Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
hmac_sha256() and hmac_sha256_vector() return a result code now, so use
that return value to terminate HMAC-SHA256-based GKDF/MIC similarly to
what was already done with the CMAC-based GKDF/MIC.
Signed-off-by: Jouni Malinen <j@w1.fi>
The recently added ProxyARP support (proxy_arp=1) in hostapd allows a
STA IPv4 address to be learned from DHCP or ARP messages. If that
information is available, add it to Account-Request messages in
Framed-IP-Address attribute.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can
be used to request hostapd not to reply to broadcast Probe Request
frames from unassociated STA if there is no room for additional stations
(max_num_sta). This can be used to discourage a STA from trying to
associate with this AP if the association would be rejected due to
maximum STA limit.
Signed-off-by: Jouni Malinen <j@w1.fi>
If hostapd or wpa_supplicant is built from a git repository, add a
VERSION_STR postfix from the current git branch state. This is from "git
describe --dirty=+". VERSION_STR will thus look something like
"2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a
modified repository.
This behavior is enabled automatically if a build within git repository
is detected (based on ../.git existing). This can be disabled with
CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config.
Signed-off-by: Jouni Malinen <j@w1.fi>
On TPK lifetime expiration, tear down the direct link before renewing
the link in the case of TDLS initiator processing. The expired key
cannot be used anymore, so it is better to explicitly tear down the old
link first.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This improves robustness of GO Negotiation in special cases where GO
Negotiation Request frames from the peer may end up getting delivered
multiple times, e.g., due to interference and retransmitted frames not
getting properly filtered out in duplicate detection (which is something
that number of drivers do not implement for pre-associated state).
If we have already replied with GO Negotiation Response frame with
Status 1 (not yet ready), do not reply to another GO Negotiation Request
frame from the peer if we have already received authorization from the
user (P2P_CONNECT command) for group formation and have sent out our GO
Negotiation Request frame. This avoids a possible sequence where two
independent GO Negotiation instances could go through in parallel if the
MAC address based rule on avoiding duplicate negotiations is not able to
prevent the case. This can allow GO Negotiation to complete successfully
whereas the previous behavior would have likely resulted in a failure
with neither device sending a GO Negotiation Confirm frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Some drivers (like mac80211) do not accept changing the TX bitrate mask
before the network interface is up. Thus, calling
nl80211_disable_11b_rates() before the interface is up fails, and the
P2P network interface continues to use invalid bitrates.
To fix this call nl80211_disable_11b_rates() immediately after the
interface is brought up (and also after rfkill is unblocked).
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
While testing, I noticed that printf_encode() makes control characters
human-readable, with one exemption, the DEL character (ASCII 127).
Assuming this exemption was unintentional, make it appear as an escaped
\x7f instead of a literal DEL character in the output.
Signed-off-by: Josh Lehan <krellan@krellan.net>
atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for a driver to support sufficient number of channels to
hit the previous limit of 200 characters for the "nl80211: Scan included
frequencies:" debug message. Increase the maximum buffer length to 300
characters to allow more complete list of scanned frequencies to be
written into the debug log. This limit is more in line with the
MAX_REPORT_FREQS (50) limit.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In addition to the PTK length increasing, the length of the PMK was
increased (from 256 to 384 bits) for the 00-0f-ac:12 AKM. This part was
missing from the initial implementation and a fixed length (256-bit) PMK
was used for all AKMs.
Fix this by adding more complete support for variable length PMK and use
384 bits from MSK instead of 256 bits when using this AKM. This is not
backwards compatible with the earlier implementations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous implementation used an obsolete sm->eapol_key_crypt pointer
which was not set anywhere (i.e., was always NULL). In addition, the
condition of sm->eap_if->eapKeyAvailable was not valid here since this
is the case of MSK from an external authentication server and not the
internal EAP server. Consequently, the wpa_auth_pmksa_add() call here
was never used.
The PMKSA cache was still added, but it happened at the completion of
the 4-way handshake rather than at the completion of EAP authentication.
That later location looks better, so delete the unreachable code in
Access-Accept handling. In addition, remove the now complete unused
struct eapol_state_machine eapol_key_* variables.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With driver wrappers that implement set_privacy(), set_generic_elem(),
set_ieee8021x(), or set_ap_wps_ie(), it was possible to hit a NULL
pointer dereference in error cases where interface setup failed and
the network configuration used WPA/WPA2, IEEE 802.1X, or WPS.
Fix this by skipping the driver operations in case the driver interface
is not initialized.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Don't add unnecessary P2PS follow-on PD Request attributes when
the request status is not P2P_SC_SUCCESS_DEFERRED.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
In P2PS PD Request processing in some error case scenarios, such as
verification of the WPS config method, the flow aborts before saving
mandatory P2PS PD Request attributes. This in turn causes the control
interface notification events to be sent with invalid parameters.
Fix this by changing the order of verification and processing steps of
the PD Request message handling.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
On successful P2P PD, report the chosen frequency in case the local
device is going to be the P2P GO, so in can later be used to instantiate
the new P2P GO, etc.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
In case the P2PS PD Response includes the P2P Channel List attribute,
update the peer device supported channels and verify that the local
device has common channels with the peer (only a sanity check).
If the Operating Channel attribute is included in the response, check
that it is included in the intersection and store it as the peer's
operating frequency (so it could later be used in the join flow, etc.).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
In case the P2PS PD Request includes the P2P Channel List attribute,
update the peer device supported channels and check if we have common
channels with the peer that can be used for the connection establishment
based on the connection capabilities:
1. In case of P2PS PD Request with no common channels, defer
the flow unless auto accept equals true and the connection
capabilities equals NEW (in which case the channels would be
negotiated in the GO Negotiation).
2. In case of Follow up P2PS PD Request with no common channels,
reject the request unless the connection capability is NEW.
In addition, in case of a successful P2PS PD, save the device
operating frequency (so it can be later used for join flow, etc.).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add operating channel selection and channel list processing similar to
that done when building GO Negotiation Request, i.e., consider the
currently used channels, configured channels, etc.
P2PS introduces a flow where a responder needs to provide channel data
without being previously aware of the current constraints, i.e., the
channels currently in use by other interfaces. To handle this, extend
the get_group_capability() callback to also handle channel selection
aspects of group capabilities.
In case there is an active P2P GO that is going to be used for the P2PS
PD, force its current operating frequency in the PD attributes.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
If a Provision Discovery Request is received for an unknown peer, a new
device entry is being added, but the flow continues without updating the
local p2p_device pointer, requiring to check the pointer value before
every access.
1. Change this, so once a device is added, the flow updates the local
p2p_device pointer and avoids the checks later in the flow.
2. If the device is not known even after adding it, skip the processing,
send the PD Response, and return.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
It is possible that p2p_build_prov_disc_resp() is called with a NULL
device entry, which might be dereferenced when calling
p2p->cfg->get_persistent_group() for the P2PS with persistent group
case. Fix this by checking the device pointer before accessing it.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Write a text version of the content type and handshake type in debug log
to make it easier to follow TLS exchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
The utf8_string_len comparison was off by one and ended up accepting a
truncated three-byte encoded UTF-8 character at the end of the string if
the octet was missing. Since the password string gets null terminated in
the configuration, this did not result in reading beyond the buffer, but
anyway, it is better to explicitly reject the string rather than try to
use an incorrectly encoded UTF-8 string as the password.
Signed-off-by: Jouni Malinen <j@w1.fi>
BoringSSL has removed the OpenSSL OCSP implementation (OCSP_*()
functions) and instead, provides only a minimal mechanism for include
the status request extension and fetching the response from the server.
As such, the previous OpenSSL-based implementation for OCSP stapling is
not usable with BoringSSL.
Add a new implementation that uses BoringSSL to request and fetch the
OCSP stapling response and then parse and validate this with the new
implementation within wpa_supplicant. While this may not have identical
behavior with the OpenSSL-based implementation, this should be a good
starting point for being able to use OCSP stapling with BoringSSL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Validate that all the required attributes appear in a P2PS PD Request,
and in addition, in the case of follow-on PD Request, check that the
given values match those of the original PD Request.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When a follow-on PD request is received, peer should not send a
follow-on PD response except the case when the PD request status value
is 12 (Success: accepted by user). Previously, the wpa_supplicant
implementation behaved differently sending the follow-on PD Response on
any follow-on PD Request.
Fix the issue by adding the following changes:
1. Don't send PD Response if the follow-on PD Request status is
different than 12 (seeker side).
2. Don't wait for the follow-on PD Response if the follow-on PD
Request was sent with the status different than 12 (advertiser
side).
3. If the follow-on PD Request was sent with the status different
than 12 use the follow-on PD Request ACK as PD completion event
(advertiser side).
4. Notify ASP about the PD completion by sending P2PS-PROV-DONE with
the PD Request status (advertiser side).
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
It is expected that p2p_flush() should stop any ongoing p2p operation.
However, this was not the case with extended listen which was not
cancelled on p2p_flush() flows. Fix this, by cancelling the extended
listen in p2p_flush().
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The new hostapd configuration parameter anqp_elem can now be used to
configure arbitrary ANQP-elements for the GAS/ANQP server. In addition
to supporting new elements, this can be used to override previously
supported elements if some special values are needed (mainly for testing
purposes).
The parameter uses following format:
anqp_elem=<InfoID>:<hexdump of payload>
For example, AP Geospatial Location ANQP-element with unknown location:
anqp_elem=265:0000
and AP Civic Location ANQP-element with unknown location:
anqp_elem=266:000000
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The switch to BoringSSL broke keystore-backed keys because
wpa_supplicant was using the dynamic ENGINE loading to load
the keystore module.
The ENGINE-like functionality in BoringSSL is much simpler
and this change should enable it.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Some devices cannot respond to inactive client probe (empty data frame)
within one second. For example, iPhone may take up to 3 secs. This
becomes a significant problem when ap_max_inactivity is set to lower
value such as 10 secs. iPhone can lose Wi-Fi connection after ~1 min
of user inactivity.
Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
On RADIUS auth/acct failures hostapd will try a new server if one is
available. Reuse the failover logic to force a socket renewal if only
one RADIUS server is configured.
This fixes problems when a route for the RADIUS server gets added after
the socket was "connected". The RADIUS socket is still sending the
RADIUS requests out using the previous route.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on
the local node for each peer. Previously, we were using the peer link ID
(generated by the peer) which may not be unique among all peers. Correct
this by reusing the AP AID generation code.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Commit d66dcb0d0b ('WEP: Remove VLAN
support from hostapd') already removed VLAN support for WEP encryption,
so vlan_setup_encryption_dyn() is no longer needed.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This ensures that group key is set as long as the interface exists.
Additionally, ifconfig_up is needed as wpa_group will enter
FATAL_FAILURE if the interface is still down. Also vlan_remove_dynamic()
is moved after wpa_auth_sta_deinit() so vlan_remove_dynamic() can check
it was the last user of the wpa_group.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Some APs don't include a CSA IE when an ECSA IE is generated,
and mac80211 used to fail following their channel switch. Add
a testing option to hostapd to allow reproducing the behavior.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fix and extend the ieee80211_freq_to_channel_ext() function to deal
correctly with VHT operating classes (128, 129, 130).
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The CSA channel and operating class values need to be set for all types
of channel switch (i.e., either if it's triggered by the control
interfaces or due to the GO-follows-STA flow). To do so, move the code
that sets them from the GO-follows-STA flow to the more generic
hostapd_fill_csa_settings() function.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
The hostapd_hw_get_channel() function can't be used to convert center
frequencies to channel numbers, because the hw mode lists don't have all
the center frequencies. The hw mode lists have the main channel
frequencies and flags to indicate the channel topography.
For instance, channel 5805 with VHT80- has the channel center frequency
segment 0 at 5775. This segment is only indicated indirectly in the hw
mode list by the HOSTAPD_CHAN_VHT_50_30 flag. The hw mode list doesn't
have any elements with frequency 5775 to allow the conversion to a
channel number. Thus, we need to use ieee80211_freq_to_chan() instead.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Pass to the driver a list of CSA counter offsets when sending Probe
Response frames during a CSA period. This allows the kernel to correctly
update the CSA/eCSA elements.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Some management frames contain CSA counters which should be updated by
kernel. Change driver op send_mlme() allowing to send a frame,
specifying an array of offsets to the CSA counters which should be
updated. For example, CSA offsets parameters should be specified when
sending Probe Response frames during CSA period.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Advertise current operating class in Beacon and Probe Response frames.
This Supported Operating Classes element is required by the standard
when extended channel switch is supported. However, since this element
doesn't reflect correctly the sub-band spectrum breakdown and can't be
effectively used by clients, publish only the minimal required part
which is the current operating class.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Fix the order of CSA, eCSA, Secondary Channel Offset, and Wide Bandwidth
Channel Switch Wrapper elements in Beacon and Probe Response frames.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers
SCM if all the clients advertise eCSA support and the candidate
frequency is one of the group common frequencies.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Extended channel switch provides an ability to switch between operating
classes and is required for P2P Devices by the P2P specification when
switching in 5 GHz.
When the operating class is provided for channel switch, the AP/P2P GO
will use eCSA IE in addition to the regular CSA IE both on 2.4 GHz and 5
GHz bands.
Transitions between different hw_modes are not supported.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Channel switch may be performed using both CSA and eCSA IEs together.
This may happen, for example with a P2P GO on band A with legacy
clients. Extend driver API to support up to 2 CSA counters.
This patch also includes the required implementation for nl80211.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When building Beacon and Probe Response frames for the target channel,
consider bandwidth parameter for VHT channels. In addition, add support
for updating vht_oper_centr_freq_seg0_idx and
vht_oper_centr_freq_seg1_idx.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When switching to a VHT channel with width greater than 20 MHz, add Wide
Bandwidth Channel Switch element. This element is added in Beacon and
Probe Response frames inside Channel Switch Wrapper element.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When CSA is started, hostapd_change_config_freq() computes the channel
from the provided frequency. Use this stored channel to add CSA IE in
Beacon frames, instead of recomputing the channel each time.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
All the other web_connection_parse_*() functions were already doing
this, so make the GET handler consistent as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 7d711541dc ('Clear TK part of PTK
after driver key configuration') started clearing TK from memory
immediately after having configured it to the driver when processing
EAPOL-Key message 3/4. While this covered the most common case, it did
not take into account the possibility of the authenticator having to
retry EAPOL-Key message 3/4 in case the first EAPOL-Key message 4/4
response is lost. That case ended up trying to reinstall the same TK to
the driver, but the key was not available anymore.
Fix the EAPOL-Key message 3/4 retry case by configuring TK to the driver
only once. There was no need to try to set the same key after each
EAPOL-Key message 3/4 since TK could not change. If actual PTK rekeying
is used, the new TK will be configured once when processing the new
EAPOL-Key message 3/4 for the first time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the binary sizes to be reduced if no support for nl80211
vendor extensions are needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow wpa_supplicant to use vendor scan (if supported by the driver)
together with the normal nl80211 scan and handling external scan events.
Since this results in possibility of concurrent scan operations, some of
the operations related to scan results need to check more carefully when
an event is relevant for a specific interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit contains the necessary changes for supporting the QCA vendor
scan implementation, i.e., sending the vendor scan command to underlying
driver and handling the vendor scan events from the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Introduce definitions for QCA vendor specific subcommands
and attributes to support vendor scan request.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes an issue where hostapd SET command is used to configure RSN
parameters and the wpa parameter is sent after the other parameters.
Previously, the default case here ended up clearing rsn_pairwise and
wpa_pairwise values and once wpa=2 was finally set, the cipher
configuration had already been lost.
Signed-off-by: Jouni Malinen <j@w1.fi>
Split chown() call in wpa_ctrl_open() and wpa_ctrl_open2() to allow the
group id to be set even if the process does not have privileges to
change the owner. This is needed for modules that need to communicate
with wpa_supplicant since without the group change, wpa_supplicant may
not have privileges to send the response to a control interface command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, station's VHT information elements were copied and passed
regardless of the AP's VHT configuration. As a result, AP with VHT
disabled in configuration could have ended up transmitting packets in
VHT rates though AP is not advertising VHT support. Fix this by copying
the station's VHT capabilities only when AP supports VHT (both hardware
and configuration).
Signed-off-by: Ashok Raj Nagarajan <arnagara@qti.qualcomm.com>
The GTK value received in RSN (WPA2) group rekeying did not use the
wpa_hexdump_key() version of debug printing that is conditional on -K
being included on the command line.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use shorter variables for storing the attribute lengths and group these
variables together to allow compiler to pack them more efficiently. This
reduces the struct size from 960 bytes to 760 bytes in 64-bit builds.
This reduces stack use in number of functions.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to maintain two concurrent instances of struct
wps_parse_attr in this function. Share a single structure for parsing
both IEs.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reset hapd->num_probereq_cb to 0 on an interface deinit to avoid
unexpected behavior if the same interface is enabled again without fully
freeing the data structures. hostapd_register_probereq_cb() increments
hapd->num_probereq_cb by one and leaves all old values unchanged. In
this deinit+init case, that would result in the first entry in the list
having an uninitialized pointer and the next Probe Request frame
processing would likely cause the process to terminate on segmentation
fault.
This issue could be hit when hostapd was used with WPS enabled (non-zero
wps_state configuration parameter) and control interface command DISABLE
and ENABLE were used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to allow new operation to be started after an error
without having to wait for the AP entry to time out.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant_parse_ies() was never supposed to be used as a generic IE
parser, i.e., it is for the specific purpose of parsing EAPOL-Key Key
Data IEs and KDEs. TDLS used this function for parsing generic AP IEs
and while that works, it resulted in confusing "WPA: Unrecognized
EAPOL-Key Key Data IE" debug messages. Clean this up by using
ieee802_11_parse_elems() for the cases where generic IEs are being
parsed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the previous tracking design to add a station entry based
on other management frames than Probe Request frames. For example, this
covers a case where the station is using passive scanning.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new no_auth_if_seen_on=<ifname> parameter can now be used to
configure hostapd to reject authentication from a station that was seen
on another radio.
This can be used with enabled track_sta_max_num configuration on another
interface controlled by the same hostapd process to reject
authentication attempts from a station that has been detected to be
capable of operating on another band, e.g., to try to reduce likelihood
of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4
GHz and 5 GHz BSS concurrently.
Note: Enabling this can cause connectivity issues and increase latency for
connecting with the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows control interface monitors to get more detailed information
in cases where wpa_supplicant-based SME receives an Authentication frame
with non-zero status code.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new no_probe_resp_if_seen_on=<ifname> parameter can now be used to
configure hostapd to not reply to group-addressed Probe Request from a
station that was seen on another radio.
This can be used with enabled track_sta_max_num configuration on another
interface controlled by the same hostapd process to restrict Probe
Request frame handling from replying to group-addressed Probe Request
frames from a station that has been detected to be capable of operating
on another band, e.g., to try to reduce likelihood of the station
selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz
BSS concurrently.
Note: Enabling this can cause connectivity issues and increase latency
for discovering the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
hostapd can now be configured to track unconnected stations based on
Probe Request frames seen from them. This can be used, e.g., to detect
dualband capable station before they have associated. Such information
could then be used to provide guidance on which colocated BSS to use in
case of a dualband AP that operates concurrently on multiple bands under
the control of a single hostapd process.
Signed-off-by: Jouni Malinen <j@w1.fi>
For now, there is no support for passing extended_capa pointers through
the driver_privsep.c interface from wpa_priv. Avoid leaving bogus
pointers by explicitly clearing these on both wpa_priv and
wpa_supplicant sides.
Signed-off-by: Jouni Malinen <j@w1.fi>
DSSS/CCK rate support in 40 MHz has to be set to 0 for 5 GHz band since
this mechanism is designed only for the 2.4 GHz band. Clear
HT_CAP_INFO_DSSS_CCK40MHZ in ht_capab when the configured mode is
neither 11b nor 11g.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
This adds a new helper function wpa_ctrl_open2() that can be used
instead of wpa_ctrl_open() to override the default client socket
directory. Add optional -s<directory path> argument to hostapd_cli and
wpa_cli to allow the client socket directory to be specified.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
No need to have a common failure handler if it is used from only a
single location and that lcoation does not even need the memory freeing
step.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the EAP-WSC peer state machine ended up just ignoring an
error and waiting for a new message from the AP. This is not going to
recover the exchange, so simply force the connection to terminate
immediately.
Signed-off-by: Jouni Malinen <j@w1.fi>
The hbp pointer is moved to the next space already earlier in this code
path, so the while loop here did not really do anything.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for wpa_auth_sm_event(WPA_DEAUTH) to be called from
wpa_sm_step() iteration in the case the EAPOL authenticator state
machine ended up requesting the station to be disconnected. This
resulted in unnecessary recursive call to wpa_sm_step(). Avoid this by
using the already running call to process the state change.
It was possible to hit this sequence in the hwsim test case
ap_wpa2_eap_eke_server_oom.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Clearing keyRun here is not specified in IEEE Std 802.1X-2004, but it
looks like this would be logical thing to do here since the EAPOL-Key
exchange is not possible in this state. It is possible to get here on
disconnection event without advancing to the AUTHENTICATING state to
clear keyRun before the IEEE 802.11 RSN authenticator state machine runs
and that may advance from AUTHENTICATION2 to INITPMK if keyRun = TRUE
has been left from the last association. This can be avoided by clearing
keyRun here.
It was possible to hit this corner case in the hwsim test case
ap_wpa2_eap_eke_server_oom in the case getKey operation was forced to
fail memory allocation. The following association resulted in the
station getting disconnected when entering INITPMK without going through
EAP authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows an empty nested list (i.e., no MAC addresses) to be included
in the NL80211_CMD_SET_MAC_ACL message unlike with
nla_nest_start()/nla_nest_end() where the current libnl implementation
removes the "empty" attribute and causes cfg80211 to reject the command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While the EAPOL-Key MIC derivation was already changed from SHA256 to
SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly.
Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK
from PMK when using the Suite B 192-bit AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
Config file is written to a temp file and then it is renamed to the
original config file. However, it is possible that the rename operation
will be commited to storage while file data will be still in cache
causing original config file to be empty or partially written in case of
a system reboot without a clean shutdown. Make this less likely to occur
by forcing the data to be written to the storage device before renaming
the file.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Commit 7da4f4b499 ('WPS: Check maximum
HTTP body length earlier in the process') added too strict check for
body length allocation. The comparison of new_alloc_nbytes against
h->max_bytes did not take into account that HTTPREAD_BODYBUF_DELTA was
added to previous allocation even if that ended up going beyond
h->max_bytes. This ended up rejecting some valid HTTP operations, e.g.,
when checking AP response to WPS ER setting selected registrar.
Fix this by taking HTTPREAD_BODYBUF_DELTA into account.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit de2a7b796d ('OpenSSL: Use
connection certificate chain with PKCS#12 extra certs') added a new
mechanism for doing this with OpenSSL 1.0.2 and newer. However, it did
not poinr out anything in debug log if SSL_add1_chain_cert() failed. Add
such a debug print and also silence static analyzer warning on res being
stored without being read (since the error case is ignored at least for
now).
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to limit TLS session resumption within a TLS library
implementation to apply only for the cases where the same EAP method is
used. While the EAP server method matching will be enforced separately
by EAP server method implementations, this additional steps can optimize
cases by falling back to full authentication instead of having to reject
attempts after having completed session resumption successfully.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new tls_connection_set_success_data(),
tls_connection_set_success_data_resumed(),
tls_connection_get_success_data(), and tls_connection_remove_session()
functions can be used to mark cached sessions valid and to remove
invalid cached sessions. This commit is only adding empty functions. The
actual functionality will be implemented in followup commits.
Signed-off-by: Jouni Malinen <j@w1.fi>
This new hostapd configuration parameter can be used to enable TLS
session resumption. This commit adds the configuration parameter through
the configuration system and RADIUS/EAPOL/EAP server components. The
actual changes to enable session caching will be addressed in followup
commits.
Signed-off-by: Jouni Malinen <j@w1.fi>
The EAP server is not yet capable of using TLS session ticket to resume
a session. Explicitly disable use of TLS session ticket with
EAP-TLS/TTLS/PEAP to avoid wasting resources on generating a session
ticket that cannot be used for anything.
Signed-off-by: Jouni Malinen <j@w1.fi>
BoringSSL does not support 192-bit AES, so these parts of the
wpa_supplicant module tests would fail.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed at least with BoringSSL to avoid accepting OCSP-required
configuration with a TLS library that does not support OCSP stapling.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Unlike OpenSSL PKCS12_parse(), the BoringSSL version seems to require
the password pointer to be non-NULL even if no password is present. Map
passwrd == NULL to passwd = "" to avoid a NULL pointer dereference
within BoringSSL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
BoringSSL commit 533ef7304d9b48aad38805f1997031a0a034d7fe ('Remove
SSL_clear calls in handshake functions.') triggered a regression for
EAP-TLS/TTLS/PEAP session resumption in wpa_supplicant due to the
removed SSL_clear() call in ssl3_connect() going away and wpa_supplicant
not calling SSL_clear() after SSL_shutdown(). Fix this by adding the
SSL_clear() call into wpa_supplicant after SSL_shutdown() when preparing
the ssl instance for another connection.
While OpenSSL is still call SSL_clear() in ssl3_connect(), it looks to
be safe to add this call to wpa_supplicant unconditionally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This function does not seem to be available in BoringSSL. Since it is
needed for EAP-FAST (which is not currently working with BoringSSL),
address this by commenting out the EAP-FAST specific step from builds
that do not include EAP-FAST support.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like BoringSSL does include that function even though it claims
support for OPENSSL_VERSION_NUMBER where this is available (1.0.2). For
now, comment out that call to fix build.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key()
API. This broke wpa_supplicant/hostapd build since those functions from
OpenSSL were used to replace the internal AES key wrap implementation.
Add a new build configuration option
(CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal
implementation to be used with CONFIG_OPENSSL=y build to allow build
against the latest BoringSSL version.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 6959145b86 ('FST: Integration into
hostapd') introduced this duplicated call due to an incorrect merge
conflict resolution in ap_sta_set_authorized(). An earlier commit
61fc90483f ('P2P: Handle improper WPS
termination on GO during group formation') had moved this call to an
earlier location in the function and there is no point in re-introducing
another copy of the call at the end of the function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of the for-each-interface loops used incorrect return value when
skipping over non-WPS interfaces. This could result in skipping some WPS
interfaces in the loop and returning error. Setting AP PIN did not check
for WPS being enabled at all and trigger a NULL pointer dereference if
non-WPS interface was enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Incorrect number of bytes was skipped from the beginning of the line
which resulted in the loop skipping spaces doing nothing. However, the
following operation was simply looking for the max-age parameter with
os_strstr(), so this did not have any effect on functionality. Fix the
number of bytes to skip and remove the unneeded loop to skip spaces.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the Hotspot 2.0 case of OSU user interaction to fail
with wpadebug browser due to permission denial in the "start" command
("java.lang.SecurityException: Permission Denial: startActivity asks to
run as user -2 but is calling from user 0; this requires
android.permission.INTERACT_ACROSS_USERS_FULL"). Avoid this by using
more flexible USER_CURRENT_OR_SELF (-3) value with the --user argument.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211 sends TSF information with the attribute NL80211_BSS_BEACON_TSF
if the scan results include information from Beacon frame. Probe
Response frame information is included in NL80211_BSS_TSF. If the device
receives only Beacon frames, NL80211_BSS_TSF might not carry updated
TSF, which results an older TSF being used in wpa_supplicant. Fetch both
possible TSF values (if available) and choose the latest TSF for the BSS
entry.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When using P2P invitation to re-invoke a persistent P2P group without
specifying the operating channel, query the driver for the preferred
frequency list, and use it to select the operating channel of the group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When using OpenSSL 1.0.2 or newer, this replaces the older
SSL_CTX_add_extra_chain_cert() design with SSL_add1_chain_cert() to keep
the extra chain certificates out from SSL_CTX and specific to each
connection. In addition, build and rearrange extra certificates with
SSL_build_cert_chain() to avoid incorrect certificates and incorrect
order of certificates in the TLS handshake.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the possible extra certificate(s) from a PKCS#12 file was
added once for each authentication attempt. This resulted in OpenSSL
concatenating the certificates multiple time (add one copy for each try
during the wpa_supplicant process lifetime). Fix this by clearing the
extra chain certificates before adding new ones when using OpenSSL 1.0.1
or newer that include the needed function.
Signed-off-by: Jouni Malinen <j@w1.fi>
This code path could not be hit with the RSNE generated by hostapd or
wpa_supplicant, but it is now possible to reach when using
own_ie_override test functionality. The RSNE and IE buffer length were
not updated correct in case wpa_insert_pmkid() had to add the RSN
Capabilities field.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows the new own_ie_override=<hexdump> configuration parameter to
be used to replace the normally generated WPA/RSN IE(s) for testing
purposes in CONFIG_TESTING_OPTIONS=y builds.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PMKIDCount, PMKID List, and Group Management Cipher Suite fields are
optional to include in the RSNE in cases where these would not have
values that are different from the default values. In practice,
PMKIDCount is always 0 in Beacon and Probe Response frames, so the only
field of these that could have a non-default value is Group Management
Cipher Suite. When BIP is used, that field is not needed either due to
BIP being the default cipher when PMF is enabled.
Remove these fields from RSNE when BIP is used to save six octets in
Beacon and Probe Response frames. In addition to reduced frame length,
this is a workaround for interoperability issues with iOS 8.4 in cases
where FT and PMF are enabled. iOS seems to be rejecting EAPOL-Key msg
3/4 during FT initial mobility domain association if the RSNE includes
the PMKIDCount field.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is similar to the earlier commit
b363121a20 ('WPS: Reject invalid
credential more cleanly'), but for the AP cases where AP settings are
being replaced. Previously, the new settings were taken into use even if
the invalid PSK/passphrase had to be removed. Now, the settings are
rejected with such an invalid configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use NULL to indicate if the address is not available instead of fixed
00:00:00:00:00:00. wpas_p2ps_prov_complete() already had code for
converting NULL to that all zeros address for event messages.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Change P2PS P2P-PROV-SHOW-PIN/P2P-PROV-ENTER-PIN event notifications
on PD Request/Response handling to meet required P2PS behavior.
The new implemented scheme:
1. For a legacy P2P provision discovery the event behavior remains
without changes
2. P2PS PD, advertiser method: DISPLAY, autoaccept: TRUE:
Advertiser: SHOW-PIN on PD request replied with a status SUCCESS
Seeker: ENTER-PIN on PD response received with a status SUCCESS
3. P2PS PD, advertiser method: DISPLAY, autoaccept: FALSE:
Advertiser: SHOW-PIN on PD request replied with a status
INFO_CURRENTLY_UNAVAILABLE
Seeker: ENTER-PIN on Follow-on PD request with a status
SUCCESS_DEFERRED
4. P2PS PD, advertiser method: KEYPAD, autoaccept: TRUE/FALSE:
Advertiser: ENTER-PIN on PD request replied with a status
INFO_CURRENTLY_UNAVAILABLE
Seeker: SHOW-PIN on PD response received with a status
INFO_CURRENTLY_UNAVAILABLE
This change in behavior breaks the existing test cases
p2ps_connect_keypad_method_nonautoaccept and
p2ps_connect_display_method_nonautoaccept. Those will be fixed in a
followup commit.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add a function to compute the group common frequencies, and
use it to update the group_common_frequencies as part of the
channel switch flows.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add ieee80211_freq_to_channel_ext() conversion function into
ieee802_11_common.c. This function converts freq to channel and
additionally computes operating class, based on provided HT and VHT
parameters.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This makes it possible to use these helper functions from hostapd as
well as the current use in wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This buffer is owned by the FST module, so mark it const in the
set_ies() callback to make it clearer which component is responsible for
modifying and freeing this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes an issue where freed MB IEs buffer memory could potentially
have been accessed after an interface is detached from FST group.
Without this fix, if an interface is detached from FST group, it can use
MB IEs buffer previously set by fst_iface_set_ies(), although the buffer
was released by fst_iface_delete().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The mesh SAE auth often fails with master branch. By bisect I found
commit eb5fee0bf5 ('SAE: Add side-channel
protection to PWE derivation with ECC') causes this issue. This does not
mean the commit has a bug. This is just a CPU resource issue.
After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel
Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So
auth_sae_retransmit_timer() is always called and it can causes
continuous frame exchanges. Before the commit, it was 23(msec).
On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod
is defined as 40(msec). But it looks short because generally mesh
functionality will be used on low spec devices. Indeed Raspberry Pi B+
(ARM ARM1176JZF-S 700MHz) requires 287(msec) for new
sae_derive_pwe_ecc().
So this patch makes the default to 1000(msec) and makes it configurable.
This issue does not occur on infrastructure SAE because the
dot11RSNASAERetransPeriod is not used on it.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.
This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.
Signed-off-by: Jouni Malinen <j@w1.fi>
FIPS_mode_set(1) cannot be called multiple times which could happen in
some dynamic interface cases. Avoid this by enabling FIPS mode only
once. There is no code in wpa_supplicant to disable FIPS mode, so once
it is enabled, it will remain enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
MD4 is not allowed in such builds, so comment out md4_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD¤ operations at runtime. This makes it easier
to detect and fix accidental cases where MD4 could still be used in some
older protocols.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 94f1fe6f63 ('Remove master key
extraction from tls_connection_get_keys()') left only fetching of
server/client random, but did not rename the function and structure to
minimize code changes. The only name is quite confusing, so rename this
through the repository to match the new purpose.
Signed-off-by: Jouni Malinen <j@w1.fi>
tls_connection_get_keys() used to return TLS master secret, but that
part was removed in commit 94f1fe6f63
('Remove master key extraction from tls_connection_get_keys()'). Since
then, there is no real need for preventing this function from being used
in FIPS mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
The bytes pointer was not reset back to the beginning of the buffer when
mixing in additional entropy from the crypto module. This resulted in
writing beyond the return buffer and not getting the required mixing of
the extra entropy for the actual return buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the compiler version used in Android 5.0 warns about
potentially uninitialized oper_freq variable in these debug messages.
That is not really valid since this code path can be reached only if
found != 0 and in such a case, oper_freq is set. Anyway, it seems better
to avoid compiler warnings, so add an unnecessary initialization for
oper_freq for now.
Signed-off-by: Jouni Malinen <j@w1.fi>
MD5 is not allowed in such builds, so comment out md5_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD5 operations at runtime. This makes it easier
to detect and fix accidental cases where MD5 could still be used in some
older protocols.
Signed-off-by: Jouni Malinen <j@w1.fi>
FIPS builds do not include support for MD4/MD5, so disable
EAP-TTLS/CHAP, MSCHAP, and MSCHAPV2 when CONFIG_FIPS=y is used.
Signed-off-by: Jouni Malinen <j@w1.fi>
MD5 is not available in CONFIG_FIPS=y builds, so use SHA1 for the EAP
peer workaround that tries to detect more robustly whether a duplicate
message was sent.
Signed-off-by: Jouni Malinen <j@w1.fi>
The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are
unfortunately not available in FIPS mode. Trying to use them results in
"aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API
call to cipher AES forbidden in FIPS mode!" and process termination.
Work around this by reverting commit
f19c907822 ('OpenSSL: Implement aes_wrap()
and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this
ends up using the internal AES key wrap/unwrap implementation through
the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y
is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues
to be used to minimize code size.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids a call to hmac_md5() to fix the build. The EAPOL-Key frame
TX code is not applicable for any FIPS mode operation, so the simplest
approach is to remove this from the build.
Signed-off-by: Jouni Malinen <j@w1.fi>
When processing a GO Negotiation Request and Response, if local driver
supports the preferred channel list extension, then:
- Check if peer's preference for operating channel is already included
in our preferred channel list and if so, take the oper_channel as is.
- If peer's preference for operating channel is not in local device's
preferred channel list and peer device has provided its preferred
frequency list in the GO Negotiation Request/Response, then find a
channel that is common for both preferred channel lists and use it
for oper_channel.
- If peer's preference for operating channel is not in local device's
preferred channel list and peer device doesn't use preferred channel
list extension, i.e., no preferred channel list in GO Negotiation
Request/Response, then look for a channel that is common for local
device's preferred channel list and peer's list of supported channels
and use it for oper_channel.
- In case no common channel is found, use the peer's preference for
oper_channel as is.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a callback function that can be used from the P2P module to
request the current preferred list of operating channels from the
driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add an extra condition to omit operating channel preference when
building GO Negotiation Response. If the local device supports the
preferred frequency list extension, then when sending a GO Negotiation
Response frame, advertise the preferred operating channel unless local
device is assuming the P2P Client role and has an empty preferred
frequency list, in which case local device can omit its preference for
the operating channel.
This change helps make use of the preferred frequency list and the
calculated best channel for both negotiating parties of the P2P
connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When sending a GO Negotiation Request, advertise the preferred frequency
list in a new vendor specific IE. This can be used to extend the
standard P2P behavior where a single preferred channel can be advertised
by allowing a priority list of channels to be indicated.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the driver supports the preferred frequency list extension, use this
information from the driver when no explicitly configured preference
list (p2p_pref_chan) is present for P2P operating channel selection.
This commit adds this for GO Negotiation and Invitation use cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds parsing of QCA vendor specific elements and as the first such
element to be parsed, stores pointers to the preferred frequency list
element that can be used to enhance P2P channel negotiation behavior.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new enum qca_vendor_element_id registry is used to manage
assignments of vendor specific elements using the QCA OUI 00:13:74. The
initial assignment is for the purpose for extending P2P functionality
for cases where the wpa_supplicant implementation is used by both ends
of an exchange.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend the QCA vendor specific nl80211 interface to query the preferred
frequency list from driver and add a new wpa_cli command to query this
information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Upon GO Negotiation completion, if the remote peer becomes GO, send a
hint event over QCA vendor specific interface to inform the driver of
the likely operating channel of the P2P GO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend the nl80211 interface command "driver status" to retrieve the
concurrency capabilities from the driver using the QCA vendor
extensions.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When ACS is offloaded to device driver and the hw_mode parameter is set
to any, the current_mode structure is NULL which fails the ACS command.
Fix this by populating the ACS channel list with channels from all bands
when current_mode is NULL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add vendor command to pass SET setband command to the driver and read
the updated channel list from driver when this notification succeeds.
This allows the driver to update its internal channel lists based on
setband configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The issue with the special form of TLS session tickets has been fixed in
the OpenSSL 1.1.0 branch, so disable workaround for it. OpenSSL 1.0.1
and 1.0.2 workaround is still in place until a release with the fix has
been made.
This allows TLSv1.1 and TLSv1.2 to be negotiated for EAP-FAST with the
OpenSSL versions that support this.
Signed-off-by: Jouni Malinen <j@w1.fi>
If there is only zero-length buffer of output data in error case, mark
that as an immediate failure instead of trying to report that
non-existing error report to the server. This allows faster connection
termination in cases where a non-recoverable error occurs in local TLS
processing, e.g., if none of the configured ciphers are available.
Signed-off-by: Jouni Malinen <j@w1.fi>
EAP-TLS was already doing this, but the other TLS-based EAP methods did
not mark methodState DONE and decision FAIL on local TLS processing
errors (instead, they left the connection waiting for a longer timeout).
Signed-off-by: Jouni Malinen <j@w1.fi>
OpenSSL 1.1.0 disables the anonymous ciphers by default, so need to
enable these for the special case of anonymous EAP-FAST provisioning.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed parameters
for TLS PRF and the external-to-OpenSSL PRF needs to be used instead.
Signed-off-by: Jouni Malinen <j@w1.fi>
This needs to use the new accessor functions since the SSL session
details are not directly accessible anymore and there is now sufficient
helper functions to get to the needed information.
Signed-off-by: Jouni Malinen <j@w1.fi>
This needs to use the new accessor functions for client/server random
since the previously used direct access won't be available anymore.
Signed-off-by: Jouni Malinen <j@w1.fi>
openssl_handshake() was checking only that in_data is not NULL and not
its length when determining whether to call BIO_write(). Extend that to
check the buffer length as well. In practice, this removes an
unnecessary BIO_write() call at the beginning of a TLS handshake on the
client side. This did not cause issues with OpenSSL versions up to
1.0.2, but that call seems to fail with the current OpenSSL 1.1.0
degvelopment snapshot. There is no need for that zero-length BIO_write()
call, so remove it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Report the feature capability on P2PS-PROV-START and P2PS-PROV-DONE
ctrl-iface events. A feature capability value is specified as
'feature_cap=<hex>' event parameter, where <val> is a hexadecimal
string of feature capability bytes in a PD Response frame.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
On PD Request/follow-on PD Request preparation set a feature capability
CPT value of PD context.
On PD Request processing use a request CPT and service advertisement
CPT priority list to select a feature capability CPT of PD Response.
On follow-on PD Request processing use a request CPT and a CPT priority
list in PD context to select a CPT value of follow on PD Response.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add a parameter allowing to specify a value of Coordination
Protocol Transport to P2PS_PROVISION and P2PS_PROVISION_RESP commands.
Extend the p2ps_provision structure to contain cpt_priority and
cpt_mask properties and initialize them on a P2PS PD request command.
The format of the parameter:
cpt=<cpt>[:cpt]
where <cpt> is CPT name e.g. UDP or MAC. The CPT names are listed
according to their preferences to be used for a specific P2PS session.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add Coordination Transport Protocol parameter to P2P_SERVICE_ADD
asp command.
Extend p2ps_advertisement structure to contain CPT priorities
and a supported CPT bitmask.
The format of the new parameter:
cpt=<cpt>[:<cpt>]
where <cpt> is a name of the Coordination Protocol Transport.
This implementation supports two CPT names: UDP and MAC.
The order of specified CPTs defines their priorities where
the first one has the highest priority.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add an auxiliary cstr_token() function to get a token from a const char
string. The function usage syntax is similar to str_token(), but unlike
str_token() the function doesn't modify the buffer of the string. Change
str_token() function implementation to use cstr_token().
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
The foreach_fst_group() loop needs "break-if-found", not
"continue-if-not-found" to do the search iteration properly. If there
were multiple groups, the previous design could have failed to find the
interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
fst_read_next_text_param() is never called with buflen <= 1, so this
separate error path is practically unreachable. Merge it with another
error path to make this a bit more compact.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for there to be multiple FST groups, so the hardcoded
mechanism of selecting the first one when sending out an event message
may not be sufficient. Get the interface from the caller, if available,
and if not, go through all groups in search of an interface to send the
event on.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for there to be multiple FST groups, so the hardcoded
mechanism of selecting the first one when sending out an event message
may not be sufficient. Get the interface from the caller, if available,
and if not, go through all groups in search of an interface to send the
event on.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that both hostapd and wpa_supplicant already enforce no duplicate
fst_attach() calls, there is no need for this check within fst_attach().
Signed-off-by: Jouni Malinen <j@w1.fi>
Dialog token is only 8 bits and maintaining u32 version of it in struct
fst_group resulted in incorrect wrap-around behavior in
fst_group_assign_dialog_token(). It was possible to assign u8
dialog_token value 0 because of this. Fix this by using u8 variable
consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>
While this is always supposed to be the first element, check that this
is indeed the case instead of blindly using values from within the
element.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Element ID and Length subfields are not supposed to be included in
the Length. In addition, both of these subfields needs to be filled in
even for non-zero status code cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the previous PMF (CONFIG_IEEE80211W=y) design that used
functionality from the FT (CONFIG_IEEE80211R=y) changes to work without
requiring CONFIG_IEEE80211R=y build option to be included.
Signed-off-by: Ashok Ponnaiah <aponnaia@qti.qualcomm.com>
It was possible for a registered eloop socket handler to be unregistered
and re-registered for a re-opened socket with the same fd from a timeout
or signal handler. If such a case happened with the old socket having a
pending event waiting for processing, some eloop combinations could end
up calling the new handler function with the new socket and get stuck
waiting for an event that has not yet happened on the new socket. This
happened with timeout and signal handlers with all eloop.c types. In
addition to that, the epoll case could also trigger this when a socket
handler re-registered a re-opened socket.
Fix these by checking whether there has been socket handler changes
during processing and break the processing round by going back to
select/poll/epoll for an updated result if any changes are done during
the eloop handler calls before processing the old socket results.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the SIGINT/SIGTERM signal to be received while
processing a pending timeout/socket/signal event and then get stuck in
the following select() call before processing the signal event. If no
other events show up within the two second SIGALRM trigger, process will
be terminated forcefully even though there would have been possibility
to do clean termination assuming no operationg blocked for that two
second time.
Handle this more cleanly by checking for eloop.pending_terminate before
starting the select()/poll()/epoll_wait() wait for the following event.
Terminate the loop if pending signal handling requests termination.
In addition, make eloop_terminated() return 1 on eloop.pending_terminate
in addition to eloop.terminate since the process will be terminated
shortly and there is no point in starting additional processing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Introduce definitions for QCA vendor specific subcommands and attributes
to support multiport concurrency.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this resulted in unnecessary wait and retransmission of the
previous EAP-Request. Change that to trigger immediate transmission of
EAP-Failure and disconnection since the EAP method cannot really recover
from this state.
Signed-off-by: Jouni Malinen <j@w1.fi>
This functionality was removed from the Host AP driver in May 2003, so
there is not any point in maintaining this in hostapd either.
Signed-off-by: Jouni Malinen <j@w1.fi>
The space separator between the command and the parameter was not
skipped properly and the first integer ended up being interpreted as 0
in all cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
fst_session_is_in_progress() is already checked as part of
fst_find_session_in_progress() before calling
fst_session_handle_action(). This is the only call path that can reach
fst_session_handle_tear_down() and as such, fst_session_is_in_progress()
cannot return 0 here.
Signed-off-by: Jouni Malinen <j@w1.fi>