Jouni Malinen [Wed, 5 Feb 2020 23:18:58 +0000 (01:18 +0200)]
DPP: Initialize conf_resp_status to non-OK
This avoids unexpected behavior if GAS query fails and the Config
Response does not get processed at all. Previously, this could result in
configuration being assumed to be successful instead of failure when
Config Response object was not received at all. That could result in
undesired Config Result frame transmission with DPP Rel 2 and not
clearing the ongoing DPP session.
Previously, unexpected Authentication Confirm messages were ignored in
cases where no Authentication Confirm message was expected at all, but
if this message was received twice in a state where it was expected, the
duplicated version was also processed. This resulted in unexpected
behavior when authentication result was processed multiple times (e.g.,
two instances of GAS client could have been started).
Fix this by checking auth->waiting_auth_conf before processing
Authetication Confirm. That boolean was already tracked, but it was used
only for other purposes.
Jouni Malinen [Wed, 5 Feb 2020 00:06:27 +0000 (02:06 +0200)]
SAE: Fix peer-commit-scalar reuse check
Only one peer-commit-scalar value was stored for a specific STA (i.e.,
one per MAC address) and that value got replaced when the next SAE
Authentication exchange was started. This ended up breaking the check
against re-use of peer-commit-scalar from an Accepted instance when
anti-clogging token was requested. The first SAE commit message (the one
without anti-clogging token) ended up overwriting the cached
peer-commit-scalar value while leaving that instance in Accepted state.
The second SAE commit message (with anti-clogging token) added ended up
getting rejected if it used the same value again (and re-use is expected
in this particular case where the value was not used in Accepted
instance).
Fix this by using a separate pointer for storing the peer-commit-scalar
value that was used in an Accepted instance. There is no need to
allocate memory for two values, i.e., it is sufficient to maintain
separate pointers to the value and move the stored value to the special
Accepted state pointer when moving to the Accepted state.
This fixes issues where a peer STA ends up running back-to-back SAE
authentication within couple of seconds, i.e., without hostapd timing
out the STA entry for a case where anti-clogging token is required.
Qiwei Cai [Sun, 19 Jan 2020 02:37:26 +0000 (10:37 +0800)]
Use secondary channel provided by ACS for HT40 if valid
Previously, hostapd ignored the secondary channel provided by ACS if
both HT40+ and HT40- are set in hostapd.conf. This change selects such
channel for HT40 if it's valid, which is more reasonable.
Felix Fietkau [Thu, 23 Jan 2020 13:13:33 +0000 (14:13 +0100)]
nl80211: Fix regulatory limits for WMM cwmin/cwmax values
The internal WMM AC parameters use just the exponent of the CW value,
while nl80211 reports the full CW value. This led to completely bogus
CWmin/CWmax values in the WMM IE when a regulatory limit was present.
Fix this by converting the value to the exponent before passing it on.
Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data") Signed-off-by: Felix Fietkau <nbd@nbd.name>
Roy Marples [Wed, 29 Jan 2020 12:11:05 +0000 (12:11 +0000)]
BSD: Fix the maximum size of a route(4) msg to 2048
The size of a single route(4) message cannot be derived from
either the size of the AF_INET or AF_INET6 routing tables.
Both could be empty or very large.
As such revert back to a buffer size of 2048 which mirrors
other programs which parse the routing socket.
Ouden [Thu, 30 Jan 2020 09:08:14 +0000 (17:08 +0800)]
nl80211: Fix send_mlme for SAE external auth
When external authentication is used, the station send mlme frame (auth)
to the driver may not be able to get the frequency (bss->freq) after
hostap.git commit b6f8b5a9 ("nl80211: Update freq only when CSA
completes"). Use the assoc_freq to send the MLME frame when SAE external
authentication is used to avoid this issue.
Jouni Malinen [Thu, 12 Dec 2019 00:28:39 +0000 (02:28 +0200)]
DPP: DPPEnvelopedData generation for Configurator backup
This adds support for generating an encrypted backup of the local
Configurator information for the purpose of enrolling a new
Configurator. This includes all ASN.1 construction and data encryption,
but the configuration and connector template values in
dpp_build_conf_params() are not yet complete.
Jouni Malinen [Thu, 12 Dec 2019 00:28:39 +0000 (02:28 +0200)]
DPP: DPPEnvelopedData parsing for Configurator backup/restore
Process the received DPPEnvelopedData when going through Configurator
provisioning as the Enrollee (the new Configurator). This parses the
message, derives the needed keys, and decrypts the Configurator
parameters. This commit stores the received information in
auth->conf_key_pkg, but the actually use of that information to create a
new Configurator instance will be handled in a separate commit.
Jouni Malinen [Tue, 28 Jan 2020 22:58:33 +0000 (00:58 +0200)]
DPP2: Add Protocol Version attr to Auth Resp only if peer is R2 or newer
There is no need for the Protocol Version attribute in Authentication
Response if the peer is a DPP R1 device since such device would not know
how to use this attribute. To reduce risk for interoperability issues,
add this new attribute only if the peer included it in Authentication
Request.
Krishna Rao [Tue, 14 Jan 2020 12:46:55 +0000 (18:16 +0530)]
Add a vendor attribute for RTPL instance primary frequency
Add an attribute QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY_FREQUENCY for
primary channel center frequency in the definition for Representative
Tx Power List (RTPL) list entry instance. This is required for 6 GHz
support, since the 6 GHz channel numbers overlap with existing 2.4 GHz
and 5 GHz channel numbers thus requiring frequency values to uniquely
identify channels.
Mark QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY as deprecated if both the
driver and user space application support 6 GHz. For backward
compatibility, QCA_WLAN_VENDOR_ATTR_RTPLINST_PRIMARY is still used if
either the driver or user space application or both do not support the
6 GHz band.
Jouni Malinen [Tue, 28 Jan 2020 12:17:52 +0000 (14:17 +0200)]
TLS: Fix bounds checking in certificate policy parser
The recent addition of the X.509v3 certificatePolicies parser had a
copy-paste issue on the inner SEQUENCE parser that ended up using
incorrect length for the remaining buffer. Fix that to calculate the
remaining length properly to avoid reading beyond the end of the buffer
in case of corrupted input data.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20363 Fixes: d165b32f3887 ("TLS: TOD-STRICT and TOD-TOFU certificate policies") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 27 Jan 2020 19:39:54 +0000 (21:39 +0200)]
DPP: Example script for NFC bootstrapping method
This Python script is an example on how nfcpy can be used to drive an
NFC Device to perform DPP bootstrapping operations over DPP (tag with
NFC URI and negotiated connection handover).
Jouni Malinen [Mon, 27 Jan 2020 15:31:10 +0000 (17:31 +0200)]
DPP: Show selected negotiation channel in DPP_BOOTSTRAP_INFO
Make the selected channel available for upper layer software to use,
e.g., when starting DPP listen operation during NFC negotiated
connection handover.
Jouni Malinen [Mon, 27 Jan 2020 15:04:26 +0000 (17:04 +0200)]
DPP: NFC negotiated connection handover
Add new control interface commands "DPP_NFC_HANDOVER_REQ own=<id>
uri=<URI>" and "DPP_NFC_HANDOVER_SEL own=<id> uri=<URI>" to support NFC
negotiated connection handover. These commands are used to report a DPP
URI received from a peer NFC Device in Handover Request and Handover
Select messages. The commands return peer bootstrapping information ID
or FAIL on failure. The returned ID is used similarly to any other
bootstrapping information to initiate DPP authentication.
Jouni Malinen [Mon, 27 Jan 2020 15:04:26 +0000 (17:04 +0200)]
DPP: Helper function for bootstrapping URI generation
The new dpp_gen_uri() helper function can be used to build the
bootstrapping URI from locally stored information. This can be used to
make it easier to update the URI, e.g., for NFC negotiated connection
handover cases.
Jouni Malinen [Sun, 26 Jan 2020 15:04:54 +0000 (17:04 +0200)]
crypto: Allow up to 10 fragments for hmac_sha*_vector()
This increases the limit of how many data fragments can be supported
with the internal HMAC implementation. The previous limit was hit with
some FT use cases.
Jouni Malinen [Sun, 26 Jan 2020 11:28:43 +0000 (13:28 +0200)]
tests: Fix DPP capability checking to avoid failures in non-DPP build
"finally" handler should not trigger a new exception when trying to
clear state for non-DPP builds. In addition, couple of checks for DPP
capability in the build were missing.
Jouni Malinen [Sun, 26 Jan 2020 11:19:09 +0000 (13:19 +0200)]
tests: Check SAE capability in build more consistently
Use a helper function for this and add checks for number of test cases
that were missing this. This gets rid of undesired FAIL results
(converts them to SKIP) for test runs where the station do not support
SAE.
This commit introduces the vendor event
QCA_NL80211_VENDOR_SUBCMD_REQUEST_SAR_LIMITS_EVENT.
Host drivers can request user space application to set SAR power
limits with this event.
Vamsi Krishna [Mon, 13 Jan 2020 12:37:13 +0000 (18:07 +0530)]
Add new QCA vendor attribute to set thermal level
Add a new QCA vendor attribute to set thermal level to the driver from
userspace. The driver/firmware takes actions requested by userspace to
mitigate high temperature such as throttling TX etc. The driver may
choose the level of throttling and other actions for various thermal
levels set by userspace.
Jouni Malinen [Thu, 23 Jan 2020 20:46:51 +0000 (22:46 +0200)]
OWE: PTK derivation workaround in STA mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround=1 network parameter can be used
to enable older behavior mainly for testing purposes. There is no impact
to group 19 behavior, but if enabled, this will make group 20 and 21
cases use SHA256-based PTK derivation which will not work with the
updated OWE implementation on the AP side.
Jouni Malinen [Thu, 23 Jan 2020 18:56:51 +0000 (20:56 +0200)]
OWE: PTK derivation workaround in AP mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround parameter can be used to enable
workaround for interoperability with stations that use SHA256 with
groups 20 and 21. By default, only the appropriate hash function is
accepted. When workaround is enabled (owe_ptk_workaround=1), the
appropriate hash function is tried first and if that fails, SHA256-based
PTK derivation is attempted. This workaround can result in reduced
security for groups 20 and 21, but is required for interoperability with
older implementations. There is no impact to group 19 behavior.
Jouni Malinen [Thu, 23 Jan 2020 18:04:40 +0000 (20:04 +0200)]
OWE: Select KDF hash algorithm based on the length of the prime
Previous implementation was hardcoding use of SHA256 PMK-to-PTK
derivation for all groups. Replace that with hash algorithm selection
based on the length of the prime similarly to the way this was done for
other derivation steps in OWE.
This breaks backwards compatibility when using group 20 or 21; group 19
behavior remains same.
Vamsi Krishna [Mon, 13 Jan 2020 09:29:06 +0000 (14:59 +0530)]
Do not enable HT/VHT for 6 GHz band 20 MHz width channels also
The previous commit had a rebasing issue that ended up covering only the
center_segment0 != 0 case. These were supposed to apply for all 6 GHz
band cases.
Fixes: 0bfc04b8d0f8 ("Do not enable HT/VHT when operating in 6 GHz band") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Vamsi Krishna [Mon, 30 Dec 2019 09:42:12 +0000 (15:12 +0530)]
Enhance get_mode() to return correct hw_mode with 6 GHz support
The 5 GHz channels are stored in one hw_features set with mode
HOSTAPD_MODE_IEEE80211A while the 6 GHz channels will need to be stored
in a separate hw_features set (but with same mode
HOSTAPD_MODE_IEEE80211A) due to possibility of different HT/VHT/HE
capabilities being available between the 5 GHz and 6 GHz bands.
Iterate through all hw_features sets and check and match the band of
channel supported by the hw_features set while getting the hw_features
set in get_mode(). This allows both the 5 GHz and 6 GHz channels to be
found and correct capabilities to be used in cases where the driver
reports different capability values between 5 and 6 GHz channels.
Jouni Malinen [Tue, 21 Jan 2020 11:22:57 +0000 (13:22 +0200)]
tests: Allow more time for sigma_dut sta_associate commands
The previously used timeout of two seconds did not allow more than a
single scan attempt and that could fail every now and then. Make these
more robust by increasing the timeout to 10 seconds which allows another
scan attempt to be completed similarly to the most non-sigma_dut test
cases.
Jouni Malinen [Mon, 20 Jan 2020 18:27:06 +0000 (20:27 +0200)]
SAE: Use Anti-Clogging Token Container element with H2E
IEEE P802.11-REVmd was modified to use a container IE for anti-clogging
token whenver H2E is used so that parsing of the SAE Authentication
frames can be simplified.
See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx
Jouni Malinen [Tue, 21 Jan 2020 10:57:07 +0000 (12:57 +0200)]
tests: Remove mesh SAE Password Identifier test cases for now
IEEE P802.11-REVmd was modified to require H2E to be used whenever
Password Identifier is used with SAE. Since wpa_supplicant and mac80211
do not yet support SAE H2E in mesh, Password Identifier cannot be used
in mesh cases. Remove the test cases that verified this behavior for now
to allow H2E to be required per updated REVmd definition. These test
cases will be restored once H2E is fully functionality in mesh cases.
Jouni Malinen [Mon, 20 Jan 2020 18:23:48 +0000 (20:23 +0200)]
SAE H2E: Check H2E-only BSS membership selector only if SAE is enabled
This BSS membership selector has impact only for SAE functionality, so
ignore it when configured not to use SAE. This allows WPA-PSK connection
to and AP that advertises WPA-PSK and SAE while requiring H2E for SAE.
Johannes Berg [Wed, 15 Jan 2020 11:48:43 +0000 (12:48 +0100)]
tests: parallel-vm: allow running without curses
Allow running without curses, in which case the log is simply written to
stdout instead of a file. This is useful for automated (but parallel)
testing. Note that in most cases, you'd want to specify --debug, and so
I added a .rstrip() there on the lines to clean that up a bit.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Hai Shalom [Fri, 27 Dec 2019 17:44:49 +0000 (09:44 -0800)]
EAP-SIM/AKA peer: Add support for EAP Method prefix
Add support for EAP method prefix in the anonymous identity
used during EAP-SIM/AKA/AKA' authentication when encrypted IMSI
is used. The prefix is a single character that indicates which
EAP method is required by the client.
Jouni Malinen [Thu, 9 Jan 2020 22:19:27 +0000 (00:19 +0200)]
tests: Call stop_sigma_dut() in more failure cases
Some of the sigma_dut test cases were not yet using try/finally to
ensure stop_sigma_dut() gets called. That could result in not logging
all failure reasons in the log and getting stuck with being unable to
start new sigma_dut processes after failed test cases.
Vamsi Krishna [Tue, 24 Dec 2019 12:01:39 +0000 (17:31 +0530)]
ACS: Populate channel config from external ACS per documented behavior
Based on the now documented seg0/seg1 values from offloaded ACS, there
is a mismatch between the driver interface and internal hostapd use.
The value of segment0 field in ACS results is the index of the channel
center frequency for 20 MHz, 40 MHz, and 80M Hz channels. The value is
the center frequency index of the primary 80 MHz segment for 160 MHz and
80+80 MHz channels.
The value of segment1 field in ACS results is zero for 20 MHz, 40 MHz,
and 80 MHz channels. The value is the index of the channel center
frequency for 160 MHz channels and the center frequency index of the
secondary 80 MHz segment for 80+80 MHz channels.
However, in struct hostapd_config, for 160 MHz channels, the value of
the segment0 field is the index of the channel center frequency of 160
MHz channel and the value of the segment1 field is zero. Map the values
from ACS event into hostapd_config fields accordingly.
Vamsi Krishna [Tue, 24 Dec 2019 12:46:37 +0000 (18:16 +0530)]
ACS: Update documentation of external ACS results event parameters
Update the documentation with values to be sent for seg0 and seg1 fields
in external ACS result event for 20 MHz, 40 MHz, 80 MHz, 160 MHz, and
80+80 MHz channels. These values match the changes done to definitions
of seg0 and seg1 fields in the IEEE 802.11 standard.
This vendor command had not previously been documented in this level of
detail and had not actually been used for the only case that could have
two different interpretation (160 MHz) based on which version of IEEE
802.11 standard is used.
Vamsi Krishna [Tue, 24 Dec 2019 12:02:29 +0000 (17:32 +0530)]
6 GHz: Fix Channel Width value for 80+80 in 6 GHZ Operation Info field
The Channel Width field value is 0 for 20 MHz, 1 for 40 MHz, 2 for 80
MHz, and 3 for both 160 MHz and 80+80 MHz channels. The 80+80 MHz case
was not addressed previously correctly since it cannot be derived from
seg0 only.
The Channel Center Frequency Segment 0 field value is the index of
channel center frequency for 20 MHz, 40 MHz, and 80 MHz channels. The
value is the center frequency index of the primary 80 MHz segment for
160 MHz and 80+80 MHz channels.
The Channel Center Frequency Segment 1 field value is zero for 20 MHz,
40 MHz, and 80 MHz channels. The value is the index of the channel
center frequency for 160 MHz channel and the center frequency index of
the secondary 80 MHz segment for 80+80 MHz channels.
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.
The following flag are defined:
KEY_FLAG_MODIFY
Set when an already installed key must be updated.
So far the only use-case is changing RX/TX status of installed
keys. Must not be set when deleting a key.
KEY_FLAG_DEFAULT
Set when the key is also a default key. Must not be set when
deleting a key. (This is the replacement for set_tx.)
KEY_FLAG_RX
The key is valid for RX. Must not be set when deleting a key.
KEY_FLAG_TX
The key is valid for TX. Must not be set when deleting a key.
KEY_FLAG_GROUP
The key is a broadcast or group key.
KEY_FLAG_PAIRWISE
The key is a pairwise key.
KEY_FLAG_PMK
The key is a Pairwise Master Key (PMK).
Predefined and needed flag combinations so far are:
KEY_FLAG_GROUP_RX_TX
WEP key not used as default key (yet).
KEY_FLAG_GROUP_RX_TX_DEFAULT
Default WEP or WPA-NONE key.
KEY_FLAG_GROUP_RX
GTK key valid for RX only.
KEY_FLAG_GROUP_TX_DEFAULT
GTK key valid for TX only, immediately taking over TX.
KEY_FLAG_PAIRWISE_RX_TX
Pairwise key immediately becoming the active pairwise key.
KEY_FLAG_PAIRWISE_RX
Pairwise key not yet valid for TX. (Only usable with Extended Key ID
support.)
KEY_FLAG_PAIRWISE_RX_TX_MODIFY
Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.
KEY_FLAG_RX_TX
Not a valid standalone key type and can only used in combination
with other flags to mark a key for RX/TX.
This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Markus Theil [Wed, 8 Jan 2020 23:03:02 +0000 (00:03 +0100)]
tests: Fix Python sleep function
Current Python versions have no os.sleep(), use time.sleep() instead.
module 'os' has no attribute 'sleep'
Traceback (most recent call last):
File "./run-tests.py", line 521, in main
t(dev, apdev)
File "/home/mtheil/hostap/tests/hwsim/test_pmksa_cache.py", line 356, in test_pmksa_cache_expiration
hapd.wait_ptkinitdone(dev[0].own_addr())
File "/home/mtheil/hostap/tests/hwsim/hostapd.py", line 282, in wait_ptkinitdone
os.sleep(0.1)
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Jouni Malinen [Wed, 8 Jan 2020 22:47:03 +0000 (00:47 +0200)]
nl80211: Pass set_key() parameter struct to wpa_driver_nl80211_set_key()
This is the function that actually uses the parameters, so pass the full
parameter struct to it instead of hiding the struct from it in the
simple wrapper.
This is in preparation for adding support to use a single WLAN netdev
with VLAN operations offloaded to the driver. No functional changes are
included in this commit.
Jouni Malinen [Wed, 8 Jan 2020 20:15:18 +0000 (22:15 +0200)]
driver: Move set_key() parameters into a struct
This makes it more convenient to add, remove, and modify the parameters
without always having to update every single driver_*.c implementation
of this callback function.
Jouni Malinen [Wed, 8 Jan 2020 18:52:26 +0000 (20:52 +0200)]
SAE: A bit optimized sae_confirm_immediate=2 for testing purposes
sae_confirm_immediate=2 can now be used in CONFIG_TESTING_OPTIONS=y
builds to minimize the latency between SAE Commit and SAE Confirm by
postponing transmission of SAE Commit until the SAE Confirm frame is
generated. This does not have significant impact, but can get the frames
tiny bit closer to each other over the air to increase testing coverage.
The only difference between sae_confirm_immediate 1 and 2 is in the
former deriving KCK, PMK, PMKID, and CN between transmission of the
frames (i.e., a small number of hash operations).
Vamsi Krishna [Wed, 11 Dec 2019 12:57:47 +0000 (18:27 +0530)]
Do not select APs found on disabled channels for connection
If a channel list changed event is received after a scan and before
selecting a BSS for connection, a BSS found on a now disabled channel
may get selected for connection. The connect request issued with the BSS
found on a disabled channel is rejected by cfg80211. Filter out the BSSs
found on disabled channels and select from the other BSSs found on
enabled channels to avoid unnecessary connection attempts that are bound
to fail.
The channel list information will be updated by the driver in cases like
country code update, disabling/enabling specific bands, etc. which can
occur between the scan and connection attempt.