OpenSSL: Allow systemwide secpolicy overrides for TLS version
Explicit configuration to enable TLS v1.0 and/or v1.1 did not work with
systemwide OpenSSL secpolicy=2 cases (e.g., Ubuntu 20.04). Allow such
systemwide configuration to be overridden if the older TLS versions have
been explicitly enabled in the network profile. The default behavior
follows the systemwide policy, but this allows compatibility with old
authentication servers without having to touch the systemwide policy.
Jouni Malinen [Tue, 25 Aug 2020 13:10:41 +0000 (16:10 +0300)]
DPP2: Support QR mutual auth scan-during-auth-exchange (hostapd)
Extend DPP authentication session search for the DPP_QR_CODE command to
cover the ongoing exchanges in Controller/Responder. This was previously
done for wpa_supplicant, but not for hostapd, so complete this support
on the hostapd side.
These were not really used anymore since the AP/Relay case did not set
msg_ctx or process_conf_obj in the global DPP context. Get the
appropriate pointers more directly from the more specific data
structures instead and remove these global values.
Jouni Malinen [Tue, 25 Aug 2020 12:53:08 +0000 (15:53 +0300)]
DPP2: Controller support in hostapd
Extend hostapd support for DPP Controller to cover the DPP_CONTROLLER_*
cases that were previously implemented only in wpa_supplicant. This
allows hostapd/AP to be provisioned using DPP over TCP.
Firmware statistics are received in the driver as opaque data. The host
target needs to send this opaque data to userspace wifistats
application. This new event is used to transfer this opaque data to the
application.
Jouni Malinen [Mon, 24 Aug 2020 20:41:13 +0000 (23:41 +0300)]
dpp-nfc: Start listen operation more completely for NFC Tag write cases
Share the same setup steps from the negotiated connection handover to
fix issues with NFC Tag write cases in AP mode. This addresses issues in
the AP mode DPP listen operation not actually receiving anything when
the write-a-tag code path was used.
Jouni Malinen [Sat, 22 Aug 2020 11:00:34 +0000 (14:00 +0300)]
Fix EAPOL-Key msg 1/4 processing in a corner case
If reassoc_same_bss_optim=1 is used to optimize reassociation back to
the same BSS, it was possible for sm->pmk_len to be 0 due to a
disconnection event getting processed after sending out the
reassociation request. This resulted in wpa_sm_rx_eapol() calling
wpa_mic_len() with incorrect PMK length when PMKSA caching was being
attempted. That resulted in incorrect mic_len getting determined and not
finding the correct Key Data Length field value. This could result in
failing to complete 4-way handshake successfully.
Fix this by updating the current PMK length based on the selected PMKSA
cache entry if sm->pmk_len is not set when processing EAPOL-Key msg 1/4.
OWE: Do not add DH Params element in AssocResp with PMKSA caching
As per RFC 8110 (Opportunistic Wireless Encryption), if the AP has the
PMK identified by the PMKID and wishes to perform PMK caching, it will
include the PMKID in the Association Response frame RSNE but does not
include the Diffie-Hellman Parameter element.
This was already addressed for most cases with owe_process_assoc_req()
not setting sta->owe_ecdh in case PMKSA caching is used. However, it was
possible to an old STA entry to maintain the initial sta->owe_ecdh value
if reassociation back to the same AP was used to initiate the PMKSA
caching attempt. Cover that case by adding an explicit check for the
time when the Association Response frame is being generated.
Jouni Malinen [Sat, 22 Aug 2020 09:49:05 +0000 (12:49 +0300)]
DPP2: Fix build without IEEE8021X_EAPOL
The local network profile parameters for EAP are not available without
IEEE8021X_EAPOL, so do not try to set these in builds that do not
include any EAP support.
Jouni Malinen [Sat, 22 Aug 2020 08:12:17 +0000 (11:12 +0300)]
tests: Fix wnm fuzzer build regression
Addition of MSCS support broke the test tool build due to references to
a functions from a new file. Fix this by bringing in that file to the
fuzzer build as well.
Add a new QCA vendor attribute to configure the driver/firmware to
ignore SA Query timeout. If this configuration is enabled the
driver/firmware shall not send Deauthentication frame when SA Query
times out. This is required to support STA testbed role.
Fix documentation for the test configuration attributes of FT-SAE/OCV
These vendor attributes for FT/OCV/SAE testing can be configured only
when the STA is in connected state. Update the documentation of the
attributes to reflect the same.
Fixes: 18f3f99ac467 ("Add vendor attributes to configure testing functionality for FT/OCV/SAE") Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add get_sta_info vendor attrs to get BIP failure counters for STA mode
Add support to get number of MIC errors, missing MME incidents, and
packet replay incidents observed while using IGTK/BIGTK keys when PMF
and/or beacon protection features are enabled.
These counters are applicable only for STA mode and can be fetched
through the QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor command.
Vinita S. Maloo [Wed, 5 Aug 2020 17:25:32 +0000 (22:55 +0530)]
MSCS: Parse result of MSCS setup in (Re)Association Response frames
Add support to parse the (Re)Association Response frames to check if the
AP has accepted/declined the MSCS request in response to the
corresponding (Re)Association Request frame. AP indicates the result by
setting it in the optional MSCS Status subelement of MSCS Descriptor
element in (Re)Association Response frame.
This MSCS Status subelement is defined in the process of being added
into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158).
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Jouni Malinen [Thu, 13 Aug 2020 21:11:44 +0000 (00:11 +0300)]
dpp-nfc: Fix handover client wait for receiving handover select
This was supposed to wait for up to 3.0 seconds for the handover select,
but the incorrect loop terminated ended up limiting this to a single
iteration of 0.1 second wait. This was too fast for some cases like the
AP mode operation where it may take significant time to enable the radio
for listening to DPP authentication messages.
Fix the loop to allow that full three second wait for the response to be
used. In addition, report the amount of time it takes to receive the
response.
SME: Process channel switch event in SME only when supplicant's SME is used
Do not process channel switch event in wpa_supplicant's SME when SME is
offloaded to the driver/firmware to avoid SA Query initiation from both
wpa_supplicant and the driver/firmware for the OCV case.
Derive seg0_idx and seg1_idx for 6 GHz when processing channel switch
The function hostapd_event_ch_switch() derived the seg0_idx and seg1_idx
values only for the 5 GHz and 2.4 GHz bands and the 6 GHz case ended up
using incorrect calculation based on the 5 GHz channel definitions.
Pooventhiran G [Wed, 8 Jul 2020 12:00:05 +0000 (17:30 +0530)]
QCA vendor command to update SSID
Add a QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_UPDATE_SSID
to update the new SSID in hostapd. NL80211_ATTR_SSID is used to encapsulate
the new SSID.
Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
ANQP: Add support to specify frequency in ANQP_GET command
Previously, wpa_supplicant fetched BSS channel info from scan results to
send ANQP Query frames. If the scan results for the specified BSS are
not available, the ANQP_GET command request was getting rejected.
Add support to send ANQP Query frame on the specified frequency without
requiring the scan results to be available.
The control interface command format:
- ANQP_GET <dst_addr> [freq=<freq in MHz>] <Query ID1>[,<Query ID2>,..]
GAS: Update source MAC address on preassoc_mac_addr randomization
The GAS query source MAC address was not getting updated correctly when
preassoc_mac_addr is enabled. Fix this by copying the current MAC
address to the GAS query source address.
SAE-PK: Check psk param also to look for SAE-PK acceptable BSS
SAE-PK password can be set using psk parameter also in case of mixed
SAE+PSK networks, so look for acceptable SAE-PK BSS when SAE password
not set and psk parameter meets SAE-PK password criteria.
Vamsi Krishna [Mon, 3 Aug 2020 12:34:06 +0000 (18:04 +0530)]
Add channel TX/RX times to QCA vendor interface of LL stats
Currently the driver/firmware indicates CCA busy time which includes own
TX and RX time and as such, does not allow the CCA busy time due to
other nodes to be computed. Add separate statistics to indicate own
radio TX time and own radio RX time to facilitate userspace applications
to compute CCA busy time because of traffic unintended to this device.
All QCA_WLAN_VENDOR_ATTR_LL_STATS_CHANNEL_* attributes are also nested
within QCA_WLAN_VENDOR_ATTR_LL_STATS_CH_INFO, not only
QCA_WLAN_VENDOR_ATTR_LL_STATS_CHANNEL_INFO* attributes in the current
implementation. Fix QCA_WLAN_VENDOR_ATTR_LL_STATS_CH_INFO documentation
accordingly.
Sunil Dutt [Thu, 6 Aug 2020 14:57:14 +0000 (20:27 +0530)]
Enhancements to the TWT attributes/parameters (vendor command)
This commit does the following enhancements to the TWT interface:
Corrects the documentation for QCA_WLAN_TWT_SUSPEND and
QCA_WLAN_TWT_TERMINATE. Specifies that these operations carry the
parameters obtained through QCA_WLAN_VENDOR_ATTR_CONFIG_TWT_PARAMS. This
interface is very recently introduced and missed to document the same.
There are no user space or driver components using this interface yet.
Hence, enhancing/modifying the interface.
Corrects the documentation for
QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_DURATION. Mentions that the units it
represent is a multiple of 256 microseconds rather than a TU. The host
driver always interpreted this as an unit in 256 microseconds and there
are no user space implementations that are impacted with this change in
the unit. Hence, modifying the documentation.
Introduces QCA_WLAN_VENDOR_ATTR_TWT_RESUME_NEXT2_TWT_SIZE, which is
similar to that of QCA_WLAN_VENDOR_ATTR_TWT_RESUME_NEXT_TWT, but carries
an offset/data of u32 size.
Introduces MAC_ADDR attribute to represent the peer for the TWT setup
and resume operations.
Jouni Malinen [Thu, 13 Aug 2020 14:05:49 +0000 (17:05 +0300)]
DPP2: Disconnect before starting reconfiguration
The offchannel operations (scan, Public Action frame TX/RX) have
significantly more latency when performed while connected, so disconnect
when requested to initiate DPP reconfiguration to avoid this. The old
network profile (i.e., likely the current connection) is going to be
replaced in practice and as such, there is no need to try continue that
association any further.
Jouni Malinen [Wed, 12 Aug 2020 14:57:21 +0000 (17:57 +0300)]
DPP: Do not interpret unknown channel as missing channel list for NFC
While the listed unknown operating class/channel number pairs need to be
ignored, that should be done in a manner than prevents the parsed
bootstrapping info from being used as if it had no channel list (i.e.,
allowing any channel) if there are no known operating class/channel
number pairs.
Jouni Malinen [Wed, 12 Aug 2020 08:52:25 +0000 (11:52 +0300)]
DPP2: Do not close TCP socket when waiting for full Auth Resp
The case where mutual authentication with QR Code bootstrapping is used
with scanning of the QR Code during the exchange resulted in the
Controller closing the TCP socket too early. Fix this by leaving the
socket open while waiting for the full Authentication Response message.
Jouni Malinen [Tue, 11 Aug 2020 20:44:48 +0000 (23:44 +0300)]
dpp-nfc: Use --altchan value in handover server
Use the alternative channel list in the handover server role when
processing an alternative proposal. This was previously done only in the
handover client role, but with the updated design, both roles act in a
similar manner for the case where the alternative channel list is
specified.
Jouni Malinen [Mon, 10 Aug 2020 20:52:11 +0000 (23:52 +0300)]
dpp-nfc: Update listen channel based on channel list when writing a tag
Do not use the hardcoded channel 1 (2412 MHz) with DPP_LISTEN if a
channel list is specified when writing an NFC Tag. Instead, pick the
first channel from that list as the listen channel.
Jouni Malinen [Mon, 10 Aug 2020 07:41:20 +0000 (10:41 +0300)]
DPP2: Support RA/CA functionality in Controller initiated case
Extend dpp_control_get_auth() to find the ongoing session for enterprise
credential provisioning in cases where the Controller/Configurator
initiated the exchange. Only the other direction was supported
previously.
Jouni Malinen [Thu, 6 Aug 2020 16:47:28 +0000 (19:47 +0300)]
DPP2: Add E-id in Reconfig Announcement
Add an encrypted Enrollee identifier into Reconfig Announcement frames
and decrypt that on the Configurator side. The actual E-id value is
currently not used for anything, but it can be used in the future to
provide better control over reconfiguration.
Jouni Malinen [Thu, 6 Aug 2020 16:47:28 +0000 (19:47 +0300)]
DPP2: Add Enrollee netAccessKey group into Reconfig Announcement
This was added to the protocol design to support cases where the
C-sign-key uses a different group than the netAccessKey. The Enrollee
now indicates its netAccessKey group in Reconfig Announcement and the
Configurator builds it own reconfig Connector using that group instead
of the group used for the C-sign-key.
Jouni Malinen [Thu, 6 Aug 2020 21:47:15 +0000 (00:47 +0300)]
SAE-PK: Allow SAE-PK password to be set using the psk parameter
Only the sae_password parameter was previously accepted for SAE-PK use.
That is not sufficient for covering mixed SAE+PSK cases. Extend this by
allowing the psk parameter to be used as well just like it can be used
for SAE without SAE-PK.
Jouni Malinen [Thu, 6 Aug 2020 20:49:19 +0000 (23:49 +0300)]
SAE-PK: Allow SAE-PK style wpa_passphrase if SAE-PK is enabled with same
This prevents use of a SAE-PK style password as the WPA-PSK passphrase
only if the same password is not also enabled through sae_password for
use with SAE-PK.
Jouni Malinen [Wed, 5 Aug 2020 14:44:32 +0000 (17:44 +0300)]
SAE-PK: Update design for fingerprint encoding into password
Update the SAE-PK implementation to match the changes in the protocol
design:
- allow only Sec values 3 and 5 and encode this as a single bit field
with multiple copies
- add a checksum character
Jouni Malinen [Mon, 3 Aug 2020 12:38:30 +0000 (15:38 +0300)]
Extend GET_PMK to check PMKSA cache on the AP
This allows the testing command GET_PMK to return a PMK in cases where
the association fails (e.g., when using SAE and getting a valid PMKSA
entry added before association) or after the association has been lost.
OCV: OCI channel override support for testing (STA)
Add override parameters to use the specified channel while populating
OCI element in EAPOL-Key group msg 2/2, FT reassoc request, FILS assoc
request and WNM sleep request frames.
Fix the documentation for QCA_WLAN_VENDOR_ATTR_CONFIG_UDP_QOS_UPGRADE
The documentation for the QCA_WLAN_VENDOR_ATTR_CONFIG_UDP_QOS_UPGRADE
attribute had incorrectly specified the value of 0 (corresponding to BE)
to disable the QoS upgrade. BK (1) is a lower priority AC compared to BE
and if BE is used to disable the upgrade, there would be no possibility
for configured UDP AC upgrade to replace BK-from-DSCP with BE. Thus,
correct this by specifying that the value of BK (1) is used to disable
this UDP AC upgrade.
Fixes: ebd5e764f99b ("Vendor attribute to configure QoS/AC upgrade for UDP frames") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
SAE-PK: Fix SAE confirm writing in some AP cases with transition mode
sae_check_confirm_pk() and sae_write_confirm_pk() were using different
checks for determining whether SAE-PK was used. It was apparently
possible to miss the checks in sae_write_confirm_pk() in some AP cases
where SAE H2E is being used. Fix this by checking sae->pk in the
write-confirm case similarly to the way this was done in check-confirm.
Debug logs did not make it clear whether the failure happens when
checking a received SAE confirm or when writing own SAE confirm. Those
cases have different checks on when to go through SAE-PK processing, so
it is useful to make this part clear in the debug log.
dpp-nfc: Improved version of HandoverServer::serve()
Fix processing of the case where no handover select is sent out and add
automatic (delayed) termination of the link on completing the handover
successfully.
dpp-nfc: Stop process after successful handover client completion
terminate_now was not being set in the only_one case with connection
handover. Set it for that case as well as the tag cases to automatically
close down the link once it is not needed anymore.
dpp-nfc: Optimize HandoverClient message receiving for alternative HR case
Use a shorter polling interval in recv_octets() to be able to send out
the alternative HR more quickly when using a single thread and handover
client. In addition, fix recv_records() to handle normal exception cases
like not receiving anything.
dpp-nfc: Reuse the same handover client for alternative URI
Postpone closing of the handover client to allow the same client to be
used for sending both handover request messages if an alternative URI
needs to be tried.
Set logging level to various upper layer nfcpy modules to enable more
detailed debugging of the actual NFC operations when requested (-d on
the command line).
Verify AES-CTR encryption implementation against the test vectors in
NIST SP 800-38a. This implementations was already tested against AES SIV
and EAX mode test vectors, but this adds more explicit testing against
published CTR mode test vectors.
dpp-nfc: Do not allow more than one alternative channel proposal
This avoids potential loops of endless alternative URI exchanges over
NFC negotiated connection handover. Only allow one such alternative
proposal and declarare the handover as a failure if another alternative
were needed.
dpp-nfc: Add test mode for negotiated connection handover
Allow all actual DPP processing steps in wpa_supplicant to be skipped by
specifying hardcoded URI values. Also allow a hardcoded crn to be
specified to force specific handover requestor/selector roles.
Rename driver op for temporarily disallowed BSSIDs
Use the "tmp_disallow" name more consistently so that both the core
wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the
wpa_driver_ops callback have more similar names.
projects / thirdparty / hostap.git / log
