aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp/wpa.h
Commit message (Collapse)AuthorAgeFilesLines
* RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4Jouni Malinen39 hours1-0/+7
| | | | | | | | If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Replace int status/reason_code with u16 variableJouni Malinen2019-04-221-1/+1
| | | | | | | | | These cases are for the IEEE 802.11 Status Code and Reason Code and those fields are unsigned 16 bit values, so use the more appropriate type consistently. This is mainly to document the uses and to make the source code easier to understand. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP2: PFS for PTK derivationJouni Malinen2019-03-181-0/+1
| | | | | | | | | | Use Diffie-Hellman key exchange to derivate additional material for PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element (defined in OWE RFC 8110) is used in association frames to exchange the DH public keys. For backwards compatibility, ignore missing request/response DH parameter and fall back to no PFS in such cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: Insert OCI in 4-way and group key handshakeMathy Vanhoef2018-12-161-0/+6
| | | | | | | | If Operating Channel Verification is negotiated, include the OCI KDE element in EAPOL-Key msg 2/4 and 3/4 of the 4-way handshake and both messages of the group key handshake. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Advertise OCV capability in RSN capabilities (STA)Mathy Vanhoef2018-12-161-1/+2
| | | | | | | Set the OCV bit in RSN capabilities (RSNE) based on station mode configuration. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* Make channel_info available to the supplicant state machineMathy Vanhoef2018-12-161-0/+2
| | | | | | | | This adds the necessary functions and callbacks to make the channel_info driver API available to the supplicant state machine that implements the 4-way and group key handshake. This is needed for OCV. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* FT: Add MDE to assoc request IEs in connect paramsAhmad Masri2018-04-191-0/+10
| | | | | | | | | Add MDE (mobility domain element) to Association Request frame IEs in the driver assoc params. wpa_supplicant will add MDE only if the network profile allows FT, the selected AP supports FT, and the mobility domain ID matches. Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
* Make last received ANonce available through control interfaceJouni Malinen2017-10-161-0/+1
| | | | | | | This makes it easier to debug 4-way handshake implementation issues without having to use a sniffer. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove all PeerKey functionalityJouni Malinen2017-10-151-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: PMKSA caching in station modeJouni Malinen2017-10-091-2/+2
| | | | | | | This extends OWE support in wpa_supplicant to allow PMKSA caching to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in stationJouni Malinen2017-10-081-1/+1
| | | | | | | | This extends OWE support in wpa_supplicant to allow DH groups 20 and 21 to be used in addition to the mandatory group 19 (NIST P-256). The group is configured using the new network profile parameter owe_group. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Fix compilation with CONFIG_NO_WPAEmmanuel Grumbach2017-07-081-1/+6
| | | | | | wpa_fils_is_completed() was not defined. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
* DPP: Add new AKMJouni Malinen2017-06-191-0/+2
| | | | | | | | | | This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Update cache identifier on associationVidyullatha Kanchanapally2017-04-071-0/+1
| | | | | | This is needed when offloading FILS shared key to the drivers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Update PMKSA cache with FILS shared key offloadVidyullatha Kanchanapally2017-04-071-0/+3
| | | | | | | | Add a new PMKSA cache entry within wpa_supplicant if a driver event from offloaded FILS shared key authentication indicates a new PMKSA entry was created. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Track completion with FILS shared key authentication offloadVidyullatha Kanchanapally2017-04-071-0/+2
| | | | | | | Update the internal fils_completed state when offloading FILS shared key authentication to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Add support for Cache Identifier in add/remove PMKSAVidyullatha Kanchanapally2017-04-071-2/+3
| | | | | | | | | Add support for setting and deleting PMKSA cache entries based on FILS Cache Identifer. Also additionally add support for sending PMK as part of SET_PMKSA to enable driver to derive keys in case of FILS shared key offload using PMKSA caching. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Add MDE into Authentication frame for FILS+FTJouni Malinen2017-04-021-1/+1
| | | | | | | | When using FILS for FT initial mobility domain association, add MDE to the Authentication frame from the STA to indicate this special case for FILS authentication. Signed-off-by: Jouni Malinen <j@w1.fi>
* FILS: Add FILS SK auth PFS support in STA modeJouni Malinen2017-03-121-1/+1
| | | | | | | | | | | This adds an option to configure wpa_supplicant to use the perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime network profile parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would use FILS SK PFS with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: Process Diffie-Hellman Parameter element in STA modeJouni Malinen2017-03-121-0/+4
| | | | | | | | This adds STA side addition of OWE Diffie-Hellman Parameter element into (Re)Association Request frame and processing it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
* FILS: Use FILS Cache Identifier to extend PMKSA applicabilityJouni Malinen2017-02-261-0/+1
| | | | | | | | This allows PMKSA cache entries for FILS-enabled BSSs to be shared within an ESS when the BSSs advertise the same FILS Cache Identifier value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Fix BSSID in reassociation caseJouni Malinen2017-02-211-1/+2
| | | | | | | | | | The RSN supplicant implementation needs to be updated to use the new BSSID whenever doing FILS authentication. Previously, this was only done when notifying association and that was too late for the case of reassociation. Fix this by providing the new BSSID when calling fils_process_auth(). This makes PTK derivation use the correct BSSID. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Parse and report received FILS HLP Containers from responseJouni Malinen2017-02-011-0/+2
| | | | | | | | The new FILS-HLP-RX control interface event is now used to report received FILS HLP responses from (Re)Association Response frame as a response to the HLP requests configured with FILS_HLP_REQ_ADD. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Allow FILS HLP requests to be addedJouni Malinen2017-01-291-1/+3
| | | | | | | | | | | | The new wpa_supplicant control interface commands FILS_HLP_REQ_FLUSH and FILS_HLP_REQ_ADD can now be used to request FILS HLP requests to be added to the (Re)Association Request frame whenever FILS authentication is used. FILS_HLP_REQ_ADD parameters use the following format: <destination MAC address> <hexdump of payload starting from ethertype> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove trailing whitespaceJouni Malinen2016-12-281-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* External persistent storage for PMKSA cache entriesJouni Malinen2016-12-121-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds new wpa_supplicant control interface commands PMKSA_GET and PMKSA_ADD that can be used to store PMKSA cache entries in an external persistent storage when terminating a wpa_supplicant process and then restore those entries when starting a new process. The previously added PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing the external storage with the memory-only volatile storage within wpa_supplicant. "PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to a specific network profile. The network_id of the current profile is available with the STATUS command (id=<network_id). In addition, the network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The output of the PMKSA_GET command uses the following format: <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> For example: 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0 The PMKSA_GET command uses the following format: <network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> (i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET output data; however, the reauth_time and expiration values need to be updated by decrementing them by number of seconds between the PMKSA_GET and PMKSA_ADD commands) For example: PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0 PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0 This functionality is disabled be default and can be enabled with CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be noted that this allows any process that has access to the wpa_supplicant control interface to use PMKSA_ADD command to fetch keying material (PMK), so this is for environments in which the control interface access is restricted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add PMKSA-CACHE-ADDED/REMOVED events to wpa_supplicantJouni Malinen2016-12-121-2/+4
| | | | | | | These allow external program to monitor PMKSA cache updates in preparation to enable external persistent storage of PMKSA cache. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Association Response processing (STA)Jouni Malinen2016-10-251-0/+2
| | | | | | | Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and configure keys to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Add elements to FILS Association Request frameJouni Malinen2016-10-251-0/+3
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Authentication frame processing (STA)Jouni Malinen2016-10-221-0/+1
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Try to use FILS authentication if PMKSA or ERP entry is availableJouni Malinen2016-10-221-0/+2
| | | | | | | | | | If a PMKSA cache entry for the target AP is available, try to use FILS with PMKSA caching. If an ERP key for the target AP is available, try to use FILS with EAP-Initiate/Re-auth added as Wrapper Data element. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TDLS: Declare tdls_testing as extern in a header fileJouni Malinen2016-06-231-0/+4
| | | | | | This gets rid of a sparse warning with CONFIG_TDLS_TESTING builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Fix PMKID calculation for PMKSA cacheMasashi Honma2016-02-181-2/+3
| | | | | | | | The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Add TEST_ASSOC_IE for WPA/RSN IE testing on AP sideJouni Malinen2015-12-061-0/+1
| | | | | | | | | The new wpa_supplicant control interface command "TEST_ASSOC_IE <hexdump>" can now be used to override the WPA/RSN IE for Association Request frame and following 4-way handshake to allow protocol testing of AP side processing of WPA/RSN IE. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix CONFIG_NO_WPA=y buildJouni Malinen2015-11-231-2/+3
| | | | | | | | Number of places were calling functions that are not included in CONFIG_NO_WPA=y build anymore. Comment out such calls. In addition, pull in SHA1 and MD5 for config_internal.c, if needed. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Add GTK RSC relaxation workaroundMax Stepanov2015-11-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | Some APs may send RSC octets in EAPOL-Key message 3 of 4-Way Handshake or in EAPOL-Key message 1 of Group Key Handshake in the opposite byte order (or by some other corrupted way). Thus, after a successful EAPOL-Key exchange the TSC values of received multicast packets, such as DHCP, don't match the RSC one and as a result these packets are dropped on replay attack TSC verification. An example of such AP is Sapido RB-1732. Work around this by setting RSC octets to 0 on GTK installation if the AP RSC value is identified as a potentially having the byte order issue. This may open a short window during which older (but valid) group-addressed frames could be replayed. However, the local receive counter will be updated on the first received group-addressed frame and the workaround is enabled only if the common invalid cases are detected, so this workaround is acceptable as not decreasing security significantly. The wpa_rsc_relaxation global configuration property allows the GTK RSC workaround to be disabled if it's not needed. Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
* Preparations for variable length KCK and KEKJouni Malinen2015-01-261-4/+6
| | | | | | | | This modifies struct wpa_ptk to allow the length of KCK and KEK to be stored. This is needed to allow longer keys to be used, e.g., with Suite B 192-bit level. Signed-off-by: Jouni Malinen <j@w1.fi>
* TDLS: Propagate enable/disable channel-switch commands to driverArik Nemtsov2015-01-041-0/+9
| | | | | | | | | | | | The supplicant code does not try to control the actual channel of the radio at any point. It simply passes the target peer and channel parameters to the driver. It's the driver's responsibility to periodically initiate TDLS channel-switch operations when TDLS channel-switching is enabled. Allow enable/disable operations to be invoked via the control interface. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
* TDLS: Add channel-switch capability flagArik Nemtsov2015-01-041-1/+1
| | | | | | | Propagate a driver TDLS channel-switch support bit from nl80211 to TDLS code. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
* Add support for offloading key management operations to the driverChet Lanctot2014-10-231-0/+15
| | | | | | | | | This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Add support for PMKSA caching on the station sideJouni Malinen2014-10-181-1/+2
| | | | | | | | | This makes wpa_supplicant SME create PMKSA cache entries from SAE authentication and try to use PMKSA caching if an entry is found for the AP. If the AP rejects the attempt, fall back to SAE authentication is used. Signed-off-by: Jouni Malinen <j@w1.fi>
* TDLS: Use WMM IE for propagating peer WMM capabilityArik Nemtsov2014-10-031-1/+1
| | | | | | | | Relying on qos qosinfo is not enough, as it can be 0 for WMM enabled peers that don't support U-APSD. Further, some peers don't even contain this IE (Google Nexus 5), but do contain the WMM IE during setup. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
* TDLS: Set the initiator during tdls_mgmt operationsArik Nemtsov2014-10-031-1/+1
| | | | | | | | Some drivers need to know the initiator of a TDLS connection in order to generate a correct TDLS mgmt packet. It is used to determine the link identifier IE. Pass this information to the driver. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
* TDLS: Handle unreachable link teardown for external setupArik Nemtsov2014-06-161-1/+1
| | | | | | | | | | | If a link is unreachable, the specification mandates we should send a teardown packet via the AP with a specific teardown reason. Force this by first disabling the link and only then sending the teardown packet for the LOW_ACK event. Rename the TDLS LOW_ACK event handler to better reflect its purpose. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
* TDLS: Make wpa_tdls_send_teardown() staticJouni Malinen2014-04-291-1/+0
| | | | | | This function was not used anywhere outside tdls.c. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove unused wpa_sm_get_param() functionJouni Malinen2014-04-051-8/+0
| | | | | | | This function was not used anywhere and was not up-to-date with full tet of parameters. Signed-off-by: Jouni Malinen <j@w1.fi>
* Pass TDLS peer capability information in tdls_mgmtSunil Dutt2014-03-271-1/+2
| | | | | | | | | | | | | | | While framing the TDLS Setup Confirmation frame, the driver needs to know if the TDLS peer is VHT/HT/WMM capable and thus shall construct the VHT/HT operation / WMM parameter elements accordingly. Supplicant determines if the TDLS peer is VHT/HT/WMM capable based on the presence of the respective IEs in the received TDLS Setup Response frame. The host driver should not need to parse the received TDLS Response frame and thus, should be able to rely on the supplicant to indicate the capability of the peer through additional flags while transmitting the TDLS Setup Confirmation frame through tdls_mgmt operations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Add support for IP address assignment in 4-way handshakeJouni Malinen2014-01-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | This new mechanism allows P2P Client to request an IPv4 address from the GO as part of the 4-way handshake to avoid use of DHCP exchange after 4-way handshake. If the new mechanism is used, the assigned IP address is shown in the P2P-GROUP-STARTED event on the client side with following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP address is included in the AP-STA-CONNECTED event on the GO side as a new ip_addr parameter. The IP address is valid for the duration of the association. The IP address pool for this new mechanism is configured as global wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask, ip_addr_star, ip_addr_end. For example: ip_addr_go=192.168.42.1 ip_addr_mask=255.255.255.0 ip_addr_start=192.168.42.2 ip_addr_end=192.168.42.100 DHCP mechanism is expected to be enabled at the same time to support P2P Devices that do not use the new mechanism. The easiest way of managing the IP addresses is by splitting the IP address range into two parts and assign a separate range for wpa_supplicant and DHCP server. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* TDLS: Pass peer's Supported channel and oper class info during sta_addSunil Dutt2014-01-141-1/+4
| | | | | | | | | The information of the peer's supported channel and operating class is required for the driver to do TDLS off channel operations with a compatible peer. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix PeerKey 4-way handshakeJouni Malinen2013-12-281-0/+8
| | | | | | | | | | | The earlier changes to buffer EAPOL frames when not associated to avoid race conditions (especially commit 3ab35a660364dc68eaebfc0df6130071bbee6be5 but maybe something even before that) broke PeerKey 4-way handshake. Fix this by using a separate check before the race condition workaround to process PeerKey 4-way handshake EAPOL-Key messages differently. Signed-hostap: Jouni Malinen <j@w1.fi>