aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* DPP2: Close incomplete Relay connectionsDisha Das2 days1-2/+14
| | | | | | | | Add timeout to close incomplete DPP relay connections. This is needed to avoid getting stuck with old entries that prevent new connections from getting started. Signed-off-by: Disha Das <dishad@codeaurora.org>
* OpenSSL: Fix compilation for version < 1.1.0 without CONFIG_ECCWolfgang Steinwender5 days1-0/+2
| | | | | | | | When CONFIG_ECC is not defined, openssl/ec.h is not included and EC_KEY not known. Fix be not defining EVP_PKEY_get0_EC_KEY() when CONFIG_ECC is not defined. Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
* Add helper functions for parsing RSNXE capabilitiesJouni Malinen5 days8-20/+49
| | | | | | | | Simplify the implementation by using shared functions for parsing the capabilities instead of using various similar but not exactly identical checks throughout the implementation. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Remove now unused password identifier argument from non-H2E caseJouni Malinen5 days4-41/+20
| | | | | | | | | | | | | IEEE Std 802.11-2020 mandates H2E to be used whenever an SAE password identifier is used. While this was already covered in the implementation, the sae_prepare_commit() function still included an argument for specifying the password identifier since that was used in an old test vector. Now that that test vector has been updated, there is no more need for this argument anymore. Simplify the older non-H2E case to not pass through a pointer to the (not really used) password identifier. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* PASN: Change PASN flows to use SAE H2E onlyIlan Peer5 days1-10/+10
| | | | | | | | Do so for both wpa_supplicant and hostapd. While this was not explicitly required in IEEE P802.11az/D3.0, likely direction for the draft is to start requiring use of H2E for all cases where SAE is used with PASN. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* PASN: Derive KDK only when requiredIlan Peer5 days2-2/+12
| | | | | | | | | | | When a PTK derivation is done as part of PASN authentication flow, a KDK derivation should be done if and only if the higher layer protocol is supported by both parties. Fix the code accordingly, so KDK would be derived if and only if both sides support Secure LTF. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Vendor attributes to configure broadcast TWT parametersKiran Kumar Lokere5 days1-0/+32
| | | | | | | Define the new TWT attributes for configuring the broadcast TWT parameters in enum qca_wlan_vendor_attr_twt_setup. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add vendor reason codes for TWT setup reject on roaming/channel switchMohammad Asaad Akram5 days1-0/+6
| | | | | | | | The firmware rejects the TWT setup request when roaming and channel switch is in progress. Extend enum qca_wlan_vendor_twt_status to represent new reason codes for these cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Increment the Sc counter before generating each ConfirmJouni Malinen5 days1-2/+2
| | | | | | | | | | | | | This changes the Send-Confirm value for the first SAE Confirm message to be 1 instead of 0 for all cases to match the design shown in IEEE Std 802.11-2020, Figure 12-4 (SAE finite state machine). Sc is defined to be "the number of SAE Confirm messages that have been sent" which is a bit vague on whether the current frame is included in the count or not. However, the state machine is showing inc(Sc) operation in all cases before the "2" event to build the Confirm. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Update SAE test vector to IEEE Std 802.11-2020Jouni Malinen5 days1-82/+49
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* nl80211: Support larger number of MAC ACL entriesYu Wang2021-03-301-7/+29
| | | | | | | | | | | | | If the maximum size of MAC ACL entries is large enough, the configuration message may exceed the default buffer size of a netlink message which is allocated with nlmsg_alloc(), and result in a failure when putting the attributes into the message. To fix this, calculate the required buffer size of the netlink message according to MAC ACL size and allocate a sufficiently large buffer with nlmsg_alloc_size(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* nl80211: Fix the size of the maximum MAC ACL sizeYu Wang2021-03-301-1/+1
| | | | | | | | | | | NL80211_ATTR_MAC_ACL_MAX is a u32 attribute to advertise the maximum number of MAC addresses that a device can support for MAC ACL. This was incorrectly used as a u8 attribute which would not work with any values larger than 255 or on big endian CPUs. Fix this by moving from nla_get_u8() to nla_get_u32(). Fixes: 3c4ca36330c0 ("hostapd: Support MAC address based access control list") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS: Share a single error handling path in wps_set_ie()Jouni Malinen2021-03-281-26/+14
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Enable WMM automatically when HE is configuredLavanya Suresh2021-03-251-2/+4
| | | | | | | | | If WMM is not set explicitly in the configuration, it can be set based on HT/HE config. As HE can be used without HT/VHT (which was introduced as a special behavior for the 6 GHz band), add a similar automatic enabling of WMM for HE without HT. Signed-off-by: Lavanya Suresh <lavaks@codeaurora.org>
* Fix WNM-Sleep Mode exit debug print of BIGTKJouni Malinen2021-03-251-1/+1
| | | | | | | | Previous debug print used IGTK instead of BIGTK, so fix that to use the correct key. Actual generation of the BIGTK subelement itself was using the correct key, though, so this is only needed to fix the debug print. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add REGISTER_FRAME hostapd control interface command for testing purposesJouni Malinen2021-03-223-0/+39
| | | | | | | This can be used to register reception of new types of Management frames through nl80211. Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow AP mode extended capabilities to be overriddenJouni Malinen2021-03-222-1/+11
| | | | | | | | | The new hostapd configuration parameters ext_capa_mask and ext_capa can now be used to mask out or add extended capability bits. While this is not without CONFIG_TESTING_OPTIONS, the main use case for this is for testing purposes. Signed-off-by: Jouni Malinen <j@w1.fi>
* Simplify extended capability determination in AP modeJouni Malinen2021-03-221-62/+2
| | | | | | | | There is no need to determine the exact length of the element before filling in the octets since this function is already capable of truncated the fields based on what the actual values are. Signed-off-by: Jouni Malinen <j@w1.fi>
* PASN: Mark pubkey/comeback arguments constant for frame constructionJouni Malinen2021-03-212-4/+4
| | | | | | These parameters are only copied to the frame, so mark them as constant. Signed-off-by: Jouni Malinen <j@w1.fi>
* PASN: Add support for comeback flow in AP modeIlan Peer2021-03-213-7/+88
| | | | | | | Reuse the SAE anti-clogging token implementation to support similar design with the PASN comeback cookie. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* DPP: Fix GAS client error case handling in hostapdJouni Malinen2021-03-211-1/+2
| | | | | | | | | | | | | | The GAS client processing of the response callback for DPP did not properly check for GAS query success. This could result in trying to check the Advertisement Protocol information in failure cases where that information is not available and that would have resulted in dereferencing a NULL pointer. Fix this by checking the GAS query result before processing with processing of the response. This is similar to the earlier wpa_supplicant fix in commit 931f7ff65609 ("DPP: Fix GAS client error case handling"). Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-SIM/AKA: Fix check for anonymous decorated identityJouni Malinen2021-03-201-4/+18
| | | | | | | | | | | eap_sim_anonymous_username() gets called with an argument that is not a null terminated C string and as such, os_strrchr() and os_strlen() cannot be used with it. The previous implementation resulted in use of uninitialized values and a potential read beyond the end of the buffer. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32277 Fixes: 73d9891bd722 ("EAP-SIM/AKA peer: Support decorated anonymous identity prefix") Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Indicate authentication success on ConfReqRX if needed (hostapd)Jouni Malinen2021-03-201-0/+13
| | | | | | | | | | | | | | | | | It is possible to receive the Configuration Request frame before having seen TX status for the Authentication Confirm. In that sequence, the DPP-AUTH-SUCCESS event would not be indicated before processing the configuration step and that could confuse upper layers that follow the details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS when receiving the Configuration Request since the Enrollee/Responser has clearly receive the Authentication Confirm even if the TX status for it has not been received. This was already done in wpa_supplicant in commit 422e73d623b4 ("DPP: Indicate authentication success on ConfReqRX if needed") and matching changes are now added to hostapd. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix full EAP authentication after PMKSA cache add failureJouni Malinen2021-03-201-0/+4
| | | | | | | | | Need to get EAP state machine into a state where it is willing to proceed with a new EAP-Request/Identity if PMKSA cache addition fails after a successful EAP authentication before the initial 4-way handshake can be completed. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP2: Fix connection status result wait in hostapdJouni Malinen2021-03-201-0/+1
| | | | | | | | The waiting_conn_status_result flag was not set which made hostapd discard the Connection Status Result. Fix this to match the wpa_supplicant implementation. Signed-off-by: Jouni Malinen <j@w1.fi>
* Testing functionality for airtime policyJouni Malinen2021-03-202-0/+6
| | | | | | | Add a new testing parameter to allow airtime policy implementation to be tested for more coverage even without kernel driver support. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Debug print error from airtime weight configurationJouni Malinen2021-03-191-1/+8
| | | | | | | It is better to be able to determine whether the airtime weight configuration for a STA actually was accepted by the driver or not. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-SIM/AKA peer: Support decorated anonymous identity prefixHai Shalom2021-03-191-0/+10
| | | | | | | Support decorated anonymous identity prefix as per RFC 7542, for SIM-based EAP networks. Signed-off-by: Hai Shalom <haishalom@google.com>
* Introduce reason code for TWT teardown due to concurrencyMohammad Asaad Akram2021-03-191-0/+4
| | | | | | | | The firmware sends new reason codes to indicate TWT teardown due to single channel and multi channel concurrency. Update the enum qca_wlan_vendor_twt_status to represent new reason code. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* nl80211: Allow sending Deauthentication frame with off channel for PASNIlan Peer2021-03-161-0/+13
| | | | | | | | To allow for a PASN station to deauthenticate from an AP to clear any PTKSA cache entry for it, extend the nl80211 interface to allow sending a Deauthentication frame with off channel enabled. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* AP: Handle deauthentication frame from PASN stationIlan Peer2021-03-161-0/+3
| | | | | | | | When a Deauthentication frame is received, clear the corresponding PTKSA cache entry for the given station, to invalidate previous PTK information. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* AP: Enable anti clogging handling code in PASN builds without SAEIlan Peer2021-03-161-0/+12
| | | | | | | The anti-clogging code was under CONFIG_SAE. Change this so it can be used both with CONFIG_SAE and CONFIG_PASN. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* AP: Rename SAE anti clogging variables and functionsIlan Peer2021-03-164-38/+43
| | | | | | | | | | | | | | | PASN authentication mandates support for comeback flow, which among others can be used for anti-clogging purposes. As the SAE support for anti clogging can also be used for PASN, start modifying the source code so the anti clogging support can be used for both SAE and PASN. As a start, rename some variables/functions etc. so that they would not be SAE specific. The configuration variable is also renamed, but the old version remains available for backwards compatibility. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* PASN: For testing purposes allow to corrupt MICIlan Peer2021-03-162-0/+10
| | | | | | | For testing purposes, add support for corrupting the MIC in PASN Authentication frames for both wpa_supplicant and hostapd. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* PASN: Encode the public key properlyIlan Peer2021-03-163-10/+40
| | | | | | | | | | | | When a public key is included in the PASN Parameters element, it should be encoded using the RFC 5480 conventions, and thus the first octet of the Ephemeral Public Key field should indicate whether the public key is compressed and the actual key part starts from the second octet. Fix the implementation to properly adhere to the convention requirements for both wpa_supplicant and hostapd. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* PASN: Include PMKID in RSNE in PASN response from APIlan Peer2021-03-161-1/+17
| | | | | | | | | As defined in IEEE P802.11az/D3.0, 12.12.3.2 for the second PASN frame. This was previously covered only for the case when the explicit PMKSA was provided to the helper function. Extend that to cover the PMKID from SAE/FILS authentication cases. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* PASN: Fix setting frame and data lengths in AP mode PASN responseIlan Peer2021-03-161-2/+2
| | | | | | | Frame length and data length can exceed 256 so need to use size_t instead of u8. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* EAP peer: Make EAP-Success handling more robust against race conditionsJouni Malinen2021-03-141-0/+14
| | | | | | | | | | | | | | | | | | When ERP initialization was moved from the METHOD state to the SUCCESS state, the conditions for checking against EAP state being cleared was missed. The METHOD state verified that sm->m is not NULL while the SUCCESS state did not have such a check. This opened a window for a race condition where processing of deauthentication event and EAPOL RX events could end up delivering an EAP-Success to the EAP peer state machine after the state had been cleared. This issue has now been worked around in another manner, but the root cause for this regression should be fixed as well. Check that the EAP state machine is properly configured before trying to initialize ERP in the SUCCESS state. Fixes: 2a71673e27e9 ("ERP: Derive ERP key only after successful EAP authentication") Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Fix highest TLS version disabling with internal TLS clientJouni Malinen2021-03-143-18/+33
| | | | | | | | | The highest supported TLS version for pre_master_secret needs to be limited based on the local configuration for the case where the highest version number is being explicitly disabled. Without this, the server would likely detect a downgrade attack. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP2: Use ASN.1 helper functionsJouni Malinen2021-03-141-65/+38
| | | | | | Simplify ASN.1 parser operations by using the shared helper functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Use ASN.1 helper functionsJouni Malinen2021-03-142-265/+154
| | | | | | Simplify ASN.1 parser operations by using the shared helper functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* X509: Use ASN.1 helper functionsJouni Malinen2021-03-141-174/+106
| | | | | | Simplify ASN.1 parser operations by using the shared helper functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* RSA: Use ASN.1 helper functionsJouni Malinen2021-03-141-15/+6
| | | | | | Simplify ASN.1 parser operations by using the shared helper functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* PKCS: Use ASN.1 helper functionsJouni Malinen2021-03-143-104/+57
| | | | | | Simplify ASN.1 parser operations by using the shared helper functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* ASN.1: Validate DigestAlgorithmIdentifier parametersJouni Malinen2021-03-142-0/+41
| | | | | | | | | | | | | | The supported hash algorithms do not use AlgorithmIdentifier parameters. However, there are implementations that include NULL parameters in addition to ones that omit the parameters. Previous implementation did not check the parameters value at all which supported both these cases, but did not reject any other unexpected information. Use strict validation of digest algorithm parameters and reject any unexpected value when validating a signature. This is needed to prevent potential forging attacks. Signed-off-by: Jouni Malinen <j@w1.fi>
* ASN.1: Fix AlgorithmInfo parsing for signaturesJouni Malinen2021-03-142-4/+3
| | | | | | | | | | | Digest is within the DigestInfo SEQUENCE and as such, parsing for it should use the end of that data instead of the end of the decrypted signature as the end point. Fix this in the PKCS #1 and X.509 implementations to avoid accepting invalid digest data that is constructed to get the hash value from after the actual DigestInfo container. Signed-off-by: Jouni Malinen <j@w1.fi>
* ASN.1: Reject invalid definite long form length values in DER encodingJouni Malinen2021-03-141-0/+10
| | | | | | | | | | | | | | The definite long form for the length is allowed only for cases where the definite short form cannot be used, i.e., if the length is 128 or greater. This was not previously enforced and as such, multiple different encoding options for the same length could have been accepted. Perform more strict checks to reject invalid cases for the definite long form for the length. This is needed for a compliant implementation and this is especially important for the case of verifying DER encoded signatures to prevent potential forging attacks. Signed-off-by: Jouni Malinen <j@w1.fi>
* ASN.1: Reject invalid extended tags in DER encodingJouni Malinen2021-03-141-0/+17
| | | | | | | | | | | | | | | The extended tag case is allowed only for tag values that are 31 or larger (i.e., the ones that would not fit in the single octet identifier case with five bits). Extended tag format was previously accepted even for the values 0..31 and this would enable multiple different encodings for the same tag value. That is not allowed for DER. Perform more strict checks to reject invalid extended tag values. This is needed for a compliant implementation and this is especially important for the case of verifying DER encoded signatures to prevent potential forging attacks. Signed-off-by: Jouni Malinen <j@w1.fi>
* ASN.1: Explicitly validate constructed bit while parsing DERJouni Malinen2021-03-141-0/+33
| | | | | | | | | | | | | The identifier octet in DER encoding includes three components. Only two of these (Class and Tag) were checked in most cases when looking for a specific data type. Also check the Primitive/Constructed bit to avoid accepting invalid encoding. This is needed for correct behavior in DER parsing and especially important for the case of verifying DER encoded signatures to prevent potential forging attacks. Signed-off-by: Jouni Malinen <j@w1.fi>
* ASN.1: Use the helper functions for recognizing tags and debug printsJouni Malinen2021-03-141-20/+13
| | | | | | | Simplify the core ASN.1 parser implementation by using the helper functions. Signed-off-by: Jouni Malinen <j@w1.fi>