WPS: Allow WPS to be enabled in CCMP-256 and GCMP-256 only cases
Extend the check against WPA/TKIP only configuration by adding CCMP-256
and GCMP-256 to the list of allowed ciphers. This is needed to allow WPS
to be enabled in AP configurations where neither CCMP-128 nor GCMP-128
are enabled.
Jouni Malinen [Fri, 1 Dec 2017 23:16:17 +0000 (01:16 +0200)]
DPP: Indicate to upper layers whether mutual authentication was used
DPP Responder selects whether mutual authentication is used. This commit
adds information about that selection to upper layers (ctrl_iface event
DPP-AUTH-DIRECTION mutual=<0/1>) on the Initiator side.
Jouni Malinen [Fri, 1 Dec 2017 22:38:12 +0000 (00:38 +0200)]
DPP: Change Authentication Response retry time to 1 second
The previously used 10 second timer did not really make much sense since
the Initiator is not going to be waiting for the response that long.
Change this to 1 second based on the DPP tech spec change.
This nl80211 attribute uses NLA_U8 policy in cfg80211 and wpa_supplicant
needs to use same size when writing the attribute.
This fixes mesh mode regression triggered by kernel commit "net:
netlink: Update attr validation to require exact length for some types"
in v4.15-rc1 that resulted in the following debug log entry when trying
to join a mesh:
nl80211: mesh join failed: ret=-22 (Invalid argument)
Fixes: 6c1664f6051f ("nl80211: Add new commands to support mesh interfaces") Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 1 Dec 2017 18:22:44 +0000 (20:22 +0200)]
nl80211: Fix NL80211_ATTR_SMPS_MODE encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and
hostapd/wpa_supplicant needs to use same size when writing the
attribute.
This fixes AP mode regression triggered by kernel commit "net: netlink:
Update attr validation to require exact length for some types" in
v4.15-rc1 that resulted in the following debug log entry when trying to
enable beaconing:
nl80211: Beacon set failed: -34 (Numerical result out of range)
Krishna Rao [Fri, 24 Nov 2017 09:26:16 +0000 (14:56 +0530)]
Add QCA vendor command and attributes for RROP
Add QCA vendor command and attributes for vendor specific Representative
RF Operating Parameter (RROP) information. This information is intended
for optional use by external ACS. It provides guidance values for some
RF parameters that are used by the system during operation, so that
external ACS can utilize these to compare between channels, bands, etc.
Jouni Malinen [Thu, 30 Nov 2017 10:56:24 +0000 (12:56 +0200)]
tests: Make dpp_auth_req_retries* more reliable
These test cases were failing when run immediately after
dpp_pkex_test_fail. It looks like timing of the TX status and the short
eloop wait were getting reordered in this cases. This ended up with some
of the DPP-TX-STATUS event messages missing. Instead of explicitly
checking for those message, simply count the number of DPP-TX messages
to verify that the correct number of retries are being sent.
Jouni Malinen [Thu, 30 Nov 2017 10:42:58 +0000 (12:42 +0200)]
nl80211: Use consistent "0x" prefix for the cookie values
One of the event message for TX status was missing 'x' from the "0x"
prefix. Add that to make the used format consistent for all cookie debug
print cases.
Jouni Malinen [Wed, 29 Nov 2017 22:11:22 +0000 (00:11 +0200)]
DPP: Call wpas_dpp_stop() from wpas_dpp_deinit()
This makes the full DPP deinit operation more consistent with stopping
of a single operation. In practice, this adds the new GAS client
stopping functionality.
Jouni Malinen [Wed, 29 Nov 2017 19:40:31 +0000 (21:40 +0200)]
DPP: Do not continue if public key hash derivation fails
sha256_vector() result was ignored apart from printing out the failure
in the debug log. This is not really a normal case and it is better to
reject the full operation rather than try to continue with an incorrect
public key hash value.
Jouni Malinen [Wed, 29 Nov 2017 11:22:44 +0000 (13:22 +0200)]
JSON: Fix a memory leak on an error path
If the second json_alloc_token() call failed to allocate memory,
json_parse() missed the first allocation on the error path. Assign the
root pointer earlier for that case to avoid the potential memory leak.
Jouni Malinen [Mon, 27 Nov 2017 18:20:26 +0000 (20:20 +0200)]
DPP: Do not process dpp_auth_ok_on_ack multiple times
An additional TX status callback could result in processing the DPP
authentication completion another time at least with hostapd. Fix this
by clearing the dpp_auth_ok_on_ack when processing it.
Jouni Malinen [Mon, 27 Nov 2017 11:48:40 +0000 (13:48 +0200)]
DPP: Ignore GAS server status callback for unknown response
It was possible for a timeout from an old GAS server operation to
trigger DPP configuration failure during the subsequent DPP operation.
Fix this by verifying that the status callback is for the response
generated during the same DPP Authentication/Configuration exchange.
Jouni Malinen [Mon, 27 Nov 2017 10:43:40 +0000 (12:43 +0200)]
DPP: Add DPP_CONFIGURATOR_SIGN support to hostapd
Configurator signing its own Connector was previously supported only in
wpa_supplicant. This commit extends that to hostapd to allow an AP
acting as a Configurator to self-configure itself.
Jouni Malinen [Mon, 27 Nov 2017 11:22:32 +0000 (13:22 +0200)]
DPP: Move hostapd Configurator/bootstrap data into global context
This moves the Configurator and Bootstrapping Information data from
struct hostapd_data (per-BSS) to struct hapd_interfaces (per-hostapd
process). This allows the information to be maintained over interface
restarts and shared between interfaces.
Jouni Malinen [Sun, 26 Nov 2017 15:41:22 +0000 (17:41 +0200)]
DPP: Auto-generate Initiator bootstrapping info if needed
Instead of using the all-zeros Initiator Bootstrapping Key Hash when no
local bootstrapping key is configuref for the Initiator, automatically
generate a temporary bootstrapping key for the same curve that the
Responder uses. If the Responder indicates that it wants to do mutual
authentication, provide the URI for the auto-generated bootstrapping key
in the DPP-RESPONSE-PENDING event for upper layers to display the QR
Code.
Jouni Malinen [Sun, 26 Nov 2017 11:27:25 +0000 (13:27 +0200)]
tests: Split ap_vht160 into two test cases (ap_vht160 and ap_vht160b)
These VHT160 with DFS cases were in a single test case to optimize test
execution time with parallel wait for the 60 second CAC. However, this
design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Jouni Malinen [Sun, 26 Nov 2017 10:57:27 +0000 (12:57 +0200)]
tests: Split dfs_radar into two test cases (dfs_radar1 and dfs_radar2)
These DFS radar detection cases were in a single test case to optimize
test execution time with parallel wait for the 60 second CAC. However,
this design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Sriram R [Mon, 20 Nov 2017 12:48:41 +0000 (18:18 +0530)]
nl80211: Filter global events based on wiphy
Avoid same interface processing nl80211 events when at least one of
IFIDX, WDEV, or WIPHY index attribute is available in the nl80211 event
message.
Previously, a same interface processes events when ifidx and wdev id
attribute were not available in the nl80211 message. This is extended to
check the presence of wiphy index attribute as well since some radar
notifications include only WIPHY index attrbute in the nl80211 message.
Signed-off-by: Sriram R <srirrama@qti.qualcomm.com>
Lubomir Rintel [Mon, 16 Oct 2017 07:32:47 +0000 (09:32 +0200)]
tests: Enable dynamic debugging for mac80211_hwsim
mac80211_hwsim module typically dumps a lot of details into the kernel
message buffer. While it's probably okay in a dedicated VM, it's way too
chatty in other setups.
The kernel allows fine-tuning logging via the dynamic debugging
facility. Let's enable all logging locations in the mac80211_hwsim
module so that we don't loose debugging output when the kernel adopts
the dynamic debug mechanism for the driver.
Jouni Malinen [Fri, 24 Nov 2017 10:21:18 +0000 (12:21 +0200)]
FILS: Do not leave error value in left counter
If fils_decrypt_assoc() were to fail on the AP side, the previous
implementation could have continued through the response generation
using left = -1. That could have resulted in unexpected processing if
this value were to be used as the length of the remaining (unencrypted)
IEs. Fix this by not updating left in the failure case.
Fixes: 78815f3dde6e ("FILS: Decrypt Association Request elements and check Key-Auth (AP)") Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 24 Nov 2017 10:13:26 +0000 (12:13 +0200)]
WPA: Check wpa_eapol_key_mic() result on TX
Verify that nothing unexpected happened with EAPOL-Key Key MIC
calculation when transmitting EAPOL-Key frames from the Authenticator.
This should not be able to happen in practice, but if if it does, there
is no point in sending out the frame without the correct Key MIC value.
Jouni Malinen [Thu, 23 Nov 2017 18:20:39 +0000 (20:20 +0200)]
DPP: Fix error return value in dpp_auth_conf_rx()
Commit 03abb6b5416d472d473c7017802236f8397d0278 ('DPP: Reject unexpected
Req/Resp message based on Auth/PKEX role') used incorrect type of error
value (NULL vs. -1). Fix that.
Hu Wang [Wed, 25 Oct 2017 11:51:09 +0000 (19:51 +0800)]
hostapd: Disassoc STA without WPA/RSN IE if AP proto is WPA/RSN
With the AP proto configured being WPA/RSN and SME in the
driver, the previous implementation in hostapd is to not
process hostapd_notif_assoc() due to "No WPA/RSN IE from STA",
if the (Re)Association Request frame is without the WPA/RSN IEs.
Enhance that to disassociate such station provided the AP is not using
WPS.
hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STA
This allows external applications to get event indication for Probe
Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on
per-request basis. For example, user has to send ctrl iface cmd "ATTACH
probe_rx_events=1" to enable the Probe Request frame events.
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
Jouni Malinen [Thu, 23 Nov 2017 11:08:45 +0000 (13:08 +0200)]
DPP: Fix number of Authentication Request retry cases
Previous implementation did not handle number of sequences correctly.
Make sure the iteration continues in both unicast and broadcast cases
until the five attempts have been made. In addition, improve timing by
checking 10 second time from the beginning of each iteration round and
not the last channel on which the Auth Req frame has been transmitted.
Jouni Malinen [Wed, 22 Nov 2017 22:42:20 +0000 (00:42 +0200)]
DPP: Take response wait time into account for init retries
Previously, the Authentication Request frame was retried after 2+10 = 12
seconds since the wait for the response was not accounted for. Substract
that wait from the 10 second wait time to start the retries more quickly
based on the 10 second timer described in the tech spec.
Jouni Malinen [Wed, 22 Nov 2017 22:22:13 +0000 (00:22 +0200)]
DPP: Stop Authentication Request attempts if no response after ACK
If unicast Authentication Request frame is used and the peer ACKs such a
frame, but does not reply within the two second limit, there is no need
to continue trying to retransmit the request frames since the peer was
found, but not responsive.
Jouni Malinen [Wed, 22 Nov 2017 19:04:41 +0000 (21:04 +0200)]
DPP: Add akm=sae and akm=psk+sae support in Enrollee role
This allows DPP to be used for enrolling credentials for SAE networks in
addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK
and FT-SAE cases automatically.
Jouni Malinen [Wed, 22 Nov 2017 13:54:35 +0000 (15:54 +0200)]
DPP: Retry PKEX Exchange Request frame up to five times
Retransmit the PKEX Exchange Request frame if no response from a peer is
received. This makes the exchange more robust since this frame is sent
to a broadcast address and has no link layer retries.
Jouni Malinen [Sun, 19 Nov 2017 14:02:07 +0000 (16:02 +0200)]
tests: Fix ap_cipher_tkip_countermeasures_sta2
hostapd implementation was changed to use a valid Status Code when
rejecting the connection. This test case was forgotten at the time, but
it needs a matching change to allow the new value (1 instead of 14).
Jouni Malinen [Sat, 18 Nov 2017 15:08:11 +0000 (17:08 +0200)]
Stronger GTK derivation routine
If the build include SHA384, use that to derive GTK from GMK. In
addition, add more random bytes bytes to the PRF-X() context data for
longer GTK to reduce dependency on the randomness of the GMK.
GMK is 256 bits of random data and it was used with SHA256, so the
previous design was likely sufficient for all needs even with 128 bits
of additional randomness in GTK derivation. Anyway, adding up to 256
bits of new randomness and using SHA384 can be helpful extra protection
particularly for the cases using GCMP-256 or CCMP-256 as the group
cipher.
Jouni Malinen [Sat, 18 Nov 2017 11:22:17 +0000 (13:22 +0200)]
DPP: Fix dpp_test_gen_invalid_key() with BoringSSL
Unlike OpenSSL, BoringSSL returns an error from
EC_POINT_set_affine_coordinates_GFp() is not on the curve. As such, need
to behave differently here depending on which library is used.
Jouni Malinen [Sat, 18 Nov 2017 10:19:43 +0000 (12:19 +0200)]
DPP: Build bootstrapping key DER encoding using custom routine
While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use
the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem
to work with BoringSSL. Since this is not exactly robust design, replace
use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules
on SubjectPublicKeyInfo (compressed format of the public key,
ecPublicKey OID, parameters present and indicating the curve by OID).
Jouni Malinen [Sat, 18 Nov 2017 10:14:21 +0000 (12:14 +0200)]
DPP: Use a helper function to DER encode bootstrapping key
This routine was previously implemented twice using i2d_EC_PUBKEY().
There is no need to duplicate that implementation and especially since
it looks like this implementation needs to be replaced for BoringSSL,
start by using a shared helper function for both locations so that there
is only a single place that uses i2d_EC_PUBKEY() to build the special
DPP bootstrapping key DER encoding.
Jouni Malinen [Fri, 17 Nov 2017 19:03:04 +0000 (21:03 +0200)]
BoringSSL: Add AES support with 192-bit keys
BoringSSL restored the previously removed AES-192 ECB support in ("Add
AES-192 ECB.") commit. Since this is needed for DPP with the P-384
curve, restore support for this through EVP_aes_192_ecb().
projects / thirdparty / hostap.git / log
