path: root/src/rsn_supp
Commit message (Collapse)AuthorAgeFilesLines
* OCV: Use more granular error codes for OCI validation failuresVeerendranath Jakkam12 days2-4/+4
| | | | | | | Enhance the return values of ocv_verify_tx_params with enum to indicate different OCI verification failures to caller. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* Fix EAPOL-Key msg 1/4 processing in a corner caseJouni Malinen2020-08-221-2/+5
| | | | | | | | | | | | | | | | If reassoc_same_bss_optim=1 is used to optimize reassociation back to the same BSS, it was possible for sm->pmk_len to be 0 due to a disconnection event getting processed after sending out the reassociation request. This resulted in wpa_sm_rx_eapol() calling wpa_mic_len() with incorrect PMK length when PMKSA caching was being attempted. That resulted in incorrect mic_len getting determined and not finding the correct Key Data Length field value. This could result in failing to complete 4-way handshake successfully. Fix this by updating the current PMK length based on the selected PMKSA cache entry if sm->pmk_len is not set when processing EAPOL-Key msg 1/4. Signed-off-by: Jouni Malinen <j@w1.fi>
* OCV: OCI channel override support for testing (STA)Veerendranath Jakkam2020-08-034-0/+41
| | | | | | | | Add override parameters to use the specified channel while populating OCI element in EAPOL-Key group msg 2/2, FT reassoc request, FILS assoc request and WNM sleep request frames. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* SAE-PK: Advertise RSNXE capability bit in STA modeJouni Malinen2020-06-104-2/+12
| | | | | | | Set the SAE-PK capability bit in RSNXE when sending out (Re)Association Request frame for a network profile that allows use of SAE-PK. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Do not add PMKID to the driver for FT-EAP if caching is disabledJouni Malinen2020-06-064-5/+7
| | | | | | | | | | | | | | | | wpa_supplicant disables PMKSA caching with FT-EAP by default due to known interoperability issues with APs. This is allowed only if the network profile is explicitly enabling caching with ft_eap_pmksa_caching=1. However, the PMKID for such PMKSA cache entries was still being configured to the driver and it was possible for the driver to build an RSNE with the PMKID for SME-in-driver cases. This could result in hitting the interop issue with some APs. Fix this by skipping PMKID configuration to the driver fot FT-EAP AKM if ft_eap_pmksa_caching=1 is not used in the network profile so that the driver and wpa_supplicant behavior are in sync for this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: Report OCI validation failures with OCV-FAILURE messages (STA)Jouni Malinen2020-05-292-7/+14
| | | | | | | | | Convert the previously used text log entries to use the more formal OCV-FAILURE prefix and always send these as control interface events to allow upper layers to get information about unexpected operating channel mismatches. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: Move "OCV failed" prefix to callersJouni Malinen2020-05-252-4/+5
| | | | | | | | | Make reporting of OCV validation failure reasons more flexible by removing the fixed prefix from ocv_verify_tx_params() output in ocv_errorstr so that the caller can use whatever prefix or encapsulation that is most appropriate for each case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: Add support to override channel info OCI element (STA)Vamsi Krishna2020-05-253-0/+13
| | | | | | | | | To support the STA testbed role, the STA has to use specified channel information in OCI element sent to the AP in EAPOL-Key msg 2/4, SA Query Request, and SA Query Response frames. Add override parameters to use the specified channel while populating OCI element in all these frames. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Clear current PMKSA cache selection on association/roamJouni Malinen2020-05-251-0/+3
| | | | | | | | | | It was possible for the RSN state machine to maintain old PMKSA cache selection (sm->cur_pmksa) when roaming to another BSS based on driver-based roaming indication. This could result in mismatching state and unexpected behavior, e.g., with not generating a Suite B PMKSA cache entry. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Debug print PMK-R0/R1 and PMKR0/R1Name in the helper functionsJouni Malinen2020-05-232-15/+0
| | | | | | There is no need to have all callers debug print these separately. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Allow version number to be overridden for testing purposesJouni Malinen2020-05-031-3/+4
| | | | | | | | | "SET dpp_version_override <ver>" can now be used to request wpa_supplicant and hostapd to support a subset of DPP versions. In practice, the only valid case for now is to fall back from DPP version 2 support to version 1 in builds that include CONFIG_DPP2=y. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Detect PFS downgrade attack while processing EAPOL-Key msg 3/4Jouni Malinen2020-05-031-0/+14
| | | | | | | | Do not allow association to continue if the local configuration enables PFS and the station indicates it supports PFS, but PFS was not negotiated for the association. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Add DPP KDE into EAPOL-Key msg 2/4 when using DPP AKMJouni Malinen2020-05-033-1/+30
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Indicate if PFS was used in control interface STATUSJouni Malinen2020-05-031-0/+9
| | | | | | | The new "dpp_pfs=1" entry can be used to determine whether PFS was used during derivation of PTK when DPP AKM is negotiated for an association. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Try to negotiate PFS only if AP supports version 2 or newerJouni Malinen2020-05-031-0/+1
| | | | | | | | Check AP's DPP Protocol Version during network introduction and mark the PMKSA cache as suitable for PFS use with version 2 or newer. This avoids unnecessary attempt of negotiating PFS with version 1 APs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* RSN supp: Convert Boolean to C99 boolJouni Malinen2020-04-242-13/+11
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Testing override for RSNXE Used subfield in FTEJouni Malinen2020-04-144-0/+14
| | | | | | | | | Allow wpa_supplicant to be requested to override the RSNXE Used subfield in FT reassociation case for testing purposes with "SET ft_rsnxe_used <0/1/2>" where 0 = no override, 1 = override to 1, and 2 = override to 0. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* nl80211: Configure PMKSA lifetime and reauth threshold timer to driverVeerendranath Jakkam2020-03-284-5/+10
| | | | | | | | | | Drivers that trigger roaming need to know the lifetime and reauth threshold time of configured PMKSA so that they can trigger full authentication to avoid unnecessary disconnection. To support this, send dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold values configured in wpa_supplicant to the driver while configuring a PMKSA. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* Process Transition Disable KDE in station modeJouni Malinen2020-03-253-0/+12
| | | | | | | | | Check whether the Transition Disable KDE is received from an authenticated AP and if so, whether it contains valid indication for disabling a transition mode. If that is the case, update the local network profile by removing the less secure options. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Use a shared helper function for RSN supplicant capabilitiesJouni Malinen2020-03-233-22/+20
| | | | | | | Avoid practically copy-pasted code for determining local RSN capabilities. Signed-off-by: Jouni Malinen <j@w1.fi>
* STA: Support Extended Key IDAlexander Wetzel2020-03-235-8/+131
| | | | | | | | | | | Support Extended Key ID in wpa_supplicant according to IEEE Std 802.11-2016 for infrastructure (AP) associations. Extended Key ID allows to rekey pairwise keys without the otherwise unavoidable MPDU losses on a busy link. The standard is fully backward compatible, allowing STAs to also connect to APs not supporting it. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* Set beacon protection config irrespective of macro CONFIG_FILSVeerendranath Jakkam2020-03-211-1/+1
| | | | | | | This was not supposed to be conditional on CONFIG_FILS. Fixes: ecbf59e6931f ("wpa_supplicant configuration for Beacon protection") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Omit RSNXE from FT protocol Reassociation Request when neededJouni Malinen2020-03-201-9/+15
| | | | | | | | | | The previous design for adding RSNXE into FT was not backwards compatible. Move to a new design based on 20/332r3 to avoid that issue by not include RSNXE in the FT protocol Reassociation Request frame so that an AP not supporting RSNXE can still validate the FTE MIC correctly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Verify that RSNXE is used consistently in Reassociation ResponseJouni Malinen2020-03-201-1/+12
| | | | | | | | Verify that the AP included RSNXE in Beacon/Probe Response frames if it indicated in FTE that RSNXE is used. This is needed to protect against downgrade attacks based on the design proposed in 20/332r3. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Set the new RSNXE Used subfield in FT reassociationJouni Malinen2020-03-201-0/+5
| | | | | | | | | | This is a workaround needed to keep FT protocol backwards compatible for the cases where either the AP or the STA uses RSNXE, but the other one does not. This commit adds setting of the new field to 1 in Reassociation Request/Response frame during FT protocol when the STA/AP uses RSNXE in other frames. This mechanism is described in 20/332r3. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Check RSNE/RSNXE match in FT protocol Reassociation Response frameJouni Malinen2020-03-151-0/+44
| | | | | | | | | | While 13.7.1 (FT reassociation in an RSN) in P802.11-REVmd/D3.0 did not explicitly require this to be done, this is implied when describing the contents of the fourth message in the FT authentication sequence (see 13.8.5). Furthermore, 20/332r2 is proposing an explicit validation step to be added into 13.7.1. Signed-off-by: Jouni Malinen <j@w1.fi>
* RSN: Stop 4-way handshake if scan results are not availableJouni Malinen2020-03-081-4/+3
| | | | | | | | | | | While there may have initially been cases where the RSNE from Beacon/Probe Response frames was not available from some drivers, it is now more valuable to notice if such a case were to be hit with drivers that are always expected to have such information available. As such, make it a fatal error if the scan results for the current AP are not available to check the RSNE/RSNXE in EAPOL-Key msg 3/4. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Silence debug prints when FT is not actually usedJouni Malinen2020-03-071-15/+22
| | | | | | | Avoid printing confusing FT debug entries from wpa_sm_set_ft_params() when FT is not actually used for the connection. Signed-off-by: Jouni Malinen <j@w1.fi>
* Report RSNXE mismatch in EAPOL-Key msg 3/4 more consistently with RSNEJouni Malinen2020-03-071-0/+5
| | | | | | | | Use the same reason code to indicate that IE different in 4-way handshake and also print a hexdump of RSNXE in both Beacon/ProbeResp and EAPOL-Key msg 3/4 in the log. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Drop outdated TDLS set_key() hackAlexander Wetzel2020-03-061-1/+1
| | | | | | | | wpa_tdls_set_key() did set the key_id to -1 to avoid a useless NL80211_CMD_SET_KEY call that the updated nl80211 driver no longer carries out. Remove the no longer required workaround. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* OWE: Fix PTK derivation workaround for interoperabilityHu Wang2020-03-061-1/+1
| | | | | | | | | | | | | | | | | The initial implementation of the PTK derivation workaround for interoperability with older OWE implementations forced WPA_KEY_MGMT_PSK_SHA256 to be used for all of PTK derivation. While that is needed for selecting which hash algorithm to use, this was also changing the length of the PTK components and by doing so, did not actually address the backwards compatibility issue. Fix this by forcing SHA256 as the hash algorithm in PTK derivation without changing the PTK length calculation for OWE when owe_ptk_workaround is enabled. Fixes: 65a44e849af9 ("OWE: PTK derivation workaround in AP mode") Fixes: 8b138d28264e ("OWE: PTK derivation workaround in STA mode") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPA: Rename FILS wrapped dataIlan Peer2020-02-291-8/+8
| | | | | | | IEEE P802.11az/D2.0 renamed the FILS Wrapped Data element, removing the FILS prefix. Change the code accordingly. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* SAE: Do not use PMKSA entry after its reauth thresholdJouni Malinen2020-02-281-0/+14
| | | | | | | | | | | | Since SAE PMK can be updated only by going through a new SAE authentication instead of being able to update it during an association like EAP authentication, do not allow PMKSA entries to be used for caching after the reauthentication threshold has been reached. This allows the PMK to be updated without having to force a disassociation when the PMK expires if the station roams between the reauthentication threshold and expiration timeout. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Do not clone PMKSA entry for OKC after its reauth thresholdJouni Malinen2020-02-281-0/+14
| | | | | | | | | | | | Since SAE PMK can be updated only by going through a new SAE authentication instead of being able to update it during an association like EAP authentication, do not allow PMKSA entries to be used for OKC after the reauthentication threshold has been reached. This allows the PMK to be updated without having to force a disassociation when the PMK expires if the station roams between the reauthentication threshold and expiration timeout. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Fix PMKID derivation for OKCJouni Malinen2020-02-281-1/+4
| | | | | | | | | | | | | SAE authentication derives PMKID differently from the EAP cases. The value comes from information exchanged during SAE authentication and does not bind in the MAC addresses of the STAs. As such, the same PMKID is used with different BSSIDs. Fix both the hostapd and wpa_supplicant to use the previous PMKID as is for OKC instead of deriving a new PMKID using an incorrect derivation method when using an SAE AKM. This fixes use of opportunistic key caching with SAE. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaroundAlexander Wetzel2020-02-233-0/+28
| | | | | | | | | | | | | | Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast reconnects. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* Configure received BIGTK on station/supplicant sideJouni Malinen2020-02-173-5/+145
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant configuration for Beacon protectionJouni Malinen2020-02-173-0/+4
| | | | | | | Add a new wpa_supplicant network profile configuration parameter beacon_prot=<0/1> to allow Beacon protection to be enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: PTK derivation workaround in STA modeJouni Malinen2020-01-233-1/+15
| | | | | | | | | | | | Initial OWE implementation used SHA256 when deriving the PTK for all OWE groups. This was supposed to change to SHA384 for group 20 and SHA512 for group 21. The new owe_ptk_workaround=1 network parameter can be used to enable older behavior mainly for testing purposes. There is no impact to group 19 behavior, but if enabled, this will make group 20 and 21 cases use SHA256-based PTK derivation which will not work with the updated OWE implementation on the AP side. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fix a typo in a commentJouni Malinen2020-01-231-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Introduce and add key_flagAlexander Wetzel2020-01-095-17/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the new set_key() parameter "key_flag" to provide more specific description of what type of a key is being configured. This is needed to be able to add support for "Extended Key ID for Individually Addressed Frames" from IEEE Std 802.11-2016. In addition, this may be used to replace the set_tx boolean eventually once all the driver wrappers have moved to using the new key_flag. The following flag are defined: KEY_FLAG_MODIFY Set when an already installed key must be updated. So far the only use-case is changing RX/TX status of installed keys. Must not be set when deleting a key. KEY_FLAG_DEFAULT Set when the key is also a default key. Must not be set when deleting a key. (This is the replacement for set_tx.) KEY_FLAG_RX The key is valid for RX. Must not be set when deleting a key. KEY_FLAG_TX The key is valid for TX. Must not be set when deleting a key. KEY_FLAG_GROUP The key is a broadcast or group key. KEY_FLAG_PAIRWISE The key is a pairwise key. KEY_FLAG_PMK The key is a Pairwise Master Key (PMK). Predefined and needed flag combinations so far are: KEY_FLAG_GROUP_RX_TX WEP key not used as default key (yet). KEY_FLAG_GROUP_RX_TX_DEFAULT Default WEP or WPA-NONE key. KEY_FLAG_GROUP_RX GTK key valid for RX only. KEY_FLAG_GROUP_TX_DEFAULT GTK key valid for TX only, immediately taking over TX. KEY_FLAG_PAIRWISE_RX_TX Pairwise key immediately becoming the active pairwise key. KEY_FLAG_PAIRWISE_RX Pairwise key not yet valid for TX. (Only usable with Extended Key ID support.) KEY_FLAG_PAIRWISE_RX_TX_MODIFY Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX. KEY_FLAG_RX_TX Not a valid standalone key type and can only used in combination with other flags to mark a key for RX/TX. This commit is not changing any functionality. It just adds the new key_flag to all hostapd/wpa_supplicant set_key() functions without using it, yet. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* Add no_encrypt flag for control port TXMarkus Theil2020-01-052-0/+9
| | | | | | | | In order to correctly encrypt rekeying frames, wpa_supplicant now checks if a PTK is currently installed and sets the corresponding encrypt option for tx_control_port(). Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* RSN: Do not add PMKSA candidates unnecessarilyJouni Malinen2020-01-011-4/+13
| | | | | | | | Add PMKSA candidates from scan results only if they advertise an AKMP that is used with RSN pre-authentication. Previously, candidates were added but then ignored later if the AKMP was not suitable. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: More debug prints for RSNE modification for EAPOL-Key msg 2/4Jouni Malinen2019-12-241-0/+8
| | | | | | | | This buffer was getting corrupted, so add more details to make it clearer what causes the corruption should this type of regression show up again. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix a typo in a commentJouni Malinen2019-11-061-1/+1
| | | | | | Spell NULL correctly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT-SAE: Add RSNXE into FT MICJouni Malinen2019-10-181-1/+20
| | | | | | | Protect RSNXE, if present, in FT Reassociation Request/Response frames. This is needed for SAE H2E with FT. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Merge wpa_supplicant and hostapd EAPOL-Key KDE parsersJouni Malinen2019-10-182-313/+0
| | | | | | | | Use a single struct definition and a single shared implementation for parsing EAPOL-Key KDEs and IEs instead of maintaining more or less identical functionality separately for wpa_supplicant and hostapd. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4Jouni Malinen2019-10-175-26/+137
| | | | | | | | | Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg 2/4 when using SAE with hash-to-element mechanism enabled. This allows the AP to verify that there was no downgrade attack when both PWE derivation mechanisms are enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4Jouni Malinen2019-10-155-2/+60
| | | | | | | | If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FILS+FT: Fix MFPR flag in RSNE during FILS exchange for FTJouni Malinen2019-10-011-1/+3
| | | | | | | | | | Commit e820cf952f29 ("MFP: Add MFPR flag into station RSN IE if 802.11w is mandatory") added indication of MFPR flag in non-FT cases and was further extended to cover FT protocol in commit ded56f2fafb0 ("FT: Fix MFPR flag in RSNE during FT protocol"). Similar fix is needed for FILS+FT as well. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>