Aloka Dixit [Tue, 27 Jul 2021 23:42:26 +0000 (16:42 -0700)]
RNR: Do not allow FILS Discovery and unsolicited Probe Response simultaneously
Reduced neighbor report has a field to indicate whether unsolicited
Probe Response transmission is active. Add a check to return failure if
both FILS discovery and unsolicited Probe Response are enabled at the
same time to ensure that RNR includes valid data.
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
RNR: Allow Probe Response frame for a colocated 6 GHz AP
When a Probe Request frame from a station includes an SSID matching that
of a co-located 6 GHz AP, AP should respond with a Probe Response frame
that includes Reduced Neighbor Report element containing information
regarding the requested BSS.
Signed-off-by: Muna Sinada <msinada@codeaurora.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
Aloka Dixit [Tue, 27 Jul 2021 23:42:24 +0000 (16:42 -0700)]
RNR: Update Beacon frames for 6 GHz colocation
Update 2.4/5 GHz Beacon frames every time Beacon frames for co-located 6
GHz AP(s) are set. This is required for 6 GHz out-of-band discovery so
that lower band Beacon frames will include RNR element with 6 GHz AP
information irrespective of the AP bring-up order. Similarly, RNR is
included in FILS Discovery frames by default in 6 GHz-only mode,
updating the Beacon frames will remove it when co-located 2.4/5 GHz
interfaces are brought up.
This change also ensures that the changes in 6 GHz AP configuration such
as new channel and bandwidth get reflected in the lower bands Beacon
frames.
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
John Crispin [Tue, 27 Jul 2021 23:42:22 +0000 (16:42 -0700)]
RNR: Additions for a 6 GHz AP
Include Reduced Neighbor Report element in Beacon and Probe Response
frames by default if the reporting AP is 2.4/5 GHz and it is co-located
with a 6 GHz AP. Similarly, include RNR by default in FILS Discovery
frames if the AP is a standalone 6 GHz AP.
Signed-off-by: John Crispin <john@phrozen.org> Co-developed-by: Aloka Dixit <alokad@codeaurora.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
John Crispin [Tue, 27 Jul 2021 23:42:21 +0000 (16:42 -0700)]
RNR: Add co-located BSSes
Calculate the length and include data for the BSSes active on the same
radio as the reporting BSS in the Reduced Neighbor Report element. This
element is included in Beacon and Probe Response frames.
Signed-off-by: John Crispin <john@phrozen.org> Co-developed-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org> Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org> Co-developed-by: Muna Sinada <msinada@codeaurora.org> Signed-off-by: Muna Sinada <msinada@codeaurora.org> Co-developed-by: Aloka Dixit <alokad@codeaurora.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
John Crispin [Tue, 27 Jul 2021 23:42:20 +0000 (16:42 -0700)]
RNR: Add data from neighbor database
Include data from the existing neighbor database in the Reduced Neighbor
Report element in Beacon frames if the configuration option 'rnr' is
enabled for the BSS.
Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Muna Sinada <msinada@codeaurora.org> Co-developed-by: Aloka Dixit <alokad@codeaurora.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
Jouni Malinen [Mon, 8 Nov 2021 21:42:02 +0000 (23:42 +0200)]
Share a common error path for SET_NEIGHBOR control interface command
Instead of constructing a custom error handler freeing the same set of
allocated memory areas on various error cases, share the success path
freeing implementation for the error cases as well.
John Crispin [Tue, 27 Jul 2021 23:42:17 +0000 (16:42 -0700)]
RNR: Add bss_parameters to the neighbor_db
Add a new field to include BSS Parameter subfield in the neighbor
database as described in IEEE Std 802.11ax-2021, Figure 9-632a (BSS
Parameters subfield format). This field holds information related to
multiple BSSID, access point co-location, and 20 TU probe response
active/inactive state.
Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
Vinay Gannevaram [Thu, 28 Oct 2021 17:51:00 +0000 (23:21 +0530)]
Update AKMP and proto for driver-based SME while roaming
After roaming to a new AP using driver-based SME and roaming trigger,
AKMP and proto were not updated in wpa_sm. Hence, update AKMP and proto
used with roamed AP when association event received from the driver in
SME offloaded to the driver scenario to avoid incorrect AKMP details in
wpa_supplicant similarly to how the cipher suite updates were added in
commit 2b3e64a0fb5f ("Update ciphers to address GTK renewal failures
while roaming") .
Jouni Malinen [Wed, 3 Nov 2021 14:02:07 +0000 (16:02 +0200)]
OpenSSL: Fix build with OpenSSL 1.0.2
OpenSSL 1.0.2 did not define the 'bytes' argument to
X509_NAME_add_entry_by_NID() to be const like it did for the previously
used X509_NAME_add_entry_by_txt(). Add a backwards compatible version of
this call to avoid compilation issues.
Fixes: d51939f2c4b5 ("DPP: Move CSR routines to use crypto.h") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Cedric Izoard [Fri, 29 Oct 2021 09:05:33 +0000 (11:05 +0200)]
tests: Fix DPP test cases for BoringSSL
When checking DPP capabilities the Brainpool flag was not always set
when needed, leading to run a test with the Brainpool curves not
supported by BoringSSL.
Use a short form for the DER length of EC privateKey with NIST P-521
curve. Indeed BoringSSL returns an error when parsing DER sequence 30 81
50 ... because the length 81 50 could have been encoded as 50 and
according comment in BoringSSL:
ITU-T X.690 section 10.1 (DER length forms) requires encoding the
length with the minimum number of octets.
Cedric Izoard [Fri, 29 Oct 2021 09:05:32 +0000 (11:05 +0200)]
DPP: Replace dpp_bootstrap_key_der() with crypto_ec_key_get_subject_public_key()
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().
The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.
Cedric Izoard [Fri, 29 Oct 2021 09:05:31 +0000 (11:05 +0200)]
DPP: Use ECDH from crypto.h
Use crypto.h API to implement ECDH in DPP. This needs a new
initialization function in crypto.h to initialize an ECDH with a given
EC key.
Using crypto_ecdh_set_peerkey() to generate the ECDH secret in an
intermediate and dynamically allocated buffer removed the need for the
DPP-specific workaround for inconsistent length returned by
EVP_PKEY_derive() since that crypto_ecdh_set_peerkey() implementation
already had functionality for covering the changing secret_len value
from commit d001fe31ab0a ("OpenSSL: Handle EVP_PKEY_derive() secret_len
changes for ECDH").
Cedric Izoard [Fri, 29 Oct 2021 09:05:30 +0000 (11:05 +0200)]
OpenSSL: Clear the correct flag in crypto_ec_key_get_ecprivate_key()
In case the public key was not included in the EC private key ASN.1
sequence, the flag that was cleared was not the right one. Fix this by
using EC_KEY_set_enc_flags() for both setting and clearing the
EC_PKEY_NO_PUBKEY flag instead of trying to clear that with the
unrelated EC_KEY_clear_flags() function.
Masashi Honma [Sun, 31 Oct 2021 23:03:37 +0000 (08:03 +0900)]
Ignore CONFIG_WIFI_DISPLAY without CONFIG_P2P
Wi-Fi Display functionality needs P2P to be enabled. Ignore
CONFIG_WIFI_DISPLAY if CONFIG_P2P is not enabled for the build. This
avoids following compilation issue with invalid build configuration:
../src/ap/ap_drv_ops.c: In function 'hostapd_build_ap_extra_ies':
../src/ap/ap_drv_ops.c:163:10: error: 'struct hostapd_data' has no member named 'p2p_group'
163 | if (hapd->p2p_group) {
| ^~
../src/ap/ap_drv_ops.c:165:35: error: 'struct hostapd_data' has no member named 'p2p_group'
165 | a = p2p_group_assoc_resp_ie(hapd->p2p_group, P2P_SC_SUCCESS);
| ^~
Masashi Honma [Sun, 31 Oct 2021 23:03:37 +0000 (08:03 +0900)]
Fix compiler error on CONFIG_AP without CONFIG_P2P builds
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/ap.o: in function `wpas_conf_ap_he_6ghz':
/home/honma/git/hostap/wpa_supplicant/ap.c:245: undefined reference to `wpas_p2p_get_sec_channel_offset_40mhz'
Fixes: e5173e8b12a8 ("P2P: Enable multiple channel widths for P2P in 6 GHz band") Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Masashi Honma [Wed, 27 Oct 2021 01:10:57 +0000 (10:10 +0900)]
wolfSSL: Fix a link error when WPS NFC is disabled
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/src/wps/wps.o: in function `wps_deinit':
/home/honma/git/hostap/wpa_supplicant/../src/wps/wps.c:184: undefined reference to `dh5_free'
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/src/wps/wps_common.o: in function `wps_derive_keys':
/home/honma/git/hostap/wpa_supplicant/../src/wps/wps_common.c:83: undefined reference to `dh5_derive_shared'
/usr/bin/ld: /home/honma/git/hostap/wpa_supplicant/../src/wps/wps_common.c:84: undefined reference to `dh5_free'
/usr/bin/ld: /home/honma/git/hostap/build/wpa_supplicant/src/wps/wps_attr_build.o: in function `wps_build_public_key':
/home/honma/git/hostap/wpa_supplicant/../src/wps/wps_attr_build.c:68: undefined reference to `dh5_free'
/usr/bin/ld: /home/honma/git/hostap/wpa_supplicant/../src/wps/wps_attr_build.c:69: undefined reference to `dh5_init'
collect2: error: ld returned 1 exit status
make: *** [Makefile:1892: wpa_supplicant] Error 1
Cedric Izoard [Mon, 28 Jun 2021 16:25:25 +0000 (18:25 +0200)]
DPP: Use crypto_ec_key_get_subject_public_key() when possible
Keep the locally defined ASN.1 sequence DPP_BOOTSTRAPPING_KEY for now to
avoid losing a workaround for BoringSSL from commit 746c1792ac28 ("DPP:
Build bootstrapping key DER encoding using custom routine").
Cedric Izoard [Mon, 28 Jun 2021 16:25:35 +0000 (18:25 +0200)]
DPP: Remove direct call to OpenSSL in dpp_test_gen_invalid_key()
Instead of generating EC point with random coordinates, generate a
valid EC point and then corrupt the coordinates after exporting them
in binary format.
Cedric Izoard [Mon, 28 Jun 2021 16:25:33 +0000 (18:25 +0200)]
DPP: Use crypto_ec_key_group() to compare EC key's group
Remove one more direct call to OpenSSL using crypto_ec_key_group() to
compare group of c-sign-key and ppKey when creating Configurator from
backup data.
Cedric Izoard [Mon, 28 Jun 2021 16:25:28 +0000 (18:25 +0200)]
DPP: Update PKEX part to use crypto.h API
Rewrite EC point/bignum computation done in PKEX protocol using EC
point/bignum primitives already defined in crypto.h and couple of small
new helper functions.
Cedric Izoard [Mon, 28 Jun 2021 16:25:26 +0000 (18:25 +0200)]
DPP: Use crypto_ec_key_parse_pub() in dpp_get_subject_public_key()
The extra validation steps through the OpenSSL X509 API are not really
necessary here and they most duplicate checks that happen implicitly
within d2i_PUBKEY() and the EVP_PKEY_get0_EC_KEY() checks in
crypto_ec_key_parse_pub().
Cedric Izoard [Mon, 28 Jun 2021 16:25:24 +0000 (18:25 +0200)]
DPP: Move dpp_set_pubkey_point_group() to crypto.h
Move code of dpp_set_pubkey_point_group() into crypto.h API. This
function initializes an EC public key using coordinates of the EC point
in binary format.
Cedric Izoard [Mon, 28 Jun 2021 16:25:19 +0000 (18:25 +0200)]
OpenSSL: Use EVP_PKEY as struct crypto_ec_key
Remove definition of struct crypto_ec_key and directly cast struct
crypto_ec_key * to EVP_PKEY * (and vice versa).
Indeed EVP_PKEY already has a pointer to EC_KEY and removing this
intermediate structure allows smoother transition in removing direct
OpenSSL dependency in DPP.
Hu Wang [Mon, 25 Oct 2021 10:58:38 +0000 (16:28 +0530)]
SAE: Fix sm->cur_pmksa assignment
Commit b0f457b6191 ("SAE: Do not expire the current PMKSA cache entry")
depends on sm->cur_pmksa to determine if it is the current PMKSA cache
entry, but sm->cur_pmksa was not always correct for SAE in the current
implementation.
Set sm->cur_pmksa in wpa_sm_set_pmk() (which is used with SAE), and skip
clearing of sm->cur_pmksa for SAE in wpa_find_assoc_pmkid(). This latter
case was added by commit c2080e8657f8 ("Clear current PMKSA cache
selection on association/roam") for driver-based roaming indication and
Suite B, so skipping it for SAE should be fine.
Add QCA vendor attribute to configure priority of vendor scan
Add the attribute QCA_WLAN_VENDOR_ATTR_SCAN_PRIORITY to configure the
priority of vendor scan relative to other scan requests. Add the valid
values that this attribute can take.
xinpeng wang [Tue, 14 Sep 2021 05:09:20 +0000 (13:09 +0800)]
Fix handling of complex configuration lines with mixed "" and #
The original code wants to remove # comments unless they are within a
double quoted string, but it doesn’t consider the "" after #, for
example in the following line: a=b #"a=c"
Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com>
xinpeng wang [Mon, 13 Sep 2021 09:14:15 +0000 (17:14 +0800)]
eloop: Extend overflow check in eloop_register_timeout() to cover usec
Processing of usec could result in an additional +1 increment to sec and
that might overflow. Extend the previously used overflow check to cover
this special case as well.
Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com>
David Bauer [Wed, 6 Oct 2021 00:21:46 +0000 (02:21 +0200)]
WNM: Allow specifying dialog token for BSS transition request
Adds the ability to specify the dialog token of a WNM BSS Transition
Management Request frame via the hostapd control interface.
For this, the new 'dialog_token' option can be used with the BSS_TM_REQ
command. It accepts values as an 8 bit unsigned integer. If not
specified, the dialog token is set to 1 like before.
Jouni Malinen [Mon, 18 Oct 2021 21:23:09 +0000 (00:23 +0300)]
DPP2: Do not try to remove Controller TCP connection twice on error
These code paths on the Controller were calling dpp_connection_remove()
twice for the same connection in the error cases. That would result in
double-freeing of the memory, so fix this by remove the
dpp_connection_remove() call from the called function and instead,
remove the connection in dpp_controller_rx() error handling.
Jouni Malinen [Mon, 18 Oct 2021 21:04:46 +0000 (00:04 +0300)]
DPP2: Clean up Controller on hostapd interface removal
Stop the DPP Controller instance, if one is started, when the hostapd
interface that was used to start that Controller is removed. This is
needed to remove the control pointers that point to the soon-to-be-freed
hostapd structures. This fixes an issue where a Controller operation
with multiple interfaces could have resulted in references to freed
memory if an interface is removed without explicitly stopping the DPP
Controller.
David Bauer [Wed, 6 Oct 2021 00:21:05 +0000 (02:21 +0200)]
proxyarp: Fix compilation with Hotspot 2.0 disabled
The disable_dgaf config field is only available in case hostapd is
compiled with Hotspot 2.0 support (CONFIG_HS20=y), however Proxy-ARP
(CONFIG_PROXYARP=y) does not depend on Hotspot 2.0.
Only add the code related to this config field when Hotspot 2.0 is
enabled to fix compilation with the aformentioned preconditions.
Jouni Malinen [Mon, 18 Oct 2021 17:02:35 +0000 (20:02 +0300)]
SAE: Do not expire the current PMKSA cache entry
There is no convenient mechanism for reauthenticating and generating a
new PMK during an association with SAE. As such, forced PMK update would
mean having to disassociate and reauthenticate which is not really
desired especially when the default PMKLifetime is only 12 hours.
Postpone PMKSA cache entry expiration of the currently used entry with
SAE until the association is lost. In addition, do not try to force the
EAPOL state machine to perform reauthentication for SAE since that won't
work.
Kees Cook [Tue, 12 Oct 2021 18:28:31 +0000 (11:28 -0700)]
wpa_supplicant: Try all drivers by default
Some distros carry patches to specify driver fallback, but only in
specific conditions (e.g. the systemd service definition[1]). This leaves
other wpa_supplicant instances needing to define fallback themselves,
which leads to places where wpa_supplicant thinks it can't find a
driver[2]. Instead, when -D is not specified, have wpa_supplicant try
all the drivers it was built with in an attempt to find a working one
instead of just giving up if the first doesn't work.
Add support to reconfigure or flush PMKSA cache on interface enable
Update PMKSA cache when interface is disabled and then enabled based on
the new MAC address. If the new MAC address is same as the previous MAC
address, the PMKSA cache entries are valid and hence update the PMKSA
cache entries to the driver. If the new MAC address is not same as the
previous MAC address, the PMKSA cache entries will not be valid anymore
and hence delete the PMKSA cache entries.
PMKSA: Make sure reauth time is not greater than expiration time
While creating a cloned PMKSA entry for OKC both expiration and
reauth_time values are set to maximum values, but later only the
expiration time is copied from the old PMKSA entry to the new PMKSA
entry. Due to this there is a possibility of reauth_time becoming
greater than expiration time in some cloned entries. To avoid this copy
reauth_time also to the cloned entry.
Also, add check to reject control interface commands with reauth time
greater than expiration time.
Jouni Malinen [Thu, 14 Oct 2021 13:28:02 +0000 (16:28 +0300)]
wlantest: Fix PMK length and passphrase-based key derivation for FT
The change to support variable length PMK in wlantest missed couple of
places where the PMK length did not get used or set properly. In
particular, this ended up breaking FT key derivation for the case where
a passphrase was used to derive a potential per-BSS PMK. Fix this by
setting and using the PMK length properly.
Replaced the word "sanity" with the inclusive word "validity". The
comment in acs_survey_interference_factor() was referring a function
that does not exist, so remove it instead of trying rename the function.
Hu Wang [Thu, 30 Sep 2021 06:37:24 +0000 (12:07 +0530)]
HE: Disable HE in hostapd_set_freq_params() if driver does not support
Existing logic to disable HE in hostapd_set_freq_params() is to check
he_cap != NULL, but this is not correct as he_cap is defined as a stack
member of hostapd_hw_modes which can't be NULL. Add one more check
!he_cap->he_supported to make sure HE can be disabled if the driver not
support it.
This fixes a case where a driver does not support HE, but hostapd.conf
enables HE/HT40 on the 2.4 GHz band and hostapd failed to start with
error '40 MHz channel width is not supported in 2.4 GHz'.
Add a QCA vendor attribute to indicate agile spectral scan support for
320 MHz mode. Add another attribute to indicate the number of detectors
used for spectral scan in 320 MHz mode.
Update ciphers to address GTK renewal failures while roaming
After roaming from WPA2-AP (group=CCMP) to WPA-AP (group=TKIP) using
driver-based SME and roaming trigger, GTK renewal failures are observed
for the currently associated WPA-AP because of group cipher mismatch,
resulting in deauthentication with the AP.
Update the group cipher and pairwise cipher values in wpa_sm from
association event received from the driver in case of SME offload to the
driver to address GTK renewal failures (and similar issues) that could
happen when the driver/firmware roams between APs with different
security profiles.
P2P: Make p2p_check_pref_chan_no_recv() easier for static analyzers
Add an explicit check for msg->channel_list != NULL instead of depending
on msg->channel_list_len > 0 implying that. This is to silence invalid
static analyzer reports.
Support vendor element configuration for AP mode from wpa_supplicant
Support adding/deleting vendor elements dynamically for AP mode while it
is started by wpa_supplicant instead of hostapd which already supported
this. This adds ap_assocresp_elements global parameter and UPDATE_BEACON
control interface command to take the changed values into effect.
Usage in wpa_cli:
Add vendor IE for (Re)Association Response frames
> set ap_assocresp_elements=xxxx
Add vendor IE for Beacon/Probe Response frames
> set ap_vendor_elements=xxxx
Delete vendor IE from (Re)Association Response frames
> set ap_assocresp_elements
Delete vendor IE from Beacon/Probe Response frames
> set ap_vendor_elements
To make vendor IE changes take effect
> update_beacon
projects / thirdparty / hostap.git / log
