Matthew Wang [Tue, 4 Feb 2020 01:12:05 +0000 (17:12 -0800)]
Check for FT support when selecting FT suites
A driver supports FT if it either supports SME or the
NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
wpa_supplicant currently doesn't take into account whether or not either
of those conditions are met. This can cause association failures, e.g.,
when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
the driver doesn't support it). This change allows an FT suite to be
selected only when the driver also supports FT.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org>
Jouni Malinen [Mon, 10 Feb 2020 02:59:10 +0000 (04:59 +0200)]
SAE: Special test mode sae_pwe=3 for looping with password identifier
The new sae_pwe=3 mode can be used to test non-compliant behavior with
SAE Password Identifiers. This can be used to force use of
hunting-and-pecking loop for PWE derivation when Password Identifier is
used. This is not allowed by the standard and as such, this
functionality is aimed at compliance testing.
Jouni Malinen [Sat, 8 Feb 2020 01:36:13 +0000 (03:36 +0200)]
SAE: Verify that appropriate Status Code is used in SAE commit (SME)
Previous version accepted both 0 and 126 values in SAE commit message
from the AP. Explicitly check that the value the AP uses matches what
the STA started with to avoid unexpected cases.
Jouni Malinen [Wed, 5 Feb 2020 23:18:58 +0000 (01:18 +0200)]
DPP: Initialize conf_resp_status to non-OK
This avoids unexpected behavior if GAS query fails and the Config
Response does not get processed at all. Previously, this could result in
configuration being assumed to be successful instead of failure when
Config Response object was not received at all. That could result in
undesired Config Result frame transmission with DPP Rel 2 and not
clearing the ongoing DPP session.
Previously, unexpected Authentication Confirm messages were ignored in
cases where no Authentication Confirm message was expected at all, but
if this message was received twice in a state where it was expected, the
duplicated version was also processed. This resulted in unexpected
behavior when authentication result was processed multiple times (e.g.,
two instances of GAS client could have been started).
Fix this by checking auth->waiting_auth_conf before processing
Authetication Confirm. That boolean was already tracked, but it was used
only for other purposes.
Jouni Malinen [Wed, 5 Feb 2020 00:06:27 +0000 (02:06 +0200)]
SAE: Fix peer-commit-scalar reuse check
Only one peer-commit-scalar value was stored for a specific STA (i.e.,
one per MAC address) and that value got replaced when the next SAE
Authentication exchange was started. This ended up breaking the check
against re-use of peer-commit-scalar from an Accepted instance when
anti-clogging token was requested. The first SAE commit message (the one
without anti-clogging token) ended up overwriting the cached
peer-commit-scalar value while leaving that instance in Accepted state.
The second SAE commit message (with anti-clogging token) added ended up
getting rejected if it used the same value again (and re-use is expected
in this particular case where the value was not used in Accepted
instance).
Fix this by using a separate pointer for storing the peer-commit-scalar
value that was used in an Accepted instance. There is no need to
allocate memory for two values, i.e., it is sufficient to maintain
separate pointers to the value and move the stored value to the special
Accepted state pointer when moving to the Accepted state.
This fixes issues where a peer STA ends up running back-to-back SAE
authentication within couple of seconds, i.e., without hostapd timing
out the STA entry for a case where anti-clogging token is required.
Qiwei Cai [Sun, 19 Jan 2020 02:37:26 +0000 (10:37 +0800)]
Use secondary channel provided by ACS for HT40 if valid
Previously, hostapd ignored the secondary channel provided by ACS if
both HT40+ and HT40- are set in hostapd.conf. This change selects such
channel for HT40 if it's valid, which is more reasonable.
Felix Fietkau [Thu, 23 Jan 2020 13:13:33 +0000 (14:13 +0100)]
nl80211: Fix regulatory limits for WMM cwmin/cwmax values
The internal WMM AC parameters use just the exponent of the CW value,
while nl80211 reports the full CW value. This led to completely bogus
CWmin/CWmax values in the WMM IE when a regulatory limit was present.
Fix this by converting the value to the exponent before passing it on.
Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data") Signed-off-by: Felix Fietkau <nbd@nbd.name>
Roy Marples [Wed, 29 Jan 2020 12:11:05 +0000 (12:11 +0000)]
BSD: Fix the maximum size of a route(4) msg to 2048
The size of a single route(4) message cannot be derived from
either the size of the AF_INET or AF_INET6 routing tables.
Both could be empty or very large.
As such revert back to a buffer size of 2048 which mirrors
other programs which parse the routing socket.
Ouden [Thu, 30 Jan 2020 09:08:14 +0000 (17:08 +0800)]
nl80211: Fix send_mlme for SAE external auth
When external authentication is used, the station send mlme frame (auth)
to the driver may not be able to get the frequency (bss->freq) after
hostap.git commit b6f8b5a9 ("nl80211: Update freq only when CSA
completes"). Use the assoc_freq to send the MLME frame when SAE external
authentication is used to avoid this issue.
Jouni Malinen [Thu, 12 Dec 2019 00:28:39 +0000 (02:28 +0200)]
DPP: DPPEnvelopedData generation for Configurator backup
This adds support for generating an encrypted backup of the local
Configurator information for the purpose of enrolling a new
Configurator. This includes all ASN.1 construction and data encryption,
but the configuration and connector template values in
dpp_build_conf_params() are not yet complete.
Jouni Malinen [Thu, 12 Dec 2019 00:28:39 +0000 (02:28 +0200)]
DPP: DPPEnvelopedData parsing for Configurator backup/restore
Process the received DPPEnvelopedData when going through Configurator
provisioning as the Enrollee (the new Configurator). This parses the
message, derives the needed keys, and decrypts the Configurator
parameters. This commit stores the received information in
auth->conf_key_pkg, but the actually use of that information to create a
new Configurator instance will be handled in a separate commit.
Jouni Malinen [Tue, 28 Jan 2020 22:58:33 +0000 (00:58 +0200)]
DPP2: Add Protocol Version attr to Auth Resp only if peer is R2 or newer
There is no need for the Protocol Version attribute in Authentication
Response if the peer is a DPP R1 device since such device would not know
how to use this attribute. To reduce risk for interoperability issues,
add this new attribute only if the peer included it in Authentication
Request.
Krishna Rao [Tue, 14 Jan 2020 12:46:55 +0000 (18:16 +0530)]
Add a vendor attribute for RTPL instance primary frequency
Add an attribute QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY_FREQUENCY for
primary channel center frequency in the definition for Representative
Tx Power List (RTPL) list entry instance. This is required for 6 GHz
support, since the 6 GHz channel numbers overlap with existing 2.4 GHz
and 5 GHz channel numbers thus requiring frequency values to uniquely
identify channels.
Mark QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY as deprecated if both the
driver and user space application support 6 GHz. For backward
compatibility, QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY is still used if
either the driver or user space application or both do not support the
6 GHz band.
Jouni Malinen [Tue, 28 Jan 2020 12:17:52 +0000 (14:17 +0200)]
TLS: Fix bounds checking in certificate policy parser
The recent addition of the X.509v3 certificatePolicies parser had a
copy-paste issue on the inner SEQUENCE parser that ended up using
incorrect length for the remaining buffer. Fix that to calculate the
remaining length properly to avoid reading beyond the end of the buffer
in case of corrupted input data.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20363 Fixes: d165b32f3887 ("TLS: TOD-STRICT and TOD-TOFU certificate policies") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 27 Jan 2020 19:39:54 +0000 (21:39 +0200)]
DPP: Example script for NFC bootstrapping method
This Python script is an example on how nfcpy can be used to drive an
NFC Device to perform DPP bootstrapping operations over DPP (tag with
NFC URI and negotiated connection handover).
Jouni Malinen [Mon, 27 Jan 2020 15:31:10 +0000 (17:31 +0200)]
DPP: Show selected negotiation channel in DPP_BOOTSTRAP_INFO
Make the selected channel available for upper layer software to use,
e.g., when starting DPP listen operation during NFC negotiated
connection handover.
Jouni Malinen [Mon, 27 Jan 2020 15:04:26 +0000 (17:04 +0200)]
DPP: NFC negotiated connection handover
Add new control interface commands "DPP_NFC_HANDOVER_REQ own=<id>
uri=<URI>" and "DPP_NFC_HANDOVER_SEL own=<id> uri=<URI>" to support NFC
negotiated connection handover. These commands are used to report a DPP
URI received from a peer NFC Device in Handover Request and Handover
Select messages. The commands return peer bootstrapping information ID
or FAIL on failure. The returned ID is used similarly to any other
bootstrapping information to initiate DPP authentication.
Jouni Malinen [Mon, 27 Jan 2020 15:04:26 +0000 (17:04 +0200)]
DPP: Helper function for bootstrapping URI generation
The new dpp_gen_uri() helper function can be used to build the
bootstrapping URI from locally stored information. This can be used to
make it easier to update the URI, e.g., for NFC negotiated connection
handover cases.
Jouni Malinen [Sun, 26 Jan 2020 15:04:54 +0000 (17:04 +0200)]
crypto: Allow up to 10 fragments for hmac_sha*_vector()
This increases the limit of how many data fragments can be supported
with the internal HMAC implementation. The previous limit was hit with
some FT use cases.
Jouni Malinen [Sun, 26 Jan 2020 11:28:43 +0000 (13:28 +0200)]
tests: Fix DPP capability checking to avoid failures in non-DPP build
"finally" handler should not trigger a new exception when trying to
clear state for non-DPP builds. In addition, couple of checks for DPP
capability in the build were missing.
Jouni Malinen [Sun, 26 Jan 2020 11:19:09 +0000 (13:19 +0200)]
tests: Check SAE capability in build more consistently
Use a helper function for this and add checks for number of test cases
that were missing this. This gets rid of undesired FAIL results
(converts them to SKIP) for test runs where the station do not support
SAE.
This commit introduces the vendor event
QCA_NL80211_VENDOR_SUBCMD_REQUEST_SAR_LIMITS_EVENT.
Host drivers can request user space application to set SAR power
limits with this event.
Vamsi Krishna [Mon, 13 Jan 2020 12:37:13 +0000 (18:07 +0530)]
Add new QCA vendor attribute to set thermal level
Add a new QCA vendor attribute to set thermal level to the driver from
userspace. The driver/firmware takes actions requested by userspace to
mitigate high temperature such as throttling TX etc. The driver may
choose the level of throttling and other actions for various thermal
levels set by userspace.
Jouni Malinen [Thu, 23 Jan 2020 20:46:51 +0000 (22:46 +0200)]
OWE: PTK derivation workaround in STA mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround=1 network parameter can be used
to enable older behavior mainly for testing purposes. There is no impact
to group 19 behavior, but if enabled, this will make group 20 and 21
cases use SHA256-based PTK derivation which will not work with the
updated OWE implementation on the AP side.
Jouni Malinen [Thu, 23 Jan 2020 18:56:51 +0000 (20:56 +0200)]
OWE: PTK derivation workaround in AP mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround parameter can be used to enable
workaround for interoperability with stations that use SHA256 with
groups 20 and 21. By default, only the appropriate hash function is
accepted. When workaround is enabled (owe_ptk_workaround=1), the
appropriate hash function is tried first and if that fails, SHA256-based
PTK derivation is attempted. This workaround can result in reduced
security for groups 20 and 21, but is required for interoperability with
older implementations. There is no impact to group 19 behavior.
Jouni Malinen [Thu, 23 Jan 2020 18:04:40 +0000 (20:04 +0200)]
OWE: Select KDF hash algorithm based on the length of the prime
Previous implementation was hardcoding use of SHA256 PMK-to-PTK
derivation for all groups. Replace that with hash algorithm selection
based on the length of the prime similarly to the way this was done for
other derivation steps in OWE.
This breaks backwards compatibility when using group 20 or 21; group 19
behavior remains same.
Vamsi Krishna [Mon, 13 Jan 2020 09:29:06 +0000 (14:59 +0530)]
Do not enable HT/VHT for 6 GHz band 20 MHz width channels also
The previous commit had a rebasing issue that ended up covering only the
center_segment0 != 0 case. These were supposed to apply for all 6 GHz
band cases.
Fixes: 0bfc04b8d0f8 ("Do not enable HT/VHT when operating in 6 GHz band") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Vamsi Krishna [Mon, 30 Dec 2019 09:42:12 +0000 (15:12 +0530)]
Enhance get_mode() to return correct hw_mode with 6 GHz support
The 5 GHz channels are stored in one hw_features set with mode
HOSTAPD_MODE_IEEE80211A while the 6 GHz channels will need to be stored
in a separate hw_features set (but with same mode
HOSTAPD_MODE_IEEE80211A) due to possibility of different HT/VHT/HE
capabilities being available between the 5 GHz and 6 GHz bands.
Iterate through all hw_features sets and check and match the band of
channel supported by the hw_features set while getting the hw_features
set in get_mode(). This allows both the 5 GHz and 6 GHz channels to be
found and correct capabilities to be used in cases where the driver
reports different capability values between 5 and 6 GHz channels.
Jouni Malinen [Tue, 21 Jan 2020 11:22:57 +0000 (13:22 +0200)]
tests: Allow more time for sigma_dut sta_associate commands
The previously used timeout of two seconds did not allow more than a
single scan attempt and that could fail every now and then. Make these
more robust by increasing the timeout to 10 seconds which allows another
scan attempt to be completed similarly to the most non-sigma_dut test
cases.
Jouni Malinen [Mon, 20 Jan 2020 18:27:06 +0000 (20:27 +0200)]
SAE: Use Anti-Clogging Token Container element with H2E
IEEE P802.11-REVmd was modified to use a container IE for anti-clogging
token whenver H2E is used so that parsing of the SAE Authentication
frames can be simplified.
See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx
Jouni Malinen [Tue, 21 Jan 2020 10:57:07 +0000 (12:57 +0200)]
tests: Remove mesh SAE Password Identifier test cases for now
IEEE P802.11-REVmd was modified to require H2E to be used whenever
Password Identifier is used with SAE. Since wpa_supplicant and mac80211
do not yet support SAE H2E in mesh, Password Identifier cannot be used
in mesh cases. Remove the test cases that verified this behavior for now
to allow H2E to be required per updated REVmd definition. These test
cases will be restored once H2E is fully functionality in mesh cases.
Jouni Malinen [Mon, 20 Jan 2020 18:23:48 +0000 (20:23 +0200)]
SAE H2E: Check H2E-only BSS membership selector only if SAE is enabled
This BSS membership selector has impact only for SAE functionality, so
ignore it when configured not to use SAE. This allows WPA-PSK connection
to and AP that advertises WPA-PSK and SAE while requiring H2E for SAE.
Johannes Berg [Wed, 15 Jan 2020 11:48:43 +0000 (12:48 +0100)]
tests: parallel-vm: allow running without curses
Allow running without curses, in which case the log is simply written to
stdout instead of a file. This is useful for automated (but parallel)
testing. Note that in most cases, you'd want to specify --debug, and so
I added a .rstrip() there on the lines to clean that up a bit.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Hai Shalom [Fri, 27 Dec 2019 17:44:49 +0000 (09:44 -0800)]
EAP-SIM/AKA peer: Add support for EAP Method prefix
Add support for EAP method prefix in the anonymous identity
used during EAP-SIM/AKA/AKA' authentication when encrypted IMSI
is used. The prefix is a single character that indicates which
EAP method is required by the client.
Jouni Malinen [Thu, 9 Jan 2020 22:19:27 +0000 (00:19 +0200)]
tests: Call stop_sigma_dut() in more failure cases
Some of the sigma_dut test cases were not yet using try/finally to
ensure stop_sigma_dut() gets called. That could result in not logging
all failure reasons in the log and getting stuck with being unable to
start new sigma_dut processes after failed test cases.
Vamsi Krishna [Tue, 24 Dec 2019 12:01:39 +0000 (17:31 +0530)]
ACS: Populate channel config from external ACS per documented behavior
Based on the now documented seg0/seg1 values from offloaded ACS, there
is a mismatch between the driver interface and internal hostapd use.
The value of segment0 field in ACS results is the index of the channel
center frequency for 20 MHz, 40 MHz, and 80M Hz channels. The value is
the center frequency index of the primary 80 MHz segment for 160 MHz and
80+80 MHz channels.
The value of segment1 field in ACS results is zero for 20 MHz, 40 MHz,
and 80 MHz channels. The value is the index of the channel center
frequency for 160 MHz channels and the center frequency index of the
secondary 80 MHz segment for 80+80 MHz channels.
However, in struct hostapd_config, for 160 MHz channels, the value of
the segment0 field is the index of the channel center frequency of 160
MHz channel and the value of the segment1 field is zero. Map the values
from ACS event into hostapd_config fields accordingly.
Vamsi Krishna [Tue, 24 Dec 2019 12:46:37 +0000 (18:16 +0530)]
ACS: Update documentation of external ACS results event parameters
Update the documentation with values to be sent for seg0 and seg1 fields
in external ACS result event for 20 MHz, 40 MHz, 80 MHz, 160 MHz, and
80+80 MHz channels. These values match the changes done to definitions
of seg0 and seg1 fields in the IEEE 802.11 standard.
This vendor command had not previously been documented in this level of
detail and had not actually been used for the only case that could have
two different interpretation (160 MHz) based on which version of IEEE
802.11 standard is used.
Vamsi Krishna [Tue, 24 Dec 2019 12:02:29 +0000 (17:32 +0530)]
6 GHz: Fix Channel Width value for 80+80 in 6 GHZ Operation Info field
The Channel Width field value is 0 for 20 MHz, 1 for 40 MHz, 2 for 80
MHz, and 3 for both 160 MHz and 80+80 MHz channels. The 80+80 MHz case
was not addressed previously correctly since it cannot be derived from
seg0 only.
The Channel Center Frequency Segment 0 field value is the index of
channel center frequency for 20 MHz, 40 MHz, and 80 MHz channels. The
value is the center frequency index of the primary 80 MHz segment for
160 MHz and 80+80 MHz channels.
The Channel Center Frequency Segment 1 field value is zero for 20 MHz,
40 MHz, and 80 MHz channels. The value is the index of the channel
center frequency for 160 MHz channel and the center frequency index of
the secondary 80 MHz segment for 80+80 MHz channels.