This patchset adds support for Operating Channel Validation (OCV). The main idea of this feature is to verify the current operating channel when connecting to a network. This prevent multi-channel Man-in-the-middle attacks. A detailed description of this feature can be found here: https://mentor.ieee.org/802.11/dcn/17/11-17-1807-12-000m-defense-against-multi-channel-mitm-attacks-via-operating-channel-validation.docx Points to pay attention to: - The channel bandwidth that an AP uses to send frames to an associated STA is derived from IEs in the association request. Feedback on this would be good (see commit "Add function to derive Tx parameters to a specific STA"). - The code assumes that a client will use the maximum bandwidth as returned by NL80211_ATTR_WIPHY_FREQ to transmit frames (see commit "Add driver API to get current channel parameters"). It would be good to double check that this is indeed the case. - A kernel patch is needed to let clients correctly handle SA Query Requests that contain an OCI element. See commit "Include and verify OCI in SA Query frames" for details. - After a channel switch, the AP is supposed to deauthenticate clients that did not initiate a SA Query. This is not yet implemented, and currently left as a TODO in the code. Not implementing this does not negatively affect reliability, it only reduces the security benefits. - I've included a bunch of automated tests. Some of these currently use reset_ap, but it seems that function is not always reliable? Sometimes a test fails, but when running again the test succeeds. Maty Vanhoef (25): Add driver API to get current channel parameters Make channel_info available to the supplicant state machine Make channel_info and get_sta available to authenticator Add utility function to derive operating class and channel Add functions to convert channel bandwidth to an integer Store the VHT Operation element of an associated STA OCV: Add configs for channel validation support OCV: Add utility functions to insert OCI elements OCV: insert OCI in 4-way and group key handshake OCV: Parse all types of OCI information elements OCV: Add function to verify a received OCI element OCV: Add function to derive Tx parameters to a specific STA OCV: Verify OCI in 4-way and group key handshake OCV: Include and verify OCI in the FT handshake OCV: Include and verify OCI in WNM-Sleep Exit frames OCV: Include and verify OCI in SA Query frames OCV: Perform a SA Query after a channel switch OCV: Include and verify OCI in the FILS handshake OCV: Include and verify OCI in the AMPE handshake OCV: Test OCI validation in the 4-way and group key handshake OCV: Test OCI validation in the FT handshake OCV: Test OCI validation in the FILS handshake OCV: Test OCI validation in SA Query frames OCV: Test OCI validation in WNM-Sleep Exit frames OCV: Test OCI validation in the AMPE handshake hostapd/Android.mk | 6 + hostapd/Makefile | 6 + hostapd/android.config | 3 + hostapd/config_file.c | 6 + hostapd/defconfig | 3 + hostapd/hostapd.conf | 7 + src/ap/ap_config.c | 9 + src/ap/ap_config.h | 4 + src/ap/ap_drv_ops.h | 8 + src/ap/drv_callbacks.c | 7 +- src/ap/hs20.c | 4 + src/ap/ieee802_11.c | 37 +- src/ap/ieee802_11.h | 6 +- src/ap/ieee802_11_shared.c | 183 ++++++- src/ap/ieee802_11_vht.c | 23 + src/ap/sta_info.c | 1 + src/ap/sta_info.h | 1 + src/ap/wnm_ap.c | 78 ++- src/ap/wpa_auth.c | 262 +++++++++- src/ap/wpa_auth.h | 15 + src/ap/wpa_auth_ft.c | 64 +++ src/ap/wpa_auth_glue.c | 20 + src/ap/wpa_auth_i.h | 3 + src/ap/wpa_auth_ie.c | 43 +- src/ap/wpa_auth_ie.h | 4 + src/common/ieee802_11_common.c | 59 +++ src/common/ieee802_11_common.h | 7 + src/common/ieee802_11_defs.h | 3 + src/common/ocv.c | 168 +++++++ src/common/ocv.h | 40 ++ src/common/wpa_common.c | 6 + src/common/wpa_common.h | 9 +- src/drivers/driver.h | 29 ++ src/drivers/driver_common.c | 19 + src/drivers/driver_nl80211.c | 66 +++ src/drivers/driver_nl80211.h | 2 + src/rsn_supp/wpa.c | 158 +++++- src/rsn_supp/wpa.h | 11 +- src/rsn_supp/wpa_ft.c | 43 ++ src/rsn_supp/wpa_i.h | 9 + src/rsn_supp/wpa_ie.c | 13 + src/rsn_supp/wpa_ie.h | 4 + tests/hwsim/example-hostapd.config | 2 + tests/hwsim/example-wpa_supplicant.config | 2 + tests/hwsim/test_ap_ft.py | 37 +- tests/hwsim/test_ap_pmf.py | 55 +++ tests/hwsim/test_fils.py | 56 +++ tests/hwsim/test_ocv.py | 577 ++++++++++++++++++++++ tests/hwsim/test_wnm.py | 121 +++++ tests/hwsim/test_wpas_mesh.py | 103 +++- tests/hwsim/wpasupplicant.py | 2 +- wlantest/Makefile | 1 + wlantest/bss.c | 5 +- wlantest/ctrl.c | 3 + wlantest/sta.c | 11 +- wpa_supplicant/Android.mk | 6 + wpa_supplicant/Makefile | 6 + wpa_supplicant/android.config | 3 + wpa_supplicant/ap.c | 4 + wpa_supplicant/config.c | 39 ++ wpa_supplicant/config_file.c | 9 + wpa_supplicant/config_ssid.h | 11 + wpa_supplicant/ctrl_iface.c | 4 + wpa_supplicant/defconfig | 5 +- wpa_supplicant/driver_i.h | 8 + wpa_supplicant/events.c | 1 + wpa_supplicant/mesh.c | 3 + wpa_supplicant/mesh_mpm.c | 71 +++ wpa_supplicant/mesh_rsn.c | 8 +- wpa_supplicant/sme.c | 135 ++++- wpa_supplicant/sme.h | 1 + wpa_supplicant/wnm_sta.c | 79 ++- wpa_supplicant/wpa_supplicant.c | 3 + wpa_supplicant/wpa_supplicant.conf | 7 + wpa_supplicant/wpas_glue.c | 8 + wpa_supplicant/wpas_glue.h | 1 + 76 files changed, 2762 insertions(+), 74 deletions(-) create mode 100644 src/common/ocv.c create mode 100644 src/common/ocv.h create mode 100644 tests/hwsim/test_ocv.py -- 2.18.0 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap