Mike Siedzik [Tue, 20 Feb 2018 19:28:43 +0000 (14:28 -0500)]
mka: Do not ignore MKPDU parameter set decoding failures
The status values returned by mka_param_body_handler.body_rx functions
are currently ignored by ieee802_1x_kay_decode_mkpdu(). If a failure is
detected the KaY should (a) stop processing the MKDPU and (b) do not
update the associated peer's liveliness.
IEEE Std 802.1X-2010, Table 11-7 (MKPDU parameter sets) and 11.11.3
(Encoding MKPDUs) dictate that MKA_SAK_USE (set type 3) will always be
encoded before MKA_DISTRIBUTED_SAK (set type 4) in MKPDUs. Due to
implementation of mka_param_body_handler, the code will always decode
MKA_SAK_USE before MKA_DISTRIBUTED_SAK. When MKA_DISTRUBUTED_SAK
contains a new SAK the code should decode MKA_DISTRUBUTED_SAK first so
that the latest SAK is in known before decoding MKA_SAK_USE.
The ideal solution would be to make two passes at MKDPU decoding: the
first pass decodes MKA_DISTRIBUTED_SAK, the second pass decodes all
other parameter sets.
A simpler and less risky solution is presented here: ignore MKA_SAK_USE
failures if MKA_DISTRIBUTED_SAK is also present. The new SAK will be
saved so that the next MKPDU's MKA_SAK_USE can be properly decoded. This
is basically what the code prior to this commit was doing (by ignoring
all errors).
Also, the only real recourse the KaY has when detecting any bad
parameter set is to ignore the MKPDU by not updating the corresponding
peer's liveliness timer, 'peer->expire'.
Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
Mike Siedzik [Tue, 20 Feb 2018 19:28:42 +0000 (14:28 -0500)]
mka: Fix resource leak when detecting duplicated SCI
If a live peer ever changes its Member Identifier (MI), the KaY
correctly detects a "duplicated SCI" but then proceeds to delete the
peer without deleting the peer's resources (i.e., RxSC, RxSAs, TxSAs).
Note that a remote peer's MI will change if and when an
ieee8021XPaePortInitialize is executed on the remote port.
The solution here is to ignore all MKPDUs containing the new MI until
after the peer (that corresponds to the old MI) expires and cleans up
its resources. After the old peer is removed reception of the next MKPDU
containing the new MI will result in the creation of a new peer with the
new MI.
Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
Mike Siedzik [Tue, 20 Feb 2018 19:28:39 +0000 (14:28 -0500)]
mka: Fix lowest acceptable Packet Number (LPN) calculation and use
The purpose of the Lowest Acceptable PN (lpn) parameters in the MACsec
SAK Use parameter set is to enforce delay protection. Per IEEE Std
802.1X-2010, Clause 9, "Each SecY uses MKA to communicate the lowest PN
used for transmission with the SAK within the last two seconds, allowing
receivers to bound transmission delays."
When encoding the SAK Use parameter set the KaY should set llpn and olpn
to the lowest PN transmitted by the latest SAK and oldest SAK (if
active) within the last two seconds. Because MKPDUs are transmitted
every 2 seconds (MKA_HELLO_TIME), the solution implemented here
calculates lpn based on the txsc->next_pn read during the previous MKPDU
transmit.
Upon receiving and decoding a SAK Use parameter set with delay
protection enabled, the KaY will update the SecY's lpn if the delay
protect lpn is greater than the SecY's current lpn (which is a product
of last PN received and replay protection and window size).
Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
Mike Siedzik [Tue, 20 Feb 2018 19:28:38 +0000 (14:28 -0500)]
mka: Fix MKPDU SAK Use Body's Delay Protect bit setting
Delay Protect and Replay Protect are two separate and distinct features
of MKA. Per IEEE Std 802.1X-2010, 9.10.1 "Delay Protect, TRUE if LPNs
are being reported sufficiently frequently to allow the recipient to
provide data delay protection. If FALSE, the LPN can be reported as
zero", and per 9.10 "NOTE--Enforcement of bounded received delay
necessitates transmission of MKPDUs at frequent (0.5 s) intervals, to
meet a maximum data delay of 2 s while minimizing connectivity
interruption due to the possibility of lost or delayed MKPDUs."
This means struct ieee802_1x_mka_sak_use_body::delay_protect should only
be set TRUE when MKPDUs are being transmitted every 0.5 s (or faster).
By default the KaY sends MKPDUs every MKA_HELLO_TIME (2.0 s), so by
default delay_protect should be FALSE.
Add a new 'u32 mka_hello_time' parameter to struct ieee802_1x_kay. If
delay protection is desired, the KaY initialization code should set
kay->mka_hello_time to MKA_BOUNDED_HELLO_TIME (500 ms).
Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
Mike Siedzik [Fri, 2 Mar 2018 20:10:51 +0000 (15:10 -0500)]
mka: Fix conf_offset value in MKPDU when in policy mode SHOULD_SECURE
Commit 7b4d546e ("wpa_supplicant: Add macsec_integ_only setting for
MKA") introduced policy setting SHOULD_ENCRYPT (MACsec provides
integrity+confidentiality) in addition to SHOULD_SECURE (MACsec provides
integrity only). In both cases the KaY is populating the
"Confidentiality Offset" parameter within the "Distributed SAK parameter
set" with CONFIDENTIALITY_OFFSET_0=1. In the case of SHOULD_SECURE the
parameter should be populated with CONFIDENTIALITY_NONE=0.
IEEE Std 802.1X-2010, Table 11-6 and Figure 11-11 define how the two
Confidentiality Offset bits in the "Distributed SAK parameter set" must
be set: "0 if confidentiality not used" and "1 if confidentiality with
no offset". When policy is SHOULD_SECURE KaY should to send the former,
and when policy is SHOULD_ENCRYPT KaY should send the latter.
Fixes: 7b4d546e3dae ("wpa_supplicant: Add macsec_integ_only setting for MKA") Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
michael-dev [Tue, 15 Aug 2017 15:21:03 +0000 (17:21 +0200)]
macsec: Make pre-shared CKN variable length
IEEE Std 802.1X-2010, 9.3.1 defines following restrictions for CKN:
"MKA places no restriction on the format of the CKN, save that it comprise
an integral number of octets, between 1 and 32 (inclusive), and that all
potential members of the CA use the same CKN. No further constraints are
placed on the CKNs used with PSKs, ..."
Hence do not require a 32 octet long CKN but instead allow a shorter CKN
to be configured.
This fixes interoperability with some Aruba switches, that do not accept
a 32 octet long CKN (only support shorter ones).
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Mon, 24 Dec 2018 18:31:47 +0000 (20:31 +0200)]
tests: Do not override connectivity test address if no driver info
Not all driver interfaces provide driver status information with the
local address, so skip the override step if the field is not available.
This is needed, e.g., with macsec_linux.
Jouni Malinen [Sun, 23 Dec 2018 22:44:36 +0000 (00:44 +0200)]
Check snprintf result to avoid compiler warnings
These do not really get truncated in practice, but it looks like some
newer compilers warn about the prints, so silence those by checking the
result and do something a bit more useful if the output would actually
get truncated.
Andrej Shadura [Sun, 7 Oct 2018 12:31:51 +0000 (14:31 +0200)]
dbus: Expose connected stations on D-Bus
Make it possible to list connected stations in AP mode over D-Bus, along
with some of their properties: rx/tx packets, bytes, capabilities, etc.
Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Rebased by Julian Andres Klode <juliank@ubuntu.com> and updated to use
the new getter API.
Further modified by Andrej Shadura to not error out when not in AP mode
and to send separate StationAdded/StationRemoved signals instead of
changing signatures of existing StaAuthorized/StaDeauthorized signals.
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
Jouni Malinen [Sun, 23 Dec 2018 10:13:04 +0000 (12:13 +0200)]
tests: Fix AP wait in ap_require_ht and ap_require_ht_limited_rates
These test cases seemed to have copy-paste errors where
wait_enabled=False was forgotten even though there was no additional
steps checking the AP mode startup results. This did not break the
tests, but could have resulted in slowing them down if the STAs did not
find the AP in the first scan.
Jouni Malinen [Sat, 22 Dec 2018 13:55:19 +0000 (15:55 +0200)]
tests: Work around cfg80211 reg.c intersection (country 98) issues
The Linux kernel commit 113f3aaa81bd ("cfg80211: Prevent regulatory
restore during STA disconnect in concurrent interfaces") broke the
regulatory clearing attempt in many test cases since
cfg80211_is_all_idle() is now returning false due to the AP interface
being up and that results in the Country IE -based regulatory
information not getting cleared back to defaults.
Work around this by stopping the AP interface first so that when the
station interface receives the disconnection, there are no other active
interfaces in the system. In addition, wait for REGDOM event for the
Country IE hint after association to avoid disconnection before the
regulatory events have been fully processed.
Jouni Malinen [Fri, 21 Dec 2018 22:55:26 +0000 (00:55 +0200)]
tests: Fix mbo_supp_oper_classes after cfg80211 change
The Linux kernel commit 113f3aaa81bd ("cfg80211: Prevent regulatory
restore during STA disconnect in concurrent interfaces") broke the
regulatory clearing attempt in this test case since
cfg80211_is_all_idle() is now returning false due to the AP interface
being up and that results in the Country IE -based regulatory
information not getting cleared back to defaults.
Work around this by stopping the AP interface first so that when the
station interface receives the disconnection, there are no other active
interfaces in the system. In addition, wait for REGDOM event for the
Country IE hint after association to avoid disconnection before the
regulatory events have been fully processed.
Jouni Malinen [Fri, 21 Dec 2018 19:27:59 +0000 (21:27 +0200)]
Add SAE to GET_CAPABILITY key_mgmt
Provide information about SAE AKM support in "GET_CAPABILITY key_mgmt"
for completeness. The "GET_CAPABILITY auth_alg" case is already
providing information about SAE support through user space SME.
Try to fetch the list of supported AKM suite selectors from the driver
through the vendor interface
QCA_NL80211_VENDOR_SUBCMD_GET_SUPPORTED_AKMS. If that command is
available and succeeds, use the returned list to populate the
wpa_driver_capa key_mgmt information instead of assuming all
cfg80211-based drivers support all AKMs. If the driver does not support
this command, the previous behavior is maintained.
Vendor command to query the supported AKMs from the driver
This new QCA vendor command is used to query the supported AKM suite
selectors from the driver. There has been no such capability indication
from the driver and thus the current user space has to assume the driver
to support all the AKMs. This may be the case with some drivers (e.g.,
mac80211-based ones) but there are cfg80211-based drivers that implement
SME and have constraints on which AKMs can be supported (e.g., such
drivers may need an update to support SAE AKM using
NL80211_CMD_EXTERNAL_AUTH). Allow such drivers to specify the exact set
of supported AKMs so that user space tools can determine what network
profile options should be allowed to be configured. This command returns
the list of supported AKM suite selectors in the attribute
NL80211_ATTR_AKM_SUITES.
Andrey Utkin [Tue, 11 Dec 2018 17:41:10 +0000 (17:41 +0000)]
Fix build with LibreSSL
When using LibreSSL instead of OpenSSL, linkage of hostapd executable
fails with the following error when using some LibreSSL versions
../src/crypto/tls_openssl.o: In function `tls_verify_cb':
tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data'
../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num':
tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data'
collect2: error: ld returned 1 exit status
make: *** [Makefile:1278: hostapd] Error 1
ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some
versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to
be defined in this case, just like for old OpenSSL.
This patch was inspired by similar patches to other projects, such as
spice-gtk, pjsip.
Felix Fietkau [Wed, 14 Nov 2018 16:50:23 +0000 (17:50 +0100)]
hostapd: Support for overriding the bridge name per VLAN via vlan_file
This makes it easier to integrate dynamic VLANs in custom network
configurations. The bridge name is added after the interface name in the
vlan_file line, also separated by whitespace.
DPP: Add self configuration command in hostapd_cli and wpa_cli
The back-end support for DPP self configuration was already present in
hostapd and wpa_supplicant. However, the command to invoke DPP self
configuration was not available in hostapd_cli and wpa_cli. Add the
command "dpp_configurator_sign" in them.
Johannes Berg [Mon, 3 Dec 2018 17:06:22 +0000 (19:06 +0200)]
nl80211: Add support for starting FTM responder
Add support for starting FTM responder when in AP mode. This just sends
the appropriate NEW/SET_BEACON command to the driver with the LCI/civic
location data.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Enable FTM responder and configure LCI and civic if ftm_responder
configuration option is set. Since ftm_responder configuration existed
before and was used to set extended capability bits, don't fail AP setup
flow if ftm_responder is set, but the driver doesn't advertise FTM
responder support.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add configuration options to enable FTM responder and configure LCI and
civic parameters. In addition, introduce WPA_DRIVER_FLAGS_FTM_RESPONDER
flag, which can be used to indicate FTM responder support in AP mode.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Thu, 20 Dec 2018 22:55:31 +0000 (00:55 +0200)]
tests: Be more careful in clearing REGDOM state
cfg80211 regulatory code gets into pretty inconvenient state if it needs
to intersect regulatory domain information from multiple regulations
(country=98). The existing mechanisms in the hwsim test cases are not
able to clear that up for the following test case and this can result in
large number of failures.
It looks like country=98 case is hit frequently in WNM test cases where
a station associates with an AP that advertises a specific country code
and that station is then asked to disconnect before the REGDOM events
have been received. Avoid this by waiting for the REGDOM events for the
init=COUNTRY_IE case before disconnecting.
Jouni Malinen [Thu, 20 Dec 2018 19:34:24 +0000 (21:34 +0200)]
tests: Connect attempt with transmitting/nontransmitting BSS
This adds some minimal testing for Multi-BSS connection attempts. The
part for nontransmitted BSS is limited since hostapd/mac80211 does not
yet have sufficient support for Multi-BSS in AP mode.
Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.
This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.
Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.
The purpose of Multi-AP specification is to enable inter-operability
across Wi-Fi access points (APs) from different vendors.
This patch introduces one new configuration parameter 'multi_ap' to
enable Multi-AP functionality and to configure the BSS as a backhaul
and/or fronthaul BSS.
Advertise vendor specific Multi-AP capabilities in (Re)Association
Response frame, if Multi-AP functionality is enabled through the
configuration parameter.
A backhaul AP must support receiving both 3addr and 4addr frames from a
backhaul STA, so create a VLAN for it just like is done for WDS, i.e.,
by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never
WEP), we can safely call hostapd_set_wds_encryption() as well and we can
reuse the entire WDS condition.
To parse the Multi-AP Extension subelement, we use get_ie(): even though
that function is meant for parsing IEs, it works for subelements.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:37 +0000 (15:46 -0400)]
OCV: Include and verify OCI in the AMPE handshake
Include and verify the OCI element in AMPE Open and Confirm frames. Note
that the OCI element is included even if the other STA didn't advertise
support of OCV. The OCI element is only required and verified if both
peers support OCV.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:35 +0000 (15:46 -0400)]
OCV: Perform an SA Query after a channel switch
After the network changed to a new channel, perform an SA Query with the
AP after a random delay if OCV was negotiated for the association. This
is used to confirm that we are still operating on the real operating
channel of the network. This commit is adding only the station side
functionality for this, i.e., the AP behavior is not changed to
disconnect stations with OCV that do not go through SA Query.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:34 +0000 (15:46 -0400)]
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:32 +0000 (15:46 -0400)]
OCV: Include and verify OCI in the FT handshake
Include and verify the the OCI element in (Re)Association Request and
Response frames of the FT handshake. In case verification fails, the
handshake message is silently ignored.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:38 +0000 (15:46 -0400)]
tests: OCI validation in the 4-way and group key handshakes (OCV)
Perform detailed tests with OCV enabled, for both the 4-way and group
key handshakes. These tests include establishing a working connection
with OCV enabled, assuring that a STA without OCV enabled can still
connect to a STA with OCV enabled (and vice versa), verifying that
invalid OCI elements get silently ignored, verifying that missing OCI
elements are reported, and so on.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:30 +0000 (15:46 -0400)]
OCV: Add function to derive Tx parameters to a specific STA
Use the information elements that were present in the (Re)Association
Request frame to derive the maximum bandwidth the AP will use to
transmit frames to a specific STA. By using this approach, we don't need
to query the kernel for this information, and avoid having to add a
driver API for that.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:27 +0000 (15:46 -0400)]
OCV: Insert OCI in 4-way and group key handshake
If Operating Channel Verification is negotiated, include the OCI KDE
element in EAPOL-Key msg 2/4 and 3/4 of the 4-way handshake and both
messages of the group key handshake.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:24 +0000 (15:46 -0400)]
Store the VHT Operation element of an associated STA
APs and mesh peers use the VHT Operation element to advertise certain
channel properties (e.g., the bandwidth of the channel). Save this
information element so we can later access this information.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:23 +0000 (15:46 -0400)]
Add functions to convert channel bandwidth to an integer
This adds two utility functions to convert both operating classes and
and the chan_width enum to an integer representing the channel
bandwidth. This can then be used to compare bandwidth parameters in an
uniform manner.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:22 +0000 (15:46 -0400)]
Add utility function to derive operating class and channel
This function can be used to easily convert the parameters returned
by the channel_info driver API, into their corresponding operating
class and channel number.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:21 +0000 (15:46 -0400)]
Make channel_info available to authenticator
This adds the necessary functions and callbacks to make the channel_info
driver API available to the authenticator state machine that implements
the 4-way and group key handshake. This is needed for OCV.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:20 +0000 (15:46 -0400)]
Make channel_info available to the supplicant state machine
This adds the necessary functions and callbacks to make the channel_info
driver API available to the supplicant state machine that implements the
4-way and group key handshake. This is needed for OCV.
Mathy Vanhoef [Mon, 6 Aug 2018 19:46:19 +0000 (15:46 -0400)]
Add driver API to get current channel parameters
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.
Jouni Malinen [Sat, 15 Dec 2018 16:00:12 +0000 (18:00 +0200)]
HS 2.0 server: SIM provisioning exchange
Support SIM provisioning exchange with SPP. This uses the
hotspot2dot0-mobile-identifier-hash value from the AAA server to allow
subscription registration through subscription remediation exchange.
Jouni Malinen [Fri, 14 Dec 2018 13:58:13 +0000 (15:58 +0200)]
HS 2.0 server: RADIUS server support for SIM provisioning
This adds support for hostapd-as-RADIUS-authentication-server to request
subscription remediation for SIM-based credentials. The new hostapd.conf
parameter hs20_sim_provisioning_url is used to set the URL prefix for
the remediation server for SIM provisioning. The random
hotspot2dot0-mobile-identifier-hash value will be added to the end of
this URL prefix and the same value is stored in a new SQLite database
table sim_provisioning for the subscription server implementation to
use.
Jouni Malinen [Sat, 8 Dec 2018 14:48:33 +0000 (16:48 +0200)]
WMM AC: Do not write ERROR level log entries when WMM AC is not in use
These two wpa_printf() calls with MSG_ERROR level could be reached when
connecting without (Re)Association Response frame elements being
available. That would be the case for wired connections and IBSS. Those
cases are not supposed to use WMM AC in the first place, so do not
confuse logs with ERROR messages in them for normal conditions.
Jouni Malinen [Sat, 8 Dec 2018 14:26:17 +0000 (16:26 +0200)]
OWE: Fix OWE network profile saving
key_mgmt=OWE did not have a config parameter writer and wpa_supplicant
was unable to save such a network profile correctly. Fix this by adding
the needed parameter writer.
DPP: Support DPP key_mgmt saving to wpa_supplicant configuration
In the existing code, there was no "DPP" string available to the DPP key
management type for configuration parser of wpa supplicant. When the
configuration is saved, the key management string was left out from the
config file. Fix this by adding support for writing key_mgmt=DPP option.
projects / thirdparty / hostap.git / log
