path: root/wpa_supplicant/ibss_rsn.c
Commit message (Collapse)AuthorAgeFilesLines
* driver: Extend send_mlme() with wait optionIlan Peer2020-02-291-1/+1
| | | | | | | | | | | | PASN authentication can be performed while a station interface is connected to an AP. To allow sending PASN frames while connected, extend the send_mlme() driver callback to also allow a wait option. Update the relevant drivers and wpa_supplicant accordingly. hostapd calls for send_mlme() are left unchanged, since the wait option is not required there. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* IBSS RSN: Coding style cleanupAlexander Wetzel2020-02-231-1/+1
| | | | | | Use consistent style for pointers. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaroundAlexander Wetzel2020-02-231-0/+7
| | | | | | | | | | | | | | Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast reconnects. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* Introduce and add key_flagAlexander Wetzel2020-01-091-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the new set_key() parameter "key_flag" to provide more specific description of what type of a key is being configured. This is needed to be able to add support for "Extended Key ID for Individually Addressed Frames" from IEEE Std 802.11-2016. In addition, this may be used to replace the set_tx boolean eventually once all the driver wrappers have moved to using the new key_flag. The following flag are defined: KEY_FLAG_MODIFY Set when an already installed key must be updated. So far the only use-case is changing RX/TX status of installed keys. Must not be set when deleting a key. KEY_FLAG_DEFAULT Set when the key is also a default key. Must not be set when deleting a key. (This is the replacement for set_tx.) KEY_FLAG_RX The key is valid for RX. Must not be set when deleting a key. KEY_FLAG_TX The key is valid for TX. Must not be set when deleting a key. KEY_FLAG_GROUP The key is a broadcast or group key. KEY_FLAG_PAIRWISE The key is a pairwise key. KEY_FLAG_PMK The key is a Pairwise Master Key (PMK). Predefined and needed flag combinations so far are: KEY_FLAG_GROUP_RX_TX WEP key not used as default key (yet). KEY_FLAG_GROUP_RX_TX_DEFAULT Default WEP or WPA-NONE key. KEY_FLAG_GROUP_RX GTK key valid for RX only. KEY_FLAG_GROUP_TX_DEFAULT GTK key valid for TX only, immediately taking over TX. KEY_FLAG_PAIRWISE_RX_TX Pairwise key immediately becoming the active pairwise key. KEY_FLAG_PAIRWISE_RX Pairwise key not yet valid for TX. (Only usable with Extended Key ID support.) KEY_FLAG_PAIRWISE_RX_TX_MODIFY Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX. KEY_FLAG_RX_TX Not a valid standalone key type and can only used in combination with other flags to mark a key for RX/TX. This commit is not changing any functionality. It just adds the new key_flag to all hostapd/wpa_supplicant set_key() functions without using it, yet. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* RSN IBSS: Fix EAPOL TX using control portMarkus Theil2020-01-061-0/+4
| | | | | | | This was previously done only in supplicant role, but a similar change is needed for the authenticator role. Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* Add no_encrypt flag for control port TXMarkus Theil2020-01-051-4/+7
| | | | | | | | In order to correctly encrypt rekeying frames, wpa_supplicant now checks if a PTK is currently installed and sets the corresponding encrypt option for tx_control_port(). Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
* wpa_supplicant: Send EAPOL frames over nl80211 where availableBrendan Jackman2020-01-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux kernel v4.17 added the ability to request sending control port frames via nl80211 instead of a normal network socket. Doing this provides the device driver with ordering information between the control port frames and the installation of keys. This empowers it to avoid race conditions between, for example, PTK replacement and the sending of frame 4 of the 4-way rekeying handshake in an RSNA. The key difference between a TX_CONTROL_PORT and normal socket send is that the device driver will certainly get any EAPOL frames comprising a 4-way handshake before it gets the key installation call for the derived key. By flushing its TX buffers it can then ensure that no pending EAPOL frames are inadvertently encrypted with a key that the peer will not yet have installed. Update the RSN supplicant system to use this new operation for sending EAPOL-Key frames when the driver reports that this capability is available; otherwise, fall back to a normal Ethernet TX. I have tested this on DMG (11ad/ay) devices with an out-of-tree Linux driver that does not use mac80211. Without this patch I consistently see PTK rekeying fail if message 4/4 shares a stream with other in-flight traffic. With this patch, and the driver updated to flush the relevant TX queue before overwriting a PTK (knowing, now, that if there was a message 4/4 related to the key installation, it has already entered the driver queue), rekeying is reliable. There is still data loss surrounding key installation - this problem is alluded to in IEEE Std 802.11-2016, 12.6.21, where extended Key ID support is described as the eventual solution. This patch aims to at least prevent rekeying from totally breaking the association, in a way that works on kernels as far back as 4.17 (as per Alexander Wetzel extended Key ID support should be possible on 5.2). See http://lists.infradead.org/pipermail/hostap/2019-May/040089.html for a little more context. Signed-off-by: Brendan Jackman <brendan.jackman@bluwireless.co.uk>
* IBSS RSN: Use send_mlme() instead of send_frame() for Authentication framesJouni Malinen2020-01-031-5/+1
| | | | | | | | | send_frame() is documented to be used for "testing use only" and as such, it should not have used here for a normal production functionality. Replace this with use of send_mlme() which is already used for sending Authentication frames in number of other cases. Signed-off-by: Jouni Malinen <j@w1.fi>
* Store a copy of Association Request RSNXE in AP mode for later useJouni Malinen2019-10-171-1/+1
| | | | | | | This is needed to be able to compare the received RSNXE to a protected version in EAPOL-Key msg 2/4. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4Jouni Malinen2019-10-151-0/+1
| | | | | | | | If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Replace int status/reason_code with u16 variableJouni Malinen2019-04-221-1/+1
| | | | | | | | | These cases are for the IEEE 802.11 Status Code and Reason Code and those fields are unsigned 16 bit values, so use the more appropriate type consistently. This is mainly to document the uses and to make the source code easier to understand. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix cipher suite selector default value in RSNE for DMGLior David2019-02-211-1/+1
| | | | | | | | | | | | | | | | | | | | According to IEEE Std 802.11-2016, when fields of an RSNE are not included, the default values are used. The cipher suite defaults were hardcoded to CCMP in the previous implementation, but the default is actually different for DMG: GCMP (per It is not possible to find out from the RSNE if the network is non-DMG or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case based on context, which can be different for each caller. In order to fix this issue, add flags to the wpa_ie_data indicating whether pairwise/group ciphers were included in the RSNE. Callers can check these flags and fill in the appropriate ciphers. The wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by default so existing callers will not break. This change also fixes some callers which need to handle the DMG network case. Signed-off-by: Lior David <liord@codeaurora.org>
* VLAN assignment based on used WPA/WPA2 passphrase/PSKJouni Malinen2019-02-141-1/+3
| | | | | | | | | | | | Extend wpa_psk_file to allow an optional VLAN ID to be specified with "vlanid=<VLAN ID>" prefix on the line. If VLAN ID is specified and the particular wpa_psk_file entry is used for a station, that station is bound to the specified VLAN. This can be used to operate a single WPA2-Personal BSS with multiple VLANs based on the used passphrase/PSK. This is similar to the WPA2-Enterprise case where the RADIUS server can assign stations to different VLANs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in AP modeJouni Malinen2017-10-081-1/+5
| | | | | | | This extends OWE support in hostapd to allow DH groups 20 and 21 to be used in addition to the mandatory group 19 (NIST P-256). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* OWE: Process Diffie-Hellman Parameter element in AP modeJouni Malinen2017-03-121-1/+1
| | | | | | | | This adds AP side processing for OWE Diffie-Hellman Parameter element in (Re)Association Request frame and adding it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use os_memdup()Johannes Berg2017-03-071-2/+1
| | | | | | | | | | | | | | | | | | | | | | This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Add hostapd options wpa_group_update_count and wpa_pairwise_update_countGünther Kelleter2017-02-061-0/+2
| | | | | | | | | | | | | | | wpa_group_update_count and wpa_pairwise_update_count can now be used to set the GTK and PTK rekey retry limits (dot11RSNAConfigGroupUpdateCount and dot11RSNAConfigPairwiseUpdateCount). Defaults set to current hardcoded value (4). Some stations may suffer from frequent deauthentications due to GTK rekey failures: EAPOL 1/2 frame is not answered during the total timeout period of currently ~3.5 seconds. For example, a Galaxy S6 with Android 6.0.1 appears to go into power save mode for up to 5 seconds. Increasing wpa_group_update_count to 6 fixed this issue. Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
* wpa_auth: Make struct wpa_auth_callbacks constJohannes Berg2017-01-291-12/+10
| | | | | | | | | Instead of copying the struct wpa_auth_callbacks, just keep a pointer to it, keep the context pointer separate, and let the user just provide a static const structure. This reduces the attack surface of heap overwrites, since the function pointers move elsewhere. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* RSN IBSS: Fix TK clearing on Authentication frame RXJouni Malinen2017-01-141-0/+12
| | | | | | | | | | | | | | | | When wpa_supplicant was processing a received Authentication frame (seq 1) from a peer STA for which there was already a TK configured to the driver, debug log claimed that the PTK gets cleared, but the actual call to clear the key was actually dropped due to AUTH vs. SUPP set_key selection. Fix this by explicitly clearing the TK in case it was set and an Authentication frame (seq 1) is received. This fixes some cases where EAPOL-Key frames were sent encrypted using the old key when a peer STA restarted itself and lost the key and had to re-join the IBSS. Previously, that state required timing out the 4-way handshake and Deauthentication frame exchange to recover. Signed-off-by: Jouni Malinen <j@w1.fi>
* IBSS: Fix a memory leak on RSN error pathJouni Malinen2016-08-131-0/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add group_rekey parameter for IBSSJouni Malinen2016-08-131-4/+5
| | | | | | | The new network profile parameter group_rekey can now be used to specify the group rekeying internal in seconds for IBSS. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Fix PMKID calculation for PMKSA cacheMasashi Honma2016-02-181-1/+1
| | | | | | | | The SAE PMKID is calculated with IEEE Std 802.11-2012, but the PMKID was re-calculated with and saved into PMKSA cache. Fix this to save the PMKID calculated with into the PMKSA cache. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* RSN IBSS: Fix segfault on error pathJouni Malinen2015-09-051-1/+2
| | | | | | | If wpa_init() fails, wpa_deinit(NULL) must not be called to avoid hitting a NULL pointer dereference. Signed-off-by: Jouni Malinen <j@w1.fi>
* IBSS: Check ibss_rsn init before starting new IBSS authenticationEduardo Abinader2015-05-031-0/+3
| | | | | | | | Sanity check added to avoid segmentation fault which occurs, when issuing ibss_rsn ctrl iface cmd and IBSS was not initialized previously via IBSS network selection. Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
* Remove unused send_eapol() driver opJouni Malinen2014-12-111-2/+2
| | | | | | | | | | The send_eapol() callback was used by driver_test.c, but with that removed, there is no remaining users of the alternative EAPOL frame transmitting mechanism in wpa_supplicant, i.e., all remaining driver interfaces use l2_packet instead. Remove the send_eapol() to get rid of unused code. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Add support for PMKSA caching on the station sideJouni Malinen2014-10-181-1/+1
| | | | | | | | | This makes wpa_supplicant SME create PMKSA cache entries from SAE authentication and try to use PMKSA caching if an entry is found for the AP. If the AP rejects the attempt, fall back to SAE authentication is used. Signed-off-by: Jouni Malinen <j@w1.fi>
* IBSS RSN: Use monotonic time for reinit detectionJohannes Berg2013-12-241-4/+4
| | | | | | | | The reinit detection skips reinit when the time since the own authentication frame TX is less than half a second, so it shouldn't be affected by wall time and use monotonic time instead. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* P2P: Select PSK based on Device Address instead of Interface AddressJouni Malinen2013-09-011-1/+2
| | | | | | | | | When using per-device PSKs, select the PSK based on the P2P Device Address of the connecting client if that client is a P2P Device. This allows the P2P Interface Address to be changed between P2P group connections which may happen especially when using persistent groups. Signed-hostap: Jouni Malinen <j@w1.fi>
* P2P: Make peer's P2P Device Address available to authenticatorJouni Malinen2013-09-011-1/+1
| | | | | | | This can be used to implement per-device PSK selection based on the peer's P2P Device Address instead of P2P Interface Address. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Add a timeout for Authentication frame exchangeJouni Malinen2013-08-271-1/+25
| | | | | | | | | | It is possible for the peer device not to support Authentication frame exchange even though this would be required functionality in the standard. Furthermore, either Authentication frame may be lost. To recover from cases where Authentication frame sequence 2 is not received, start EAPOL Authenticator from one second timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Work around Data RX vs. Authentication RX race conditionJouni Malinen2013-08-261-0/+13
| | | | | | | | | | | | | It is possible for the driver to report EAPOL frame RX before Authentication frame RX even if the frames arrived in the opposite order. This can result in issues in cases where both IBSS peers initiate Authentication frame exchange at about the same time and one of the EAPOL sessions is started before processing Authentication frame seq=1 RX. Work around this by not re-initializing EAPOL state on Authentication (SEQ=1) RX if own Authentication frame was transmitted within last 500 ms. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Add IBSS-RSN-COMPLETED event messageJouni Malinen2013-08-251-1/+29
| | | | | | | This new control interface event message is used to indicate when both 4-way handshakes have been completed with a new IBSS peer. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Add peer restart detectionAntonio Quartulli2013-07-211-23/+209
| | | | | | | | | | | | | | | | | | | | | | | | | To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
* IBSS RSN: Implement disconnect() callback using sta_deauth()Bharat Bhushan2013-06-071-0/+8
| | | | | | | This allows driver wrappers to implement disconnection of IBSS peers in cases operations, e.g., GTK update, fail. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* IBSS RSN: Support authorizationAntonio Quartulli2012-02-121-0/+48
| | | | | | | | In IBSS RSN cfg80211/mac80211 now waits for userspace to authorize new stations. This patch makes wpa_supplicant notify the driver when a station can be considered authorized. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Provide ibss_rsn_get_peer() helper functionAntonio Quartulli2012-01-291-12/+20
| | | | | | | This is a useful function that simplifies some code and can eventually be used somewhere else in future. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
* IBSS: fix RSN key initialisationJohannes Berg2011-12-111-0/+2
| | | | | | | | | | | | | | | | | | | | Antonio reported that RSN IBSS failed to work. We traced it down to a GTK failure, and he then bisected it to commit bdffdc5ddb0c838af4c90d11: "AP: Reorder WPA/Beacon initialization". The reason this commit broke it is that the state machine's GInit variable is never set to false as wpa_init_keys() never gets called, and thus new keys are generated every time the state machine executes. Fix this by calling wpa_init_keys() when the new group has been initialised. Reported-by: Antonio Quartulli <ordex@autistici.org> Tested-by: Antonio Quartulli <ordex@autistici.org> Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* Mark local functions staticJouni Malinen2011-11-181-2/+2
| | | | | | These functions are not used outside the file in which they are defined. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: peer->addr is an array so it cannot be NULLJouni Malinen2011-04-141-1/+1
* RSN IBSS: Restart IBSS state machines for each new IBSSJouni Malinen2011-03-231-30/+8
| | | | | | | | Change the old design of running a single long living RSN IBSS instance to keep a separate instance for each IBSS connection. This fixes number of issues in getting keys set properly for new connections and is in general quite a bit more correct design.
* IBSS RSN: Clear IBSS RSN peers based on peer lost eventsXi Chen2011-03-181-0/+40
* IBSS RSN: Enable group rekeying every 10 minutesXi Chen2011-03-161-0/+1
* IBSS RSN: Add for_each_sta handler for authenticatorXi Chen2011-03-161-0/+19
* IBSS RSN: Add supp_get_state handlerXi Chen2011-03-161-0/+8
* IBSS RSN: Do not start multiple Auth/Supp for same peerJouni Malinen2011-01-151-0/+9
| | | | | | | | | This avoids an issue when a received EAPOL-Key frame from a peer is initiating IBSS RSN Authenticator and Supplicant for the peer and the following new-STA-in-IBSS event from the driver is adding yet another instance of Authenticator/Supplicant. The EAPOL-Key RX case was already checking whether an instance had been started; the driver new-STA event needs to do same.
* IBSS RSN: Delay setting of the initial TX GTKJouni Malinen2011-01-151-0/+30
| | | | | | The driver may get confused if we set the initial TX GTK before having fully configured and connected to an IBSS, so better delay this operation until the connection (join/start IBSS) has been completed.
* RSN IBSS: RX GTK configuration with nl80211Jouni Malinen2010-12-051-0/+9
| | | | | | | | | This add preliminary code for setting the per-STA RX GTK for RSN IBSS when nl80211 drivers. For some reason, this does not seem to fully work, but at least driver_nl80211.c is now aware of what kind of key is being set and the whatever is missing from making this key configuration go through should be specific to nl80211/cfg80211.
* IBSS RSN: Explicitly check addr != NULL before passing it to memcmpJouni Malinen2010-01-101-1/+2
| | | | | | idx == 0 should be enough to make sure that the addr is set, but verify that this is indeed the case to avoid any potential issues if auth_set_key() gets called incorrectly.
* IBSS RSN: Check explicitly that WPA auth sm assoc call succeededJouni Malinen2010-01-101-2/+4
| | | | | | Verify that association processing did not end up freeing the state machine. This should not really happen in practice, but better verify it anyway.