hostapd: Add Min/Max Transmit Power Capability into STA command
This provides access to the Minimum/Maximum Transmit Power Capabilitie
fileds (the nominal minimum/maximum transmit power with which the STA
is capable of transmitting in the current channel; signed integer in
units of decibels relative to 1 mW).
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
Check hostapd current_mode before dereferencing it in additional places
While most places using this should be for cases where the hw_features
functionality is required, there seem to be some paths that are getting
exposed in new OWE related operations where that might not be the case.
Add explicit NULL pointer checks to avoid dereferencing the pointer if
it is not set when operating with driver wrappers that do not provide
sufficient information.
Jouni Malinen [Mon, 30 Oct 2017 10:08:19 +0000 (12:08 +0200)]
tests: ap_wpa2_eap_tls_versions to test TLSv1.2 with OpenSSL 1.1
Change the test condition from "is OpenSSL 1.0.2" to "is not OpenSSL
1.0.1", so that the TLSv1.2 test step gets executed with OpenSSL 1.0.2
and 1.1 (and newer).
Jouni Malinen [Sun, 29 Oct 2017 15:13:54 +0000 (17:13 +0200)]
AP-side workaround for WNM-Sleep Mode GTK/IGTK reinstallation issues
Normally, WNM-Sleep Mode exit with management frame protection
negotiated would result in the current GTK/IGTK getting added into the
WNM-Sleep Mode Response frame. Some station implementations may have a
vulnerability that results in GTK/IGTK reinstallation based on this
frame being replayed. Add a new hostapd configuration parameter that can
be used to disable that behavior and use EAPOL-Key frames for GTK/IGTK
update instead. This would likely be only used with
wpa_disable_eapol_key_retries=1 that enables a workaround for similar
issues with EAPOL-Key. This is related to station side vulnerabilities
CVE-2017-13087 and CVE-2017-13088. To enable this AP-side workaround,
set wnm_sleep_mode_no_keys=1.
Johannes Berg [Wed, 25 Oct 2017 08:06:10 +0000 (10:06 +0200)]
wpa_auth: Deplete group rekey eloop handler for strict rekeying
When strict group rekeying is in effect, every station that leaves will
cause a rekeying to happen 0.5 s after leaving. However, if a lot of
stations join/leave, the previous code could postpone this rekeying
forever, since it always re-registers the handling with a 0.5 s timeout.
Use eloop_deplete_timeout() to address that, only registering the
timeout from scratch if it wasn't pending.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 25 Oct 2017 08:26:10 +0000 (10:26 +0200)]
Allow forcing group rekeying for testing purposes
In order to test the WoWLAN GTK rekeying KRACK mitigation, add a
REKEY_GTK hostapd control interface command that can be used at certain
points of the test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Sun, 29 Oct 2017 14:08:02 +0000 (16:08 +0200)]
DPP: Negotiation channel change request from Initiator
Allow the Initiator to request a different channel to be used for DPP
Authentication and DPP Configuration exchanges. This commit adds support
for this in wpa_supplicant with the optional neg_freq=<freq in MHz>
parameter in DPP_AUTH_INIT.
Jouni Malinen [Sun, 29 Oct 2017 10:23:34 +0000 (12:23 +0200)]
DPP: Allow testing override values to be cleared
This allows wpa_supplicant dpp_config_obj_override,
dpp_discovery_override, and dpp_groups_override parameters to be cleared
by setting them to a zero-length value.
Jouni Malinen [Sat, 28 Oct 2017 14:40:06 +0000 (17:40 +0300)]
DPP: Process Authentication Confirm failure cases
Process Authentication Confirm with the two failure cases defined in the
spec: STATUS_NOT_COMPATIBLE and STATUS_AUTH_FAILURE. This verifies the
{R-nonce}k2 part and reports more detailed failure reason if the message
is valid.
Jouni Malinen [Mon, 23 Oct 2017 11:14:57 +0000 (14:14 +0300)]
DPP: Allow Responder to decide not to use mutual authentication
Previously, Initiator decided whether to use mutual authentication on
its own based on having own and peer bootstrapping info. This prevented
Responder from selecting not to use mutual authentication in such a
case. Fix this by allowed Initiator to fall back to non-mutual
authentication based on Responder choice if the bootstrapping mechanism
allows this (PKEX does not; it mandates use of mutual authentication).
Jouni Malinen [Sun, 22 Oct 2017 16:03:23 +0000 (19:03 +0300)]
DPP: Move Authentication Response building into a separate function
This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok())
a bit by separating initialization steps for a DPP authentication
session from the code needed to build the frame. This allows
dpp_auth_build_resp_status() to share the helper function instead of
having to maintain a duplicated message construction implementation. In
addition, this makes it easier to remove some of the attributes for
protocol testing purposes.
Jouni Malinen [Sun, 22 Oct 2017 14:08:25 +0000 (17:08 +0300)]
DPP: Move Authentication Request building into a separate function
This cleans up dpp_auth_init() a bit by separating initialization steps
for a DPP authentication session from the code needed to build the
frame. In addition, this makes it easier to remove some of the
attributes for protocol testing purposes.
Jouni Malinen [Sun, 22 Oct 2017 09:35:06 +0000 (12:35 +0300)]
DPP: Report transmitted messages as control interface events
This is helpful for testing purposes and also for upper layer components
that may want to show more detailed progress through a DPP exchange.
Both the DPP-TX and DPP-TX-STATUS events are provided.
Jouni Malinen [Sun, 22 Oct 2017 08:46:12 +0000 (11:46 +0300)]
DPP: Remove unnecessary Wrapped Data checks from callers
Now that dpp_check_attrs() takes care of verifying that no attributes
are after the Wrapped Data attribute, the duplicated checks in hostapd
and wpa_supplicant side of the implementation can be removed.
Jouni Malinen [Sun, 22 Oct 2017 08:15:21 +0000 (11:15 +0300)]
DPP: Protocol testing framework
Add a generic mechanism for configuring the DPP implementation to behave
in particular different (mostly incorrect) ways for protocol testing
purposes. The new dpp_test parameter can be set to a non-zero integer to
indicate a specific behavior. This is only available in
CONFIG_TESTING_OPTIONS=y builds.
This commit include cases for an extra attribute being added after the
Wrapped Data attribute and Initiator/Responder capabilities having an
unexpected zero capability.
Jouni Malinen [Sun, 22 Oct 2017 13:42:33 +0000 (16:42 +0300)]
tests: Make sae_invalid_anti_clogging_token_req more robust
Beacon more frequently since Probe Request frames are practically ignored
in this test setup (ext_mgmt_frame_handled=1 on hostapd side) and
wpa_supplicant scans may end up getting ignored if no new results are
available due to the missing Probe Response frames.
Michael Baird [Thu, 28 Sep 2017 05:53:35 +0000 (18:53 +1300)]
EAP server: Add event messages for more EAP states
While using an external RADIUS server SUCCESS messages were not being
sent (internal was fine). Also add event messages for other states that
others might find useful, and consistency between the two.
Signed-off-by: Michael Baird <Michael.Baird@ecs.vuw.ac.nz>
Ben Greear [Wed, 18 Oct 2017 22:58:30 +0000 (15:58 -0700)]
Fix test build breakage when not compiling with mesh support
Build breakage was introduced by commit 16579769ff7bb255e101c6b77fb2c47d3735a883 ('Add testing functionality for
resetting PN/IPN for configured keys') for some CONFIG_TESTING_OPTIONS=y
builds.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Jouni Malinen [Fri, 20 Oct 2017 15:18:53 +0000 (18:18 +0300)]
Fix the notes on EAPOL-Key testing procedures
The extra sanity check for replay protection in these procedures ended
up breaking the tests. RESET_PN cannot be used before RESEND_* commands
since that would prevent the DUT from accepting the retransmitted
EAPOL-Key frames.
Jouni Malinen [Fri, 20 Oct 2017 14:44:07 +0000 (17:44 +0300)]
WNM: Ignore BSS Transition Management frames in bss_transition=0 case
The hostapd bss_transition parameter was previously used to control
advertisement of BSS Transition Management support, but it was not used
when processing BSS Transition Management Query/Response frames. Add an
explicit check during frame processing as well so that any misbehaving
station is ignored. In addition to bss_transition=1, allow mbo=1 to be
used to mark the functionality enabled.
Jouni Malinen [Fri, 20 Oct 2017 14:39:42 +0000 (17:39 +0300)]
WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case
The hostapd wnm_sleep_mode parameter was previously used to control
advertisement of WNM-Sleep Mode support, but it was not used when
processing a request to use WNM-Sleep Mode. Add an explicit check during
request processing as well so that any misbehaving station is ignored.
Jouni Malinen [Thu, 19 Oct 2017 09:16:18 +0000 (12:16 +0300)]
Extend RESEND_* test commands to allow forcing plaintext TX
This allows hostapd testing functionality to be forced to send out a
plaintext EAPOL-Key frame with the RESEND_* command. That can be useful
in seeing how the station behaves if an unencrypted EAPOL frame is
received when TK is already configured.
This is not really perfect since there is no convenient way of sending
out a single unencrypted frame in the current nl80211 design. The
monitor interface could likely still do this, but that's not really
supposed to be used anymore. For now, clear and restore TK during this
operation. The restore part is not really working correctly, though,
since it ends up clearing the TSC value on the AP side and that shows up
as replay protection issues on the station. Anyway, this is sufficient
to generate sniffer captures to analyze station behavior.
FILS: Send updated connection parameters to drivers if needed
After an initial connection wpa_supplicant derives ERP information which
can be used in doing eventual authentications in the same realm. This
information can be used by drivers with offloaded FILS support to do
driver/firmware initiated roamings. Add support to send this updated
information to such drivers.
Update the replay counter after a roam for all cases. This restores the
design back to what it was before commit 01ef320f192daa074c7055a44a03b6b5b811d6bd ('FILS: Update ERP next
sequence number with driver offload').
nl80211: Add support to send updated connection parameters
After an initial connection certain connection parameters may be
updated. It may be necessary to send these parameters to drivers since
these will be used in driver-initiated roaming cases. This commit
defines the driver_ops call for this and implements the needed
functionality for the nl80211 driver interface.
Add attributes to support roam+auth vendor event for FILS
Add additional attributes to specify the PMK, PMKID, and the ERP next
sequence number to the vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH. These are needed in case
of an offloaded FILS roaming.
Jouni Malinen [Mon, 16 Oct 2017 22:15:24 +0000 (01:15 +0300)]
Clear BSSID information in supplicant state machine on disconnection
This fixes a corner case where RSN pre-authentication candidate from
scan results was ignored if the station was associated with that BSS
just before running the new scan for the connection.
Jouni Malinen [Mon, 16 Oct 2017 21:01:11 +0000 (00:01 +0300)]
Additional consistentcy checks for PTK component lengths
Verify that TK, KCK, and KEK lengths are set to consistent values within
struct wpa_ptk before using them in supplicant. This is an additional
layer of protection against unexpected states.
Jouni Malinen [Mon, 16 Oct 2017 15:37:43 +0000 (18:37 +0300)]
Optional AP side workaround for key reinstallation attacks
This adds a new hostapd configuration parameter
wpa_disable_eapol_key_retries=1 that can be used to disable
retransmission of EAPOL-Key frames that are used to install
keys (EAPOL-Key message 3/4 and group message 1/2). This is
similar to setting wpa_group_update_count=1 and
wpa_pairwise_update_count=1, but with no impact to message 1/4
retries and with extended timeout for messages 4/4 and group
message 2/2 to avoid causing issues with stations that may use
aggressive power saving have very long time in replying to the
EAPOL-Key messages.
This option can be used to work around key reinstallation attacks
on the station (supplicant) side in cases those station devices
cannot be updated for some reason. By removing the
retransmissions the attacker cannot cause key reinstallation with
a delayed frame transmission. This is related to the station side
vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, and CVE-2017-13081.
This workaround might cause interoperability issues and reduced
robustness of key negotiation especially in environments with
heavy traffic load due to the number of attempts to perform the
key exchange is reduced significantly. As such, this workaround
is disabled by default (unless overridden in build
configuration). To enable this, set the parameter to 1.
It is also possible to enable this in the build by default by
adding the following to the build configuration:
Jouni Malinen [Sun, 15 Oct 2017 20:25:55 +0000 (23:25 +0300)]
Allow last (Re)Association Request frame to be replayed for testing
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Jouni Malinen [Sat, 14 Oct 2017 14:23:59 +0000 (17:23 +0300)]
Allow EAPOL-Key messages 1/4 and 3/4 to be retransmitted for testing
The new hostapd control interface commands "RESEND_M1 <addr>" and
"RESEND_M3 <addr>" can be used to request a retransmission of the 4-Way
Handshake messages 1/4 and 3/4 witht he same or modified ANonce (in M1).
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Jouni Malinen [Sat, 14 Oct 2017 13:53:27 +0000 (16:53 +0300)]
Allow group key handshake message 1/2 to be retransmitted for testing
The new hostapd control interface command "RESEND_GROUP_M1 <addr>" can
be used to request a retransmission of the Group Key Handshake message
1/2 for the current GTK.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Jouni Malinen [Sat, 14 Oct 2017 10:41:08 +0000 (13:41 +0300)]
Add testing functionality for resetting PN/IPN for configured keys
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Jouni Malinen [Sat, 14 Oct 2017 09:15:52 +0000 (12:15 +0300)]
wlantest: Do not update RSC on replays
This changes wlantest behavior to mark CCMP/TKIP replays for more cases
in case a device is resetting its TSC. Previously, the RSC check got
cleared on the first marked replay and the following packets were not
marked as replays if they continued incrementing the PN even if that PN
was below the highest value received with this key at some point in the
past.
Jouni Malinen [Sun, 8 Oct 2017 10:18:02 +0000 (13:18 +0300)]
Clear PMK length and check for this when deriving PTK
Instead of setting the default PMK length for the cleared PMK, set the
length to 0 and explicitly check for this when deriving PTK to avoid
unexpected key derivation with an all-zeroes key should it be possible
to somehow trigger PTK derivation to happen before PMK derivation.
Mathy Vanhoef [Thu, 5 Oct 2017 21:53:01 +0000 (23:53 +0200)]
WPA: Extra defense against PTK reinstalls in 4-way handshake
Currently, reinstallations of the PTK are prevented by (1) assuring the
same TPTK is only set once as the PTK, and (2) that one particular PTK
is only installed once. This patch makes it more explicit that point (1)
is required to prevent key reinstallations. At the same time, this patch
hardens wpa_supplicant such that future changes do not accidentally
break this property.
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.
This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.
Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.
FILS: Do not allow multiple (Re)Association Response frames
The driver is expected to not report a second association event without
the station having explicitly request a new association. As such, this
case should not be reachable. However, since reconfiguring the same
pairwise or group keys to the driver could result in nonce reuse issues,
be extra careful here and do an additional state check to avoid this
even if the local driver ends up somehow accepting an unexpected
(Re)Association Response frame.
tests: Fix wnm_action_proto_no_pmf to have active WNM_SLEEP operation
The previous designed worked since wpa_supplicant did not track pending
request state. With such tracking added, this test case needs to make
sure there is a pending operation when injecting the invalid response.
projects / thirdparty / hostap.git / log
