed when
hostapd switches to a channel in different band.
Jouni Malinen [Sun, 26 Feb 2017 10:18:29 +0000 (12:18 +0200)]
FILS: Fix fils_hlp.c build with older netinet/udp.h definitions
The __FAVOR_BSD macro was previously used in netinet/udp.h to select
between two different names of the variables in struct udphdr. Define
that to force the versions with the uh_ prefix. In addition, use the
same style consistently within fils_hlp.c.
Jouni Malinen [Sun, 26 Feb 2017 10:02:21 +0000 (12:02 +0200)]
Fix AES-SIV build dependencies
aes-siv.c needs functions from aes-ctr.c and aes-omac1.c, so set
NEED_AES_CTR=y and NEED_AES_OMAC1=y if NEED_AES_SIV is defined. This
fixes some build configuration combinations where either of those
dependencies were not pulled in through other parameters. For example,
some CONFIG_FILS=y cases were impacted.
Jouni Malinen [Sat, 25 Feb 2017 17:15:24 +0000 (19:15 +0200)]
Fix SELECT_NETWORK freq parameter
This functionality was originally added in commit 204c9ac4eed9f0ad69497f2efcd0d095dfd6e61c ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit 35d403096eb63c787bd736dd8ba0902c34398fa8 ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.
Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.
Jouni Malinen [Wed, 22 Feb 2017 22:03:00 +0000 (00:03 +0200)]
Add option to disable broadcast deauth in hostapd on AP start/stop
The new broadcast_deauth parameter can be used to disable sending of the
Deauthentication frame whenever AP is started or stopped. The default
behavior remains identical to the past behavior (broadcast_deauth=1).
Jouni Malinen [Wed, 22 Feb 2017 22:19:10 +0000 (00:19 +0200)]
hostapd: Fix potential mesh-related change from impacting non-mesh cases
Commit 01e2231fdc4fbec61fbc382238e3606a1d2826e4 ('hostapd: Skip some
configuration steps for mesh cases') removed some operations based on
hapd->iface->mconf being NULL. This was within #ifdef CONFIG_MESH, so it
should not impact hostapd, but it can impact AP mode with
wpa_supplicant. That does not sound intentional, so make these
conditional on hapd->conf->mesh being enabled.
Jouni Malinen [Tue, 21 Feb 2017 10:49:16 +0000 (12:49 +0200)]
SME: Clear portValid on starting authentication to fix FILS
The ft_completed for FILS authentication case in
wpa_supplicant_event_assoc() depends on something having cleared
portValid so that setting it TRUE ends up authorizing the port. This
clearing part did not happen when using FILS authentication during a
reassociation within an ESS. Fix this by clearing portValid in
sme_send_authentication() just before the keys are cleared (i.e., the
old connection would not be usable anyway).
Jouni Malinen [Tue, 21 Feb 2017 10:25:02 +0000 (12:25 +0200)]
FILS: Fix BSSID in reassociation case
The RSN supplicant implementation needs to be updated to use the new
BSSID whenever doing FILS authentication. Previously, this was only done
when notifying association and that was too late for the case of
reassociation. Fix this by providing the new BSSID when calling
fils_process_auth(). This makes PTK derivation use the correct BSSID.
Jouni Malinen [Tue, 21 Feb 2017 10:18:58 +0000 (12:18 +0200)]
FILS: Find PMKSA cache entries on AP based on FILS Cache Identifier
This allows PMKSA cache entries to be shared between all the BSSs
operated by the same hostapd process when those BSSs use the same FILS
Cache Identifier value.