Use struct eap_config as-is within RADIUS server to avoid having to
duplicate all the configuration variables at each interface. This
continues cleanup on struct eap_config duplication in hostapd.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Crypto-Binding TLV is included without Intermediate-Result TLV in
this sequence since the server is skipping all inner authentication
methods and is only sending out Result TLV with the Crypto-Binding TLV.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd configuration parameter eap_teap_id can be used to
configure the expected behavior for used identity type.
Signed-off-by: Jouni Malinen <j@w1.fi>
Parse the received Identity-Type TLV and report the used Identity-Type
in response if the request included this TLV. For now, only the
Identity-Type 1 (User) is supported.
Signed-off-by: Jouni Malinen <j@w1.fi>
Allow 100 rounds of EAP messages if there is data being transmitted.
Keep the old 50 round limit for cases where only short EAP messages are
sent (i.e., the likely case of getting stuck in ACK loop).
This allows larger EAP data (e.g., large certificates) to be exchanged
without breaking the workaround for ACK loop interop issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use struct eap_config as-is within struct eap_sm and EAPOL authenticator
to avoid having to duplicate all the configuration variables at each
interface. Split the couple of session specific variables into a
separate struct to allow a single const struct eap_config to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The implementation was previously hardcoded to use only the non-expanded
IETF EAP methods in Phase 2. Extend that to allow vendor EAP methods
with expanded header to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was already allowed with EAP-PEAP, but EAP-TEAP was hardcoded to
use only the non-expanded EAP types. Extend that to allow vendor EAP
types to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The implementation was previously hardcoded to use only the non-expanded
IETF EAP methods in Phase 2. Extend that to allow vendor EAP methods
with expanded header to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was already allowed with EAP-PEAP, but EAP-FAST was hardcoded to
use only the non-expanded EAP types. Extend that to allow vendor EAP
types to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The implementation was previously hardcoded to allow only the Microsoft
SoH expanded EAP method in Phase 2 in addition to non-expanded EAP
methods. Extend that to allow any vendor EAP method with an expanded
header to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The implementation was previously hardcoded to use only the non-expanded
IETF EAP methods in Phase 2. Extend that to allow vendor EAP methods
with expanded header to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was already allowed with EAP-PEAP, but EAP-TTLS was hardcoded to
use only the non-expanded EAP types. Extend that to allow vendor EAP
types to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This cleans up coding style of the EAP implementation by avoiding
typedef of an enum hiding the type of the variables.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new eap_teap_separate_result=1 hostapd configuration parameter can
be used to test TEAP exchange where the Intermediate-Result TLV and
Crypto-Binding TLV are send in one message exchange while the Result TLV
exchange in done after that in a separate message exchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the Crypto-Binding TLV for the last EAP method has been validated
successfully in a previous message exchange with Intermediate-Result TLV
and no new EAP method has been started, Result TLV can be accepted
without an additional Crypto-Binding TLV. This allows the server to go
through additional message exchanges after inner EAP method, if needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is not sufficient for the peer to include only the Result TLV if the
server included both the Intermediate-Result TLV and Result TLV.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, only the Result TLV was added when writing Crypto-Binding
TLV response. This is not sufficient, since RFC 7170 require
Intermediate-Result TLV response to be included from the peer if the
server included Intermediate-Result TLV.
Signed-off-by: Jouni Malinen <j@w1.fi>
This version of TLS PRF is needed when using TEAP with TLS ciphersuites
that are defined to use SHA384 instead of SHA256.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previously used single TOD policy was split into two policies:
TOD-STRICT and TOD-TOFU. Report these separately in the
CTRL-EVENT-EAP-PEER-CERT events (tod=1 for TOD-STRICT and tod=2 for
TOD-TOFU).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Update Connection Params is intended for drivers that implement
internal SME and expect these updated connection params from
wpa_supplicant. Do not send this request for the drivers using
SME from wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If FT over-the-DS case is enforced through the "FT_DS <BSSID>" control
interface command, the PMF capability check during BSS selection is not
used and that could have allowed PMF to be disabled in the over-the-DS
case even if the local network profile mandated use of PMF. Check
against this explicitly to avoid unexpected cases if the APs within the
same mobility domain are not configured consistently.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Commit e820cf952f ("MFP: Add MFPR flag into station RSN IE if 802.11w
is mandatory") added indication of MFPR flag in non-FT cases, but forgot
to do so for the FT protocol cases where a different function is used to
build the RSNE. Do the same change now for that FT specific case to get
consistent behavior on indicating PMF configuration state with MFPR.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is not used only with FT, so make the comments less confusing and
include the function in all builds to make it available for
non-FT/non-FILS builds.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
HE (802.11ax) is also supported on 2.4 GHz. And the 2.4 GHz band isn't
supposed to use VHT operations. Some codepaths in wpa_supplicant will
therefore not initialize the freq->bandwidth or the freq->center_freq1/2
members. As a result, the nl80211_put_freq_params() will directly return
an error (-1) or the kernel will return an error due to the invalid
channel definition.
Instead, the channel definitions should be created based on the actual
HT/VHT/none information on 2.4 GHz.
Fixes: ad9a1bfe78 ("nl80211: Share VHT channel configuration for HE")
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
Add vendor command QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT
and attribute qca_wlan_vendor_attr_avoid_frequency_ext to send structured
avoid frequency data.
This new command is alternative to existing command
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY since existing command is
using stream of bytes instead of structured data using vendor attributes.
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
As a part of P802.11ax amendment, 6 GHz band operation is added.
Since the 6 GHz channel numbers are overlapping with existing 2.4 GHz
and 5 GHz channel numbers, use frequency to identify unique channel
operation instead of channel number. Channel frequency is unique across
bands.
In the existing QCA vendor interface, wherever missing, add frequency
attributes to identify unique channel operation. In addition, add
comments to document some of the previously missed attributes/values.
Note: If both channel and frequency attributes are present in vendor
command/event and
(a) If both the driver and user-space application supports 6 GHz band
then channel related attributes are deprecated and use frequency
attributes.
(b) If either driver or user-space application or both doesn't
support 6 GHz band then use channel attributes.
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
Add QCA_WLAN_VENDOR_ATTR_SAP_CONFIG_CHANNEL attribute in
enum qca_wlan_vendor_attr_sap_config to use with vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_SAP_CONFIG.
This new attribute is used to restart AP on given channel.
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_ACS_POLICY
with attributes enum qca_wlan_vendor_attr_acs_config and
enum qca_acs_dfs_mode to configure ACS policy.
Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
This enhances the existing vendor command QCA_NL80211_VENDOR_SUBCMD_ROAM
with the following configurations:
1. Set/get/clear roam control
2. Set/get the channels on which the roaming has to be triggered.
3. Set/get the roam scan period.
4. Configure the triggers for roaming.
5. Configure the candidate selection criteria.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
qca_wlan_vendor_attr_roam_subcmd is an enum associated with the
attribute QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD. It represents different
sub command values and these are not the attributes. Hence, rename the
enum to qca_wlan_vendor_roaming_subcmd. Accordingly, the members of this
enum are also renamed to suite the usage.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to update methodState/decision when completing transmission of
fragmented last Phase 2 message.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The KCK, PMK, and PMKID derivation fix broke SAE key derivation for all
FFC groups. Fix that by setting sae->tmp->order_len for FFC groups (it
was only set for ECC groups).
Fixes: ac734a342e ("SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It looks like EVP_PKEY_derive() may change the returned length of the
buffer from the initial length determination (NULL buffer) to the
fetching of the value. Handle this by updating the secret length based
on the second call instead of the first one. This fixes some cases where
ECDH result has been used with extra data (zeros in the end) with OWE or
FILS PFS.
Signed-off-by: Jouni Malinen <j@w1.fi>
This replaces the separately implemented ECDH operations with a single
helper function to avoid code duplication. In addition, this introduces
a workaround for strange OpenSSL behavior where the first
EVP_PKEY_derive(NULL) call to learn the size of the output shared secret
returns unexpectedly large buffer (72 octets when expected 32 octets for
group 19). It is not known what is causing this, but such behavior seems
to be showing up every now and then at least when running hwsim test
cases under UML and apparently mainly (only?) in the sigma_dut
controller cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
IEEE Std 802.11-2016 is not exactly clear on the encoding of the bit
string that is needed for KCK, PMK, and PMKID derivation, but it seems
to make most sense to encode the (commit-scalar + peer-commit-scalar)
mod r part as a bit string by zero padding it from left to the length of
the order (in full octets).
The previous implementation used the length of the prime (in full
octets). This would work for KCK/PMK, but this results in deriving all
zero PMKIDs for the groups where the size of the order is smaller than
the size of the prime. This is the case for groups 22, 23, and 24.
However, those groups have been marked as being unsuitable for use with
SAE, so this fix should not really have a practical impact anymore.
Anyway, better fix it and document this clearly in the implementation
taken into account the unclarity of the standard in this area.
Signed-off-by: Jouni Malinen <j@w1.fi>
The earlier change to add support for BN_bn2binpad() and
BN_bn2bin_padded() broke this function for cases where no padding is
used (padlen == 0). Those would have always failed after the changes and
the function would return -1. There are no such cases in the current
hostap.git, so this did not have any real issues, but anyway, better fix
this function to match its documentation.
Fixes: 1e237903f5 ("OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available")
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload
in connect") used the req_key_mgmt_offload flag to indicate to the
driver that it should offload the 802.1X handshake. However, this field
was existing and used for a different offload API. This causes
wpa_supplicant to send a connect request without the WANT_1X_HS flag and
the subsequent set-pmk is rejected causing the connection to fail. Fix
that by introducing a new flag req_handshake_offload so the offloads are
no longer entangled.
Fixes: d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload in connect")
Reported-by: Stefan Wahren <wahrenst@gmx.net>
Tested-by: Stefan Wahren <wahrenst@gmx.net>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
The new hostapd configuration option eap_sim_id can now be used to
disable use of pseudonym and/or fast reauthentication with EAP-SIM,
EAP-AKA, and EAP-AKA'.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
