Gokul Sivakumar [Wed, 3 Nov 2021 16:50:23 +0000 (22:20 +0530)]
wlantest: Delete each entry from the WEP list before freeing the entry
To be consistent with how all the other dl lists like passphrase, PMK,
and PTK lists are freed, delete each entry from the WEP list before
freeing the entry.
Gokul Sivakumar [Wed, 3 Nov 2021 16:50:22 +0000 (22:20 +0530)]
wlantest: Replace the duplicate functions with reuse of cli.h
The definitions of max_args, get_cmd_arg_num(), and tokenize_cmd() are
already shared by the hostapd_cli and wpa_cli commands by including the
cli.h header. So follow the same for wlantest_cli and remove the
duplicate function defitions.
Gokul Sivakumar [Wed, 3 Nov 2021 16:50:21 +0000 (22:20 +0530)]
wlantest: Add new cli "help" command
Having a help cli command to view all the supported commands is helpful
when running the wlantest_cli manually instead via the python test
scripts.
$ wlantest_cli help
commands:
ping = test connection to wlantest
terminate = terminate wlantest
list_bss = get BSS list
list_sta <BSSID> = get STA list
flush = drop all collected BSS data
clear_sta_counters <BSSID> <STA> = clear STA counters
clear_bss_counters <BSSID> = clear BSS counters
get_sta_counter <counter> <BSSID> <STA> = get STA counter value
get_bss_counter <counter> <BSSID> = get BSS counter value
inject <frame> <prot> <sender> <BSSID> <STA/ff:ff:ff:ff:ff:ff>
send <prot> <raw frame as hex dump>
version = get wlantest version
add_passphrase <passphrase> = add a known passphrase
add_wepkey <WEP key> = add a known WEP key
info_sta <field> <BSSID> <STA> = get STA information
info_bss <field> <BSSID> = get BSS information
clear_tdls_counters <BSSID> <STA1> <STA2> = clear TDLS counters
get_tdls_counter <counter> <BSSID> <STA1> <STA2> = get TDLS counter value
get_bss_counter <counter> <BSSID> = get BSS counter value
relog = re-open log-file (allow rolling logs)
get_tx_tid <BSSID> <STA> <TID> = get STA TX TID counter value
get_rx_tid <BSSID> <STA> <TID> = get STA RX TID counter value
help = show this usage help
$ wlantest_cli help add_passphrase
commands:
add_passphrase <passphrase> = add a known passphrase
Gokul Sivakumar [Wed, 3 Nov 2021 16:50:20 +0000 (22:20 +0530)]
wlantest: Properly free allocated memory on error exit paths
In the cases when a failure is experienced, the value "-1" was returned
from the main() function without doing any cleanup or deinit.
For example, if wlantest was started with the following set of command
line arguments then later when returning after a failure from main()
function, the memory allocated as part of handling the "-p" getopt
command line option was not freed. To fix memory leaks in this case,
properly free the previously allocated memory with the help of
wlantest_deinit() before returning from main().
Memory leak reported by Valgrind when running wlantest as mentioned above.
==513454== HEAP SUMMARY:
==513454== in use at exit: 128 bytes in 1 blocks
==513454== total heap usage: 4 allocs, 3 frees, 5,720 bytes allocated
==513454==
==513454== Searching for pointers to 1 not-freed blocks
==513454== Checked 76,936 bytes
==513454==
==513454== 128 bytes in 1 blocks are definitely lost in loss record 1 of 1
==513454== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==513454== by 0x1396CA: os_zalloc (in /home/ubuntu/hostap/wlantest/wlantest)
==513454== by 0x10C345: add_passphrase (wlantest.c:125)
==513454== by 0x10C345: main (wlantest.c:425)
==513454==
==513454== LEAK SUMMARY:
==513454== definitely lost: 128 bytes in 1 blocks
==513454== indirectly lost: 0 bytes in 0 blocks
==513454== possibly lost: 0 bytes in 0 blocks
==513454== still reachable: 0 bytes in 0 blocks
==513454== suppressed: 0 bytes in 0 blocks
==513454==
==513454== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
D-Bus: Capture group ifname before switching to global P2P instance
The P2P DBus interface was using the wrong interface name when calling
wpas_p2p_invite_group(). Capture the group interface name before calling
the method to fix this.
The commit adds an additional check that checks for overlapping BSSs in
addition to the existing 40 MHz intolerance subfield checks. The commit
cites IEEE Std 802.11-2016, 11.16.12, which defines the proper behavior
for a 20/40 MHz HT STA and AP, but the standard actually doesn't say
anything about overlapping BSSs. Specifically, the standard states that
the only BSSs that belong in the Intolerant channel report are those
that satisfy trigger event A, defined as channels with BSSs that don't
contain the HT capabilities element (which wpa_supplicant already did
before). Note that we also include channels with BSSs that have the 40
MHz intolerance bit set in the Intolerant channel report.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Jouni Malinen [Tue, 7 Dec 2021 15:04:48 +0000 (17:04 +0200)]
DPP2: PKEXv2 core protocol changes
Add support for PKEXv2 core protocol. This defines a new PKEX Exchange
Request message type with protocol negotiation and different rules for
key derivation with PKEXv2 or newer is used.
This does not change existing behavior for PKEX, i.e., the PKEXv1
variant will still be used by default.
Jouni Malinen [Fri, 3 Dec 2021 19:04:03 +0000 (21:04 +0200)]
DPP3: Verify version match during Network Introduction
Verify that the Protocol Version attribute is used appropriate in Peer
Discovery Request/Response messages in cases where the signed Connector
includes the version information.
Jouni Malinen [Fri, 3 Dec 2021 14:33:46 +0000 (16:33 +0200)]
DPP3: Use Connector version instead of current version in Peer Discovery
Generate Peer Discovery Request/Response messages using the protected
version from the Connector, if present, instead of the currently
supported protocol version which might be higher than the one that got
included into the signed Connector during provisioning earlier.
Jouni Malinen [Fri, 3 Dec 2021 10:09:18 +0000 (12:09 +0200)]
DPP3: Add build option for version 3 functionality
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.
Jouni Malinen [Fri, 26 Nov 2021 21:30:15 +0000 (23:30 +0200)]
Fix bool type values for setband
wpa_add_scan_freqs_list() was updated to use bool for the is_6ghz
argument, but these callers were missed when updating the values from
0/1 to false/true.
P2P: Remove 6 GHz channels from full scan if 6 GHz not enabled for P2P
The channels included for the scan to connect to a P2P GO are optimized
such that the P2P GO preferred channel and the common channels are
included for the first few scans followed by a full scan in which all
the channels supported by the local device are included. This results in
P2P client including the 6 GHz channels for the full scan after GO
Negotiation even when 6 GHz channels are not used for the P2P
connection.
Exclude the 6 GHz channels from the full scan if 6 GHz channels are
supported but are not used for P2P connection.
Vinay Gannevaram [Thu, 11 Nov 2021 07:09:28 +0000 (12:39 +0530)]
Update AKMP, cipher, PMF for driver-based SME while roaming
After roaming to a new AP using driver-based SME and roaming trigger,
update proto type, AKMP suite, and pairwise cipher suite based on the
(Re)Association Request frame. Update PMF, group cipher, and group mgmt
cipher based on the AP's RSNE into wpa_sm. group_mgmt_cipher needs to be
updated based on PMF capabilities of STA and roamed AP.
mesh: Change channel to frequency based lookup for starting mesh
Channel numbers of the 6 GHz band overlap those of the 2.4 GHz and 5 GHz
bands. Thus converting to frequency based mesh channel selection helps
accommodate 6 GHz mesh.
Aloka Dixit [Tue, 27 Jul 2021 23:42:26 +0000 (16:42 -0700)]
RNR: Do not allow FILS Discovery and unsolicited Probe Response simultaneously
Reduced neighbor report has a field to indicate whether unsolicited
Probe Response transmission is active. Add a check to return failure if
both FILS discovery and unsolicited Probe Response are enabled at the
same time to ensure that RNR includes valid data.
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
RNR: Allow Probe Response frame for a colocated 6 GHz AP
When a Probe Request frame from a station includes an SSID matching that
of a co-located 6 GHz AP, AP should respond with a Probe Response frame
that includes Reduced Neighbor Report element containing information
regarding the requested BSS.
Signed-off-by: Muna Sinada <msinada@codeaurora.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
Aloka Dixit [Tue, 27 Jul 2021 23:42:24 +0000 (16:42 -0700)]
RNR: Update Beacon frames for 6 GHz colocation
Update 2.4/5 GHz Beacon frames every time Beacon frames for co-located 6
GHz AP(s) are set. This is required for 6 GHz out-of-band discovery so
that lower band Beacon frames will include RNR element with 6 GHz AP
information irrespective of the AP bring-up order. Similarly, RNR is
included in FILS Discovery frames by default in 6 GHz-only mode,
updating the Beacon frames will remove it when co-located 2.4/5 GHz
interfaces are brought up.
This change also ensures that the changes in 6 GHz AP configuration such
as new channel and bandwidth get reflected in the lower bands Beacon
frames.
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
John Crispin [Tue, 27 Jul 2021 23:42:22 +0000 (16:42 -0700)]
RNR: Additions for a 6 GHz AP
Include Reduced Neighbor Report element in Beacon and Probe Response
frames by default if the reporting AP is 2.4/5 GHz and it is co-located
with a 6 GHz AP. Similarly, include RNR by default in FILS Discovery
frames if the AP is a standalone 6 GHz AP.
Signed-off-by: John Crispin <john@phrozen.org> Co-developed-by: Aloka Dixit <alokad@codeaurora.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
John Crispin [Tue, 27 Jul 2021 23:42:21 +0000 (16:42 -0700)]
RNR: Add co-located BSSes
Calculate the length and include data for the BSSes active on the same
radio as the reporting BSS in the Reduced Neighbor Report element. This
element is included in Beacon and Probe Response frames.
Signed-off-by: John Crispin <john@phrozen.org> Co-developed-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org> Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org> Co-developed-by: Muna Sinada <msinada@codeaurora.org> Signed-off-by: Muna Sinada <msinada@codeaurora.org> Co-developed-by: Aloka Dixit <alokad@codeaurora.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
John Crispin [Tue, 27 Jul 2021 23:42:20 +0000 (16:42 -0700)]
RNR: Add data from neighbor database
Include data from the existing neighbor database in the Reduced Neighbor
Report element in Beacon frames if the configuration option 'rnr' is
enabled for the BSS.
Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Muna Sinada <msinada@codeaurora.org> Co-developed-by: Aloka Dixit <alokad@codeaurora.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
Jouni Malinen [Mon, 8 Nov 2021 21:42:02 +0000 (23:42 +0200)]
Share a common error path for SET_NEIGHBOR control interface command
Instead of constructing a custom error handler freeing the same set of
allocated memory areas on various error cases, share the success path
freeing implementation for the error cases as well.
John Crispin [Tue, 27 Jul 2021 23:42:17 +0000 (16:42 -0700)]
RNR: Add bss_parameters to the neighbor_db
Add a new field to include BSS Parameter subfield in the neighbor
database as described in IEEE Std 802.11ax-2021, Figure 9-632a (BSS
Parameters subfield format). This field holds information related to
multiple BSSID, access point co-location, and 20 TU probe response
active/inactive state.
Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
Vinay Gannevaram [Thu, 28 Oct 2021 17:51:00 +0000 (23:21 +0530)]
Update AKMP and proto for driver-based SME while roaming
After roaming to a new AP using driver-based SME and roaming trigger,
AKMP and proto were not updated in wpa_sm. Hence, update AKMP and proto
used with roamed AP when association event received from the driver in
SME offloaded to the driver scenario to avoid incorrect AKMP details in
wpa_supplicant similarly to how the cipher suite updates were added in
commit 2b3e64a0fb5f ("Update ciphers to address GTK renewal failures
while roaming") .
Jouni Malinen [Wed, 3 Nov 2021 14:02:07 +0000 (16:02 +0200)]
OpenSSL: Fix build with OpenSSL 1.0.2
OpenSSL 1.0.2 did not define the 'bytes' argument to
X509_NAME_add_entry_by_NID() to be const like it did for the previously
used X509_NAME_add_entry_by_txt(). Add a backwards compatible version of
this call to avoid compilation issues.
Fixes: d51939f2c4b5 ("DPP: Move CSR routines to use crypto.h") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Cedric Izoard [Fri, 29 Oct 2021 09:05:33 +0000 (11:05 +0200)]
tests: Fix DPP test cases for BoringSSL
When checking DPP capabilities the Brainpool flag was not always set
when needed, leading to run a test with the Brainpool curves not
supported by BoringSSL.
Use a short form for the DER length of EC privateKey with NIST P-521
curve. Indeed BoringSSL returns an error when parsing DER sequence 30 81
50 ... because the length 81 50 could have been encoded as 50 and
according comment in BoringSSL:
ITU-T X.690 section 10.1 (DER length forms) requires encoding the
length with the minimum number of octets.
Cedric Izoard [Fri, 29 Oct 2021 09:05:32 +0000 (11:05 +0200)]
DPP: Replace dpp_bootstrap_key_der() with crypto_ec_key_get_subject_public_key()
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().
The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.
Cedric Izoard [Fri, 29 Oct 2021 09:05:31 +0000 (11:05 +0200)]
DPP: Use ECDH from crypto.h
Use crypto.h API to implement ECDH in DPP. This needs a new
initialization function in crypto.h to initialize an ECDH with a given
EC key.
Using crypto_ecdh_set_peerkey() to generate the ECDH secret in an
intermediate and dynamically allocated buffer removed the need for the
DPP-specific workaround for inconsistent length returned by
EVP_PKEY_derive() since that crypto_ecdh_set_peerkey() implementation
already had functionality for covering the changing secret_len value
from commit d001fe31ab0a ("OpenSSL: Handle EVP_PKEY_derive() secret_len
changes for ECDH").
Cedric Izoard [Fri, 29 Oct 2021 09:05:30 +0000 (11:05 +0200)]
OpenSSL: Clear the correct flag in crypto_ec_key_get_ecprivate_key()
In case the public key was not included in the EC private key ASN.1
sequence, the flag that was cleared was not the right one. Fix this by
using EC_KEY_set_enc_flags() for both setting and clearing the
EC_PKEY_NO_PUBKEY flag instead of trying to clear that with the
unrelated EC_KEY_clear_flags() function.
Masashi Honma [Sun, 31 Oct 2021 23:03:37 +0000 (08:03 +0900)]
Ignore CONFIG_WIFI_DISPLAY without CONFIG_P2P
Wi-Fi Display functionality needs P2P to be enabled. Ignore
CONFIG_WIFI_DISPLAY if CONFIG_P2P is not enabled for the build. This
avoids following compilation issue with invalid build configuration:
../src/ap/ap_drv_ops.c: In function 'hostapd_build_ap_extra_ies':
../src/ap/ap_drv_ops.c:163:10: error: 'struct hostapd_data' has no member named 'p2p_group'
163 | if (hapd->p2p_group) {
| ^~
../src/ap/ap_drv_ops.c:165:35: error: 'struct hostapd_data' has no member named 'p2p_group'
165 | a = p2p_group_assoc_resp_ie(hapd->p2p_group, P2P_SC_SUCCESS);
| ^~
Masashi Honma [Sun, 31 Oct 2021 23:03:37 +0000 (08:03 +0900)]
Fix compiler error on CONFIG_AP without CONFIG_P2P builds
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/ap.o: in function `wpas_conf_ap_he_6ghz':
/home/honma/git/hostap/wpa_supplicant/ap.c:245: undefined reference to `wpas_p2p_get_sec_channel_offset_40mhz'
Fixes: e5173e8b12a8 ("P2P: Enable multiple channel widths for P2P in 6 GHz band") Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Wed, 27 Oct 2021 01:10:57 +0000 (10:10 +0900)]
wolfSSL: Fix a link error when WPS NFC is disabled
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/src/wps/wps.o: in function `wps_deinit':
/home/honma/git/hostap/wpa_supplicant/../src/wps/wps.c:184: undefined reference to `dh5_free'
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/src/wps/wps_common.o: in function `wps_derive_keys':
/home/honma/git/hostap/wpa_supplicant/../src/wps/wps_common.c:83: undefined reference to `dh5_derive_shared'
/usr/bin/ld: /home/honma/git/hostap/wpa_supplicant/../src/wps/wps_common.c:84: undefined reference to `dh5_free'
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/src/wps/wps_attr_build.o: in function `wps_build_public_key':
/home/honma/git/hostap/wpa_supplicant/../src/wps/wps_attr_build.c:68: undefined reference to `dh5_free'
/usr/bin/ld: /home/honma/git/hostap/wpa_supplicant/../src/wps/wps_attr_build.c:69: undefined reference to `dh5_init'
collect2: error: ld returned 1 exit status
make: *** [Makefile:1892: wpa_supplicant] Error 1
Cedric Izoard [Mon, 28 Jun 2021 16:25:25 +0000 (18:25 +0200)]
DPP: Use crypto_ec_key_get_subject_public_key() when possible
Keep the locally defined ASN.1 sequence DPP_BOOTSTRAPPING_KEY for now to
avoid losing a workaround for BoringSSL from commit 746c1792ac28 ("DPP:
Build bootstrapping key DER encoding using custom routine").
Cedric Izoard [Mon, 28 Jun 2021 16:25:35 +0000 (18:25 +0200)]
DPP: Remove direct call to OpenSSL in dpp_test_gen_invalid_key()
Instead of generating EC point with random coordinates, generate a
valid EC point and then corrupt the coordinates after exporting them
in binary format.
Cedric Izoard [Mon, 28 Jun 2021 16:25:33 +0000 (18:25 +0200)]
DPP: Use crypto_ec_key_group() to compare EC key's group
Remove one more direct call to OpenSSL using crypto_ec_key_group() to
compare group of c-sign-key and ppKey when creating Configurator from
backup data.
Cedric Izoard [Mon, 28 Jun 2021 16:25:28 +0000 (18:25 +0200)]
DPP: Update PKEX part to use crypto.h API
Rewrite EC point/bignum computation done in PKEX protocol using EC
point/bignum primitives already defined in crypto.h and couple of small
new helper functions.
Cedric Izoard [Mon, 28 Jun 2021 16:25:26 +0000 (18:25 +0200)]
DPP: Use crypto_ec_key_parse_pub() in dpp_get_subject_public_key()
The extra validation steps through the OpenSSL X509 API are not really
necessary here and they most duplicate checks that happen implicitly
within d2i_PUBKEY() and the EVP_PKEY_get0_EC_KEY() checks in
crypto_ec_key_parse_pub().
Cedric Izoard [Mon, 28 Jun 2021 16:25:24 +0000 (18:25 +0200)]
DPP: Move dpp_set_pubkey_point_group() to crypto.h
Move code of dpp_set_pubkey_point_group() into crypto.h API. This
function initializes an EC public key using coordinates of the EC point
in binary format.
Cedric Izoard [Mon, 28 Jun 2021 16:25:19 +0000 (18:25 +0200)]
OpenSSL: Use EVP_PKEY as struct crypto_ec_key
Remove definition of struct crypto_ec_key and directly cast struct
crypto_ec_key * to EVP_PKEY * (and vice versa).
Indeed EVP_PKEY already has a pointer to EC_KEY and removing this
intermediate structure allows smoother transition in removing direct
OpenSSL dependency in DPP.
Hu Wang [Mon, 25 Oct 2021 10:58:38 +0000 (16:28 +0530)]
SAE: Fix sm->cur_pmksa assignment
Commit b0f457b6191 ("SAE: Do not expire the current PMKSA cache entry")
depends on sm->cur_pmksa to determine if it is the current PMKSA cache
entry, but sm->cur_pmksa was not always correct for SAE in the current
implementation.
Set sm->cur_pmksa in wpa_sm_set_pmk() (which is used with SAE), and skip
clearing of sm->cur_pmksa for SAE in wpa_find_assoc_pmkid(). This latter
case was added by commit c2080e8657f8 ("Clear current PMKSA cache
selection on association/roam") for driver-based roaming indication and
Suite B, so skipping it for SAE should be fine.
Add QCA vendor attribute to configure priority of vendor scan
Add the attribute QCA_WLAN_VENDOR_ATTR_SCAN_PRIORITY to configure the
priority of vendor scan relative to other scan requests. Add the valid
values that this attribute can take.
xinpeng wang [Tue, 14 Sep 2021 05:09:20 +0000 (13:09 +0800)]
Fix handling of complex configuration lines with mixed "" and #
The original code wants to remove # comments unless they are within a
double quoted string, but it doesn’t consider the "" after #, for
example in the following line: a=b #"a=c"
Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com>
xinpeng wang [Mon, 13 Sep 2021 09:14:15 +0000 (17:14 +0800)]
eloop: Extend overflow check in eloop_register_timeout() to cover usec
Processing of usec could result in an additional +1 increment to sec and
that might overflow. Extend the previously used overflow check to cover
this special case as well.
Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com>
David Bauer [Wed, 6 Oct 2021 00:21:46 +0000 (02:21 +0200)]
WNM: Allow specifying dialog token for BSS transition request
Adds the ability to specify the dialog token of a WNM BSS Transition
Management Request frame via the hostapd control interface.
For this, the new 'dialog_token' option can be used with the BSS_TM_REQ
command. It accepts values as an 8 bit unsigned integer. If not
specified, the dialog token is set to 1 like before.
Jouni Malinen [Mon, 18 Oct 2021 21:23:09 +0000 (00:23 +0300)]
DPP2: Do not try to remove Controller TCP connection twice on error
These code paths on the Controller were calling dpp_connection_remove()
twice for the same connection in the error cases. That would result in
double-freeing of the memory, so fix this by remove the
dpp_connection_remove() call from the called function and instead,
remove the connection in dpp_controller_rx() error handling.
Jouni Malinen [Mon, 18 Oct 2021 21:04:46 +0000 (00:04 +0300)]
DPP2: Clean up Controller on hostapd interface removal
Stop the DPP Controller instance, if one is started, when the hostapd
interface that was used to start that Controller is removed. This is
needed to remove the control pointers that point to the soon-to-be-freed
hostapd structures. This fixes an issue where a Controller operation
with multiple interfaces could have resulted in references to freed
memory if an interface is removed without explicitly stopping the DPP
Controller.
David Bauer [Wed, 6 Oct 2021 00:21:05 +0000 (02:21 +0200)]
proxyarp: Fix compilation with Hotspot 2.0 disabled
The disable_dgaf config field is only available in case hostapd is
compiled with Hotspot 2.0 support (CONFIG_HS20=y), however Proxy-ARP
(CONFIG_PROXYARP=y) does not depend on Hotspot 2.0.
Only add the code related to this config field when Hotspot 2.0 is
enabled to fix compilation with the aformentioned preconditions.
Jouni Malinen [Mon, 18 Oct 2021 17:02:35 +0000 (20:02 +0300)]
SAE: Do not expire the current PMKSA cache entry
There is no convenient mechanism for reauthenticating and generating a
new PMK during an association with SAE. As such, forced PMK update would
mean having to disassociate and reauthenticate which is not really
desired especially when the default PMKLifetime is only 12 hours.
Postpone PMKSA cache entry expiration of the currently used entry with
SAE until the association is lost. In addition, do not try to force the
EAPOL state machine to perform reauthentication for SAE since that won't
work.
Kees Cook [Tue, 12 Oct 2021 18:28:31 +0000 (11:28 -0700)]
wpa_supplicant: Try all drivers by default
Some distros carry patches to specify driver fallback, but only in
specific conditions (e.g. the systemd service definition[1]). This leaves
other wpa_supplicant instances needing to define fallback themselves,
which leads to places where wpa_supplicant thinks it can't find a
driver[2]. Instead, when -D is not specified, have wpa_supplicant try
all the drivers it was built with in an attempt to find a working one
instead of just giving up if the first doesn't work.
Add support to reconfigure or flush PMKSA cache on interface enable
Update PMKSA cache when interface is disabled and then enabled based on
the new MAC address. If the new MAC address is same as the previous MAC
address, the PMKSA cache entries are valid and hence update the PMKSA
cache entries to the driver. If the new MAC address is not same as the
previous MAC address, the PMKSA cache entries will not be valid anymore
and hence delete the PMKSA cache entries.
PMKSA: Make sure reauth time is not greater than expiration time
While creating a cloned PMKSA entry for OKC both expiration and
reauth_time values are set to maximum values, but later only the
expiration time is copied from the old PMKSA entry to the new PMKSA
entry. Due to this there is a possibility of reauth_time becoming
greater than expiration time in some cloned entries. To avoid this copy
reauth_time also to the cloned entry.
Also, add check to reject control interface commands with reauth time
greater than expiration time.
Jouni Malinen [Thu, 14 Oct 2021 13:28:02 +0000 (16:28 +0300)]
wlantest: Fix PMK length and passphrase-based key derivation for FT
The change to support variable length PMK in wlantest missed couple of
places where the PMK length did not get used or set properly. In
particular, this ended up breaking FT key derivation for the case where
a passphrase was used to derive a potential per-BSS PMK. Fix this by
setting and using the PMK length properly.
projects / thirdparty / hostap.git / log
