Commit graph

4706 commits

Author SHA1 Message Date
Anton Nayshtut
104bef453b FST: hostapd configuration parameters
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
659a1605d8 Parsing of multi band element
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
717333f4e4 FST: Add the Fast Session Transfer (FST) module
Fast Session Transfer (FST) is the transfer of a session from a channel
to another channel in a different frequency band. The term "session"
refers to non-physical layer state information kept by a pair of
stations (STAs) that communicate directly (i.e., excludes forwarding).

The FST is implemented in accordance with IEEE Std 802.11ad-2012.

Definitions

 * FST interface - an interface for which FST functionality is enabled
 * FST group - a bunch of FST interfaces representing single
		multi-band STA
 * FST peer - a multi-band capable STA connected
 * FST module - multi-band operation functionality implemented in
		accordance with IEEE Std 802.11ad-2012 (see 10.32
		Multi-band operation) as a part of hostapd/wpa_supplicant
 * FST manager - an external application that implements custom FST
		related logic, using the FST module's interfaces
		accessible via CLI or D-Bus

This commit introduces only the FST module. Integration of the FST
module into the hostapd/wpa_supplicant and corresponding CLI/D-Bus
interfaces and FST related tests are covered in separate commits.

FST manager application is out of scope of these commits.

As FST aggregates a few interfaces into FST group, the FST module uses
global CLI for both commands and notifications. It also exposes
alternative non-interface based D-Bus subtree for this purposes.

Configuration and Initialization

 * FST functionality can enabled by compilation flag (CONFIG_FST)
 * hostapd/wpa_supplicant controlling multiple interfaces are used for
   FST
 * once enabled by compilation, the FST can be enabled for specific
   interfaces in the configuration files
 * FST interfaces are aggregated in FST groups (fst_group_id config file
   entry), where each FST group:
   - represents one multi-band device
   - should have two or more FST interfaces in it
 * priority (fst_priority config file entry) must be configured for each
   FST interface. FST interface with higher priority is the interface FST
   will always try to switch to. Thus, for example, for the maximal
   throughput, it should be the fastest FST interface in the FST setup.
 * default Link Loss Timeout (LLT) value can be configured for each FST
   interface (fst_llt config file entry). It represents LLT to be used
   by FST when this interface is active.
 * FST interfaces advertise the Multi-band capability by including the
   Multi-band element in the corresponding frames

FST CLI commands:

 * fst list_groups - list FST groups configured.
 * fst list_ifaces - list FST interfaces which belong to specific group
 * fst iface_peers - list Multi-Band STAs connected to specific interface
 * fst list_sessions - list existing FST sessions
 * fst session_get - get FST session info
 * fst session_add - create FST session object
 * fst session_set - set FST session parameters (old_iface, new_iface,
                     peer_addr, llt)
 * fst session_initiate - initiate FST setup
 * fst session_respond - respond to FST setup establishemnt attempt by
                         counterpart
 * fst session_transfer - initiate FST switch
 * fst session_teardown - tear down FST Setup but leave the session object
			  for reuse
 * fst session_remove - remove FST session object

FST CLI notifications:
  * FST-EVENT-PEER - peer state changed (CONNECT/DISCONNECT)
  * FST-EVENT-SESSION - FST session level notification with following
                        sub-events:
     - EVENT_FST_SESSION_STATE - FST session state changed
     - EVENT_FST_ESTABLISHED - previously initiated FST session became
                               established
     - EVENT_FST_SETUP - new FST session object created due to FST session
                         negotiation attempt by counterpart

All the FST CLI commands and notifications are also implemented on D-Bus
for wpa_supplicant.

IEEE 802.11 standard compliance

FST module implements FST setup statemachine in compliance with IEEE
802.11ad (P802.11-REVmc/D3.3), as it described in 10.32 Multi-band
operation (see also Figure 10-34 - States of the FST setup protocol).

Thus, for example, the FST module initiates FST switch automatically
when FST setup becomes established with LLT=0 in accordance with
10.32.2.2 Transitioning between states.

At the moment, FST module only supports non-transparent STA-based FST
(see 10.32.1 General).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
290078a734 Add IEEE 802.11ad element descriptions
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Anton Nayshtut
36209df93a Add is_multicast_ether_addr()
This helper function can be used to check whether a MAC address is a
multicast (including broadcast) address.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Anton Nayshtut
ee1e3f57b5 hostapd: Global control interface notifications
This commit implements hostapd global control interface notifications
infrastructure. hostapd global control interface clients issue
ATTACH/DETACH commands to register and deregister with hostapd
correspondingly - the same way as for any other hostapd/wpa_supplicant
control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Anton Nayshtut
cb05808c46 nl80211: Generic Linux master interface support for hostapd
Previously, hostapd only supported the case of EAPOL frames receiving
from interfaces enslaved into bridge. This commit adds support for any
Linux master (teaming, openvswitch, bonding, etc.) to be detected.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Jouni Malinen
3722c0f4aa Add EAPOL_SET hostapd command to configure EAPOL parameters
This new control interface command "EAPOL_REAUTH <MAC address>
<parameter> <value>" can be used to implement the IEEE 802.1X PAE
Set Authenticator Configuration operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-12 11:34:18 +03:00
Jouni Malinen
cfb5c08f21 Add EAPOL_REAUTH hostapd command to trigger EAPOL reauthentication
This new control interface command "EAPOL_REAUTH <MAC address>" can be
used to implement the IEEE 802.1X PAE Reauthenticate operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-12 11:33:33 +03:00
Jouni Malinen
bddc51e8e4 RSN: Stop connection attempt on apparent PMK mismatch
If WPA2-Enterprise connection with full EAP authentication (i.e., no
PMKSA caching used) results in a PMKID that does not match the one the
AP/Authenticator indicates in EAPOL-Key msg 1/4, there is not much point
in trying to trigger full EAP authentication by sending EAPOL-Start
since this sequence was immediately after such full authentication
attempt.

There are known examples of authentication servers with incorrect MSK
derivation when TLS v1.2 is used (e.g., FreeRADIUS 2.2.6 or 3.0.7 when
built with OpenSSL 1.0.2). Write a clear debug log entry and also send
it to control interface monitors when it looks likely that this case has
been hit. After doing that, stop the connection attempt by
disassociating instead of trying to send out EAPOL-Start to trigger new
EAP authentication round (such another try can be tried with a new
association).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 20:55:17 +03:00
Jouni Malinen
fe1bf32974 Make TLS version number available in STATUS command
This adds a new STATUS command field "eap_tls_version" that shows the
TLS version number that was used during EAP-TLS/TTLS/PEAP/FAST exchange.
For now, this is only supported with OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:51:03 +03:00
Jouni Malinen
5650d379a3 OpenSSL: Add option to disable use of TLSv1.0
The new phase1 config parameter value tls_disable_tlsv1_0=1 can now be
used to disable use of TLSv1.0 for a network configuration. This can be
used to force a newer TLS version to be used. For example,
phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1" would indicate that
only TLS v1.2 is accepted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:27:57 +03:00
Jouni Malinen
2456264fad NFC: Add a hardcoded limit on maximum NDEF payload length
While this is already enforced in practice due to the limits on the
maximum control interface command length and total_length bounds
checking here, this explicit check on payload_length value may help
static analyzers understand the code better. (CID 122668)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 17:03:34 +03:00
Jouni Malinen
df9079e727 NFC: Fix payload length validation in NDEF record parser
It was possible for the 32-bit record->total_length value to end up
wrapping around due to integer overflow if the longer form of payload
length field is used and record->payload_length gets a value close to
2^32. This could result in ndef_parse_record() accepting a too large
payload length value and the record type filter reading up to about 20
bytes beyond the end of the buffer and potentially killing the process.
This could also result in an attempt to allocate close to 2^32 bytes of
heap memory and if that were to succeed, a buffer read overflow of the
same length which would most likely result in the process termination.
In case of record->total_length ending up getting the value 0, there
would be no buffer read overflow, but record parsing would result in an
infinite loop in ndef_parse_records().

Any of these error cases could potentially be used for denial of service
attacks over NFC by using a malformed NDEF record on an NFC Tag or
sending them during NFC connection handover if the application providing
the NDEF message to hostapd/wpa_supplicant did no validation of the
received records. While such validation is likely done in the NFC stack
that needs to parse the NFC messages before further processing,
hostapd/wpa_supplicant better be prepared for any data being included
here.

Fix this by validating record->payload_length value in a way that
detects integer overflow. (CID 122668)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 16:52:25 +03:00
Andrei Otcheretianski
b843a8b8a6 P2PS: Save intended interface address after P2PS PD
One possible outcome of the P2PS PD is P2P GO/P2P Client. In this case,
one peer becomes a P2P GO and the P2P Client joins it. Since multiple
GOs may run simultaneously on the same P2P Device, the P2P Client should
join using the intended interface address.

To be able to find the device by the intended interface address, save it
during the PD.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:59:44 +03:00
Andrei Otcheretianski
5cc6ec0f68 P2PS: Set intended interface address correctly for new group
If a device may be an explicit GO, it adds the GO details in the PD
Request. First, we try to reuse an active GO. If it is not present, we
try to reuse a non-active persistent group. In the latter case, if a
dedicated P2P interface is needed, the intended address should be that
of the pending interface. However, the wpas_get_go_info() provided the
ssid->bssid address, which is the address of the P2P device. This might
result in an incorrect intended interface attribute in the PD Request in
case a separate group interface is used.

Fix this by setting group_iface variable to true only if a dedicated
interface should be used and set the attribute accordingly.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:57:07 +03:00
Andrei Otcheretianski
1f14e2bf92 P2PS: Add PD Response validation
Validate the PD Response frame contents more thoroughly when it is used
for P2PS.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:52:38 +03:00
Andrei Otcheretianski
1f1a08b4cc P2PS: Add intended iface address during PD for persistent group
When persistent group is used and the peer is GO in this group,
intended interface attribute should be added to PD request/response.
Not doing so violates the spec.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:41:19 +03:00
Andrei Otcheretianski
223ccebfa3 P2PS: Save wps_prov_info on the responder side
When device A sends PD response to device B, device A should save
wps_prov_info for device B. Not doing so would result in a redundant and
incorrect PD flow, e.g., when upon PROV-DISC-DONE event device B starts
a GO and device A should join it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:26:07 +03:00
Andrei Otcheretianski
2fc866d1bc P2PS: Validate WPS config methods more accurately in PD Request
In case of a P2PS PD, allow keypad, display, and P2PS WPS config
methods. For a legacy PD, allow keypad, display, and pushbutton methods.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:24:01 +03:00
Max Stepanov
ea210b9f8a P2P: Refactor p2p_process_prov_disc_resp() function
Add 'else if' to P2PS status verification to prevent a redundant
condition checking. The first 'if' condition is true only if
  status == P2P_SC_SUCCESS || status == P2P_SC_SUCCESS_DEFERRED.
while the second condition checks:
  status != P2P_SC_SUCCESS &&
  status != P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE &&
  status != P2P_SC_SUCCESS_DEFERRED
Thus, the two conditions are mutually exclusive and 'else if' can be
used if this case.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:21:44 +03:00
Max Stepanov
20f4c3d76b P2P: Delete redundant comparison in p2p_process_prov_disc_resp()
Delete redundant comparison of msg.wps_config_methods with
dev->req_config_methods in p2p_process_prov_disc_resp() since it's
already done early in this function. Also, the second comparison
doesn't make too much sense: it can happen after a possible
p2p_reset_pending_pd() call setting dev->req_config_methods to 0.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:20:43 +03:00
Max Stepanov
82d6113502 P2PS: Fix adv_id and adv_mac params of P2P-PROV-DISC-FAILURE
When wpa_supplicant receives a PD Response with reject status it
generated P2P-PROV-DISC-FAILURE event without adv_id and adv_mac
parameters. Fix this by adding these parameters to the
wpas_prov_disc_fail() function call.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 19:40:49 +03:00
Dan Williams
e8492c8145 hostap: Fix send_mlme() after 'freq' parameter addition
This fixes the incomplete driver_hostap.c change from commit
5d180a7739 ('drivers: Add freq parameter
to send_mlme() function') that did not take into account the internal
callers.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2015-07-07 19:40:49 +03:00
Jouni Malinen
c8a15753eb Send EAPOL-Start on HELD->CONNECTING transition
Previously, only CONNECTING->CONNECTING case ended up sending out an
EAPOL-Start frame to avoid sending the unnecessary initial EAPOL-Start.
However, this optimization prevented new EAPOL-Start from being
initiated when leaving the HELD state. Allow that case to trigger
immediate EAPOL-Start transmission to speed up connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 19:25:31 +03:00
Mike Gerow
471c810bc1 pkcs11: Don't ask for a new PIN on TLS handshake failure
The only time the PIN should fail is when we initialize the TLS
connection, so it doesn't really make sense to get rid of the PIN just
because some other part of the handshake failed.

This is a followup to commit fd4fb28179
('OpenSSL: Try to ensure we don't throw away the PIN unnecessarily').

Signed-off-by: Mike Gerow <gerow@google.com>
2015-07-07 19:25:31 +03:00
Jouni Malinen
476a634d60 Avoid ubsan warning on 0x80<<24 not fitting in int in WPA_GET_BE32/LE32
Use a typecast to make this shift unsigned so that the MSB fits within
the range of allowed values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
cf6fd19b34 ndisc_snoop: Avoid misaligned read of IPv6 address
The IPv6 address in the frame buffer may not be 32-bit aligned, so use a
local copy to align this before reading the address with 32-bit reads
(s6_addr32[]).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
e9ed7d9898 EAP-TTLS: Avoid ubsan warning on 0x80<<24 not fitting in int
Use a typecast to make this unsigned so that the MSB fits within the
range of allowed values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
0f5fb8a467 radiotap: Avoid ubsan warning on 1<<31
Use the BIT() macro and unsigned int to avoid ubsan warning on 1<<31 not
fitting in an int.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
fc880b11ed NFC: Avoid misaligned read of an NDEF field
The 32-bit version of payload length field may not be 32-bit aligned in
the message buffer, so use WPA_GET_BE32() to read it instead of ntohl().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
e01281fccc trace: Use explicit alignment requirements to avoid misalignment
64-bit builds with CONFIG_WPA_TRACE=y resulted in the wpabuf pointers
getting misaligned (only 32-bit aligned) and that would result in reads
and writes of unaligned size_t values. Avoid this by indicating explicit
alignment requirement for wpabuf_trace to 8 octets (i.e., there will be
extra four octets of padding in case of 64-bit builds).

Similarly, struct os_alloc_trace resulted in some potential misalignment
cases, e.g., when CONFIG_ACS=y uses a 'long double' variable within
struct hostapd_channel_data. Avoid misalignment issues with explicit
alignment indication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
f97e3ce473 drivers: Use unsigned arguments for sta_set_flags()
Since BIT() is now returning unsigned int, these functions need to match
that to avoid compiler warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
32d6463fe7 Make BIT() unsigned int instead of int
This is needed to avoid ubsan warnings on BIT(31).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
bd47c80564 Include stddef.h to use the standard offsetof()
src/utils/list.h ended up defining a local version of offsetof() due to
stddef.h not getting included. This resulted in unnecessary warnings
from ubsan related to "dereferencing" of a NULL pointer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
028b19675d RADIUS DAS: Avoid compiler warning on abs()
The input parameter ended up being converted to long int instead of int,
so use an explicit typecase to get rid of the compiler warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
597e8afeb4 ERP: Avoid mixing of enum types
Use explicit typecasting to avoid implicit conversion warnings in cases
where enum eap_erp_type is used in functions taking an EapType argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
05a90d78dc FT: Allow CCMP-256 and GCMP-256 as group ciphers
The FT-specific check for valid group cipher in wpa_ft_gen_req_ies() was
not up-to-date with the current list of supported ciphers. Fix this by
using a generic function to determine validity of the cipher. In
practice, this adds support for using CCMP-256 and GCMP-256 as the group
cipher with FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
f24b97972b OpenSSL: Merge error returns
These similar error cases can use a single return statement.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:48:22 +03:00
Jouni Malinen
84d6a17a27 TLS: Remove unused tls_capabilities()
This mechanism to figure out TLS library capabilities has not been used
since commit fd2f2d0489 ('Remove
EAP-TTLSv1 and TLS/IA') (Sep 2011).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:40:48 +03:00
Jouni Malinen
786722763d ms_funcs: Merge similar return cases
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
359636170f hw_features: Merge similar return case in check_40mhz_2g4()
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
aac1efec34 Reject the initial 4-way handshake if initial GTK setup fails
This makes the AP/Authenticator design more robust against unexpected
failures in random number generation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
2da525651d Add backtrace-based error path testing mechanism
The new TEST_FAIL and GET_FAIL control interface commands can be used
similarly to the earlier TEST_ALLOC_FAIL/GET_ALLOC_FAIL design. The new
version is more generic framework allowing any function to be annotated
for failure testing with the TEST_FAIL() macro. This mechanism is only
available in builds with CONFIG_WPA_TRACE_BFD=y and
CONFIG_TESTING_OPTIONS=y. For other builds, the TEST_FAIL() macro is
defined to return 0 to allow the compiler to remove the test code from
normal production builds.

As the first test site, allow os_get_random() to be marked for failing
based on call backtrace.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
55413ce072 P2P: Do not allow 40 MHz co-ex PRI/SEC switch to force MCC
Do not allow 40 MHz co-ex PRI/SEC switch to force us to change our PRI
channel if we have an existing connection on the selected PRI channel
since doing multi-channel concurrency is likely to cause more harm than
using different PRI/SEC selection in environment with multiple BSSes on
these two channels with mixed 20 MHz or PRI channel selection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-28 18:14:58 +03:00
Stepanov, Max
8c43ef8449 P2PS: Fix attribute addition in p2p_buf_add_service_instance()
Fix a condition when Advertised Service Info Attribute is added to
a probe response in p2p_buf_add_service_instance(). The issue is
that a 'found' value is increased even if 'test' and 'adv->hash' hashes
are different. As result 'found' may have a non-zero value when an
attribute data length is 0. In this cause an empty attribute is about to
be added. Fixing it by eliminating 'found' and checking 'total_len'
containing a real number of bytes added to Advertised Service Info
Attribute.

This fixes an issue from commit 50a9efe713
('P2PS: Fix Probe Response frame building in error cases').

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-06-27 23:54:10 +03:00
Jouni Malinen
6c7314917b AP: Increase maximum value accepted for cwmin/cwmax
The cwmin/cwmax parameters were limited more than is needed. Allow the
full range (0..15 for wmm_ac_??_{cwmin,cwmax} and 1..32767 for
tx_queue_data?_{cwmin,cwmax}) to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 23:34:49 +03:00
Jouni Malinen
575e4f5d49 SAE: Reject FFC commit-element with value p-1
The current P802.11 description of SAE uses "1 < element < p" as the
required range. However, this is not correct and does not match the
Dragonfly description of "1 < element < p-1". SAE definition will need
to change here. Update the implementation to reject p-1 based on the
correct rule here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 21:20:14 +03:00
Jouni Malinen
a406244395 P2PS: Do not reply to ProbeReq on another channel when starting Listen
It was possible for the P2PS Probe Response frame to go out on the
channel on which a Probe Request frame was reported even when we are
just about to start Listen mode on another channel. This could result in
the peer device using incorrect channel for us. Fix this by skipping the
response in this special case while waiting for Listen mode to start.

This showed up as a hwsim test failure with test sequence "gas_fragment
p2ps_connect_display_method_nonautoaccept" in cases where the dev[0]
Listen channel was not same as the AP operating frequency in the GAS
test.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 17:10:19 +03:00
Jouni Malinen
0c2b3f6541 SAE: Reject commit-scalar value 1
IEEE Std 802.11-2012 description of SAE does not require this, i.e., it
describes the requirement as 0 < scalar < r for processing the Commit
message. However, this is not correct and will be changes to 1 < scalar
< r to match the Dragonfly description so that a trivial secret case
will be avoided explicitly.

This is not much of an issue for the locally generated commit-scalar
since it would be very unlikely to get the value of 1. For Commit
message processing, a peer with knowledge of the password could
potentially force the exchange to expose key material without this
check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 12:41:40 +03:00
Dmitry Shmidt
4f39908b60 Send CTRL-EVENT-NETWORK-NOT-FOUND if no suitable network was found
This provides more information to upper layer programs on what happens
with connection attempts in cases where the enabled networks are not
found in scan results.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-06-27 11:08:08 +03:00
Kevin Cernekee
ded14ce95d Android: Fix nl80211 build if BOARD_*_PRIVATE_LIB is unspecified
wpa_supplicant has stub functions if the external p2p symbols are
unavailable, but the build still fails if the
wpa_driver_nl80211_driver_cmd symbol is missing.  Fix this by leaving the
function pointer NULL.  This is safe because wpa_drv_driver_cmd() performs
a NULL check.

Signed-off-by: Kevin Cernekee <cernekee@google.com>
2015-06-26 22:46:49 +03:00
Kevin Cernekee
a1407217b1 Android: Rename ANDROID_P2P_STUB to ANDROID_LIB_STUB
If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will
need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd
in order to successfully link.  Let's make the name more generic so it is
more obvious what it is used for.

Suggested-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Kevin Cernekee <cernekee@google.com>
2015-06-26 22:46:16 +03:00
Maneesh Jain
4457f41b54 radius: Fix NULL dereference issue on allocation failure
In case memory allocation fails, data->pac_opaque_encr_key may be NULL
and lead to possible crash.

Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-06-26 22:44:41 +03:00
Jouni Malinen
f826fb1de1 OpenSSL: Handle EC_POINT_is_on_curve() error case
Even though this OpenSSL function is documented as returning "1 if point
if on the curve and 0 otherwise", it can apparently return -1 on some
error cases. Be prepared for that and check explicitly against 1 instead
of non-zero.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
bbb50086e3 SAE: Use random "password" in extra hunting-and-pecking loops
If PWE is discovered before the minimum number of loops (k) is reached,
the extra iterations use a random "password" to further obfuscate the
cost of discovering PWE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
eb5fee0bf5 SAE: Add side-channel protection to PWE derivation with ECC
This replaces the earlier IEEE Std 802.11-2012 algorithm with the design
from P802.11-REVmc/D4.0. Things brings in a blinding technique for
determining whether the pwd-seed results in a suitable PWE value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
16841ab246 crypto: Add functions for computing the Legendre symbol and EC y^2
These are needed to implement side-channel protection for SAE PWE
derivation for ECC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
c4a13b424b OpenSSL: Add support for Brainpool Elliptic Curves
This allows the IKE groups 27-30 (RFC 6932) to be used with OpenSSL
1.0.2 and newer. For now, these get enabled for SAE as configurable
groups (sae_groups parameter), but the new groups are not enabled by
default.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
4584b66eae SAE: Increase security parameter k to 40 based on Dragonfly recommendation
draft-irtf-cfrg-dragonfly recommends implementation to set the security
parameter, k, to a value of at least 40. This will make PWE generation
take significantly more resources, but makes it more likely to hide
timing differences due to different number of loops needed to find a
suitable PWE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-25 20:53:37 +03:00
Jouni Malinen
fdd731bd4a SAE: Fix PWE generation to use minimum loop count (k) properly
The implementation did not match the comment, i.e., only k-1 rounds were
required instead of k.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-25 20:53:37 +03:00
Jouni Malinen
8ec33326c1 SAE: Merge sae_derive_commit() error case return statements
These error cases have the exact same outcome, so a single return
statement can be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
d93abd4a97 SAE: Merge sae_get_rand() error case return statements
These error cases have the exact same outcome, so a single return
statement can be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
6a58444d27 SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are different
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
4e7e68890a Add crypto_ec_point_cmp()
This is needed to allow SAE to check whether ECC elements are identical.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 22:29:23 +03:00
Jouni Malinen
fdc5608c12 OpenSSL: Remove SSL_CTX_{get,set}_app_data() compatibility wrapper
OpenSSL 0.9.8 (and newer) includes SSL_CTX_get_app_data() and
SSL_CTX_set_app_data(), so there is no need to maintain this old
OPENSSL_SUPPORTS_CTX_APP_DATA backwards compatibility design.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 21:05:02 +03:00
Jouni Malinen
ba54933f63 libtommath: Fix mp_init_multi() stdarg use on error path
Previously, it would have been possible for va_end(args) to be called
twice in case mp_init() fails. While that may not cause issues on number
of platforms, that is not how va_start()/va_end() are supposed to be
used. Fix this by returning from the function without using va_end()
twice on the same va_list args.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 20:39:08 +03:00
Jouni Malinen
f6df3f3a00 Use os_* wrapper more consistently
os_free() needs to be used when freeing memory that was allocated with
os_malloc()/os_zalloc()/os_calloc().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 20:08:00 +03:00
Jouni Malinen
c5ca73d1f7 P2P: Use offsetof() instead of local implementation
The construction used here to figure out the offset of variable length
IEs in Probe Request frames was a bit odd looking and resulted in a
warning from a static analyzer, so replace it with more standard use of
offsetof().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 18:30:11 +03:00
Jouni Malinen
c3c5b5fe92 ERP server: Make erp_send_finish_reauth() easier for static analyzers
The flags argument is used to indicate a failure case (0x80) which
allows erp == NULL. This may be a bit too difficult combination for
static analyzers to understand, so add an explicit check for !erp as
another condition for returning from the function before the erp pointer
gets dereferenced without checking it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 18:27:06 +03:00
Jouni Malinen
6ce1bea1ff bsd: Remove redundant NULL check in bsd_init()
drv cannot be NULL here (it is dereferenced even on the preceding line)
and anyway, os_free(NULL) is allowed, so remove the redundant check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 18:20:24 +03:00
Jouni Malinen
c99df20192 Remove redundant NULL check in ieee802_1x_encapsulate_radius()
The eap argument to this function is never NULL and the earlier
ieee802_1x_learn_identity() call is dereferencing it anyway, so there is
no point in checking whether it is NULL later in the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 18:18:25 +03:00
Jouni Malinen
2eb5967d99 AP: Add more 2.4 GHz channels for 20/40 MHz HT co-ex scan
This needs to find the PRI channel also in cases where the affected
channel is the SEC channel of a 40 MHz BSS, so need to include the
scanning coverage here to be 40 MHz from the center frequency. Without
this, it was possible to miss a neighboring 40 MHz BSS that was at the
other end of the 2.4 GHz band and had its PRI channel further away from
the local BSS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 11:25:22 +03:00
Jouni Malinen
5ed6519625 hw_features: Merge similar return cases
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 11:24:52 +03:00
Jouni Malinen
4e37dd6c60 SAE: Simplify sae_prepare_commit() error path
There is no need to keep separate "return -1" statements for these error
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-22 00:38:02 +03:00
Jouni Malinen
3dce85ceb0 HS 2.0: Add WLAN RADIUS attributes in OSEN case
Previously, the common WLAN-* RADIUS attributes were added only when WPA
or WPA2 was used. These can be of use for OSEN as well, so include them
in that case, too.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:04:32 +03:00
Jouni Malinen
efd5d26d33 Remove unnecessary wpa_ie_len check from wpa_parse_wpa_ie_wpa()
There is no need to have a separate "fail silently" case for wpa_ie_len
== 0. That condition does not seem to be reachable and even if it were,
the following "ie len too short" case will result in the exact same
return value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:04:31 +03:00
Jouni Malinen
ce8963fc9f Remove WEP40/WEP104 cipher suite support for WPA/WPA2
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:04:31 +03:00
Jouni Malinen
1887be4fa7 Make check_20mhz_bss() static
This is not used outside this file anymore, so there is no need to
export the symbol either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 16:05:54 +03:00
Ilan Peer
1ac977bdd5 nl8021: Allow sending wowlan configuration on any interface
Sending a wowlan configuration command can be done on any wireless
interface (not only netdev), as it is a device configuration and not
interface configuration specific. Fix the code to allow it to be
sent on any interface.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-06-19 16:17:04 +03:00
Ilan Peer
489970270b nl80211: Remove android_genl_ctrl_resolve()
Android libnl_2 implementation added support for "nl80211" name in
commit 'libnl_2: Extend genl_ctrl_resolve() to support "nl80211" name'
in July 2012 which got included in Android 4.2. It is fine to drop this
old Android ICS workaround from wpa_supplicant now.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-06-19 16:06:28 +03:00
Ben Rosenfeld
6b5147af53 P2P: Fix memory leak in p2p_process_nfc_connection_handover()
p2p_process_nfc_connection_handover() allocates msg memory in the parser
and might return before memory is released if the received message is
not valid.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2015-06-19 01:23:24 +03:00
Jouni Malinen
33ba27d387 EAP-FAST peer: Stop immediately on key derivation failure
If key derivation fails, there is no point in trying to continue
authentication. In theory, this could happen if memory allocation during
TLS PRF fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-19 01:23:24 +03:00
Ben Rosenfeld
144b6a0650 OpenSSL: Fix memory leak on an openssl_tls_prf() error path
Free tmp_out before returning to prevent memory leak in case the second
memory allocation in openssl_tls_prf() fails. This is quite unlikely,
but at least theoretically possible memory leak with EAP-FAST.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2015-06-19 01:23:24 +03:00
Jouni Malinen
50a9efe713 P2PS: Fix Probe Response frame building in error cases
org.wi-fi.wfds service is not a replacement for non-WFA service matches.
Do not try to replace the results with that if there is not sufficient
room for the response. Instead, reply with all the matching services
that fit into the message. org.wi-fi.wfds is the first entry in the list
(if matching request/service is present), so it won't get overridden by
other services.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 18:14:04 +03:00
Jouni Malinen
509f269bbd P2PS: Fix org.wi-fi.wfds matching when building the response
The service hash for org.wi-fi.wfds is supposed to match only if the
device has a WFA defined org.wi-fi.wfds.* service. Verify that before
adding org.wi-fi.wfds to the response.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 18:14:04 +03:00
Jouni Malinen
5fa5f84324 P2PS: Add more debug prints for service info building
This makes the debug log much more helpful for figuring out results from
service hash matching.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 18:14:04 +03:00
Jouni Malinen
fdde3db6b8 P2PS: Remove unnecessary service hash filtering from p2p_reply_probe()
Probe Response building is already doing service matching and there is
no need to do this in both places, so simplify the p2p_reply_probe()
implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 18:14:04 +03:00
Jouni Malinen
f2e0eecf09 P2PS: Do not ignore other hashes if org.wi-fi.wfds hash is included
When doing initial processing of Probe Request frame service hashes, the
previous implementation dropped all other hash values if a hash for
org.wi-fi.wfds was included. This is not correct, since that is not a
full wildcard of all services (it only matches WFA defined
org.wi-fi.wfds.* services).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 17:27:31 +03:00
Jouni Malinen
ebdc32f350 P2PS: Fix service hash matching for org.wi-fi.wfds
This "wildcard" match is for WFA specified org.wi-fi.wfds.* services,
not for all services. Verify that there is a really matching service
being advertised instead of assuming this "wildcard" matches if any
services are advertised.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 17:27:31 +03:00
Jouni Malinen
24533f7e81 P2PS: Fix p2p_find handling to allow "wildcard" with other hash values
The org.wi-fi.wfds "wildcard" is not a full wildcard of all service
names and as such, it must not remove other service name hash values
from the Probe Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 17:27:31 +03:00
Jouni Malinen
f33a31b06c P2PS: Verify service name length in P2P_FIND command
p2ps_gen_hash() has a limit on service names based on the temporary
buffer from stack. Verify that the service name from the local P2P_FIND
command is short enough to fix into that buffer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 17:27:30 +03:00
Max Stepanov
83e520e473 P2PS: Add a wildcard with other advertised service info
Quoting P2PS specification: "If multiple Service Hash values are
included in the Probe Request frame, then the ASP shall find a match for
each Service Hash, and it shall send a Probe Response frame with the
information listed in this section for all matched Service Hashes." This
commit changes handling of wildcard hash matching by adding a
wildcard 'org.wi-fi.wfds' info together with the other hash matches.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-18 15:06:54 +03:00
Max Stepanov
c5d3cadbfb P2PS: Re-factor p2p_buf_add_service_instance function
Add auxiliary functions to write a single advertised service info record
into a wpabuf and to find P2PS wildcard hash in a received hash
attribute. Re-factor p2p_buf_add_service_instance() function to allow
adding new wildcard types in future commits.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-18 15:06:48 +03:00
Jouni Malinen
b4c0f58452 Clear allocated debug message buffers explicitly
When hostapd or wpa_supplicant is run in debug more with key material
prints allowed (-K on the command line), it is possible for passwords
and keying material to show up in debug prints. Since some of the debug
cases end up allocating a temporary buffer from the heap for processing
purposes, a copy of such password may remain in heap. Clear these
temporary buffers explicitly to avoid causing issues for hwsim test
cases that verify contents of memory against unexpected keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-17 16:30:34 +03:00
Max Stepanov
e12c4004e4 P2PS: Refactor p2p_data::query_hash and p2p_data::query_count use
Avoid using p2p_data::query_hash for both Probe Request frame processing
and for hashes specified by p2p_find. It's resolved by use of local
query_hash and query_count variables in p2p_reply_probe().

Since p2p_data::query_hash is used only for seek hash values rename
p2p_data::query_hash to p2ps_seek_hash.

Delete p2p_data::query_count since it's not needed anymore.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-15 17:30:01 +03:00
Sunil Dutt
4839da4d4f P2P: Add vendor elements into Invitation Response frames
Commit 86bd36f0d5 ('Add generic mechanism
for adding vendor elements into frames') introduced a mechanism to add
vendor elements into various frames, but missed the addition to the
Invitation Response frame. This commit addresses the same.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-15 14:16:30 +03:00
Max Stepanov
886f583dd7 P2PS: Delete p2ps_svc_found from struct p2p_data
This variable is used locally only in the p2p_reply_probe() function.
The value of this variable is valid only in the context of the single
Probe Request message handling and doesn't make much sense in p2p
context.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Max Stepanov
3f048aa8d2 P2PS: Add a function to free a PD context
Free a PD context with a function encapsulating both os_free() call and
setting a PD context pointer to NULL.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Andrei Otcheretianski
8f52409972 P2P: Prefer direct Probe Response frames over GO's client list
A P2P Client may be discoverable and reply to Probe Request frames,
while at the same time the P2P GO would also be discoverable and include
the P2P Client information in the P2P Group Info attribute of the Probe
Response frames.

If a seeker constantly hears the Probe Response frames from a P2P Client
and then from the GO, but handles them in the opposite order (due to
scan results ordering), the more valuable Probe Response frame from the
P2P Client will be ignored. Fix this by defining a threshold (1 second)
during which the direct Probe Response frame will be preferred over the
information acquired from the GO and will not be considered as old.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Andrei Otcheretianski
4e8817f7f0 P2P: Use more precise device timestamping for group clients
When adding group clients to the P2P peer list, use the driver provided
BSS entry timestamp instead of the current time. Otherwise, the time
comparison which is made in p2p_add_device() doesn't make sense.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Andrei Otcheretianski
0799b3f899 P2P: Specify frequency when sending Probe Response frame
If the RX frequency of the Probe Request frame is known, specify it when
sending the Probe Response frame. This is needed when the Probe Request
frame is received on another virtual interface, for example, when a GO
or P2PS client are discoverable on the group operating channel.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Andrei Otcheretianski
5d180a7739 drivers: Add freq parameter to send_mlme() function
Change send_mlme() API to allow sending management frames on a specific
channel, overriding the internal driver decision.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Max Stepanov
5143e7ee6e P2P: Fix return value of p2p_reply_probe() and p2p_probe_req_rx()
Return P2P_PREQ_PROCESSED instead of P2P_PREQ_NOT_PROCESSED on
a successful Probe Request frame handling in p2p_reply_probe().

Verify a return value of p2p_reply_probe() in p2p_probe_req_rx()
and continue a pending invitation/connection flow only if the
Probe Request frame is from an expected P2P peer.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Max Stepanov
734ddf6125 P2P: Add rx_freq parameter to Probe Request frame handler
In some cases, Probe Request frames can be received by a peer not only
on a listen channel. In this case an additional rx_freq parameter
explitly contains a Probe Request frame RX frequency. In case rx_freq is
set to 0, a Probe Request frame RX channel is assumed to be our own
listen channel (p2p->cfg->channel).

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Jouni Malinen
a9a4841010 Remove duplicated country code from operating class lists
CA country code was included mistakenly (copy-paste..) in cn_op_class_cc
while it was supposed to be included only in us_op_class_cc. In
practice, this did not result in incorrect operation due to the
us_op_class_cc list being checked first. Anyway, better fix
cn_op_class_cc to avoid confusion here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-14 17:40:10 +03:00
Jouni Malinen
bbd0bf811e tests: Additional ieee802_11_parse_elems() module test coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-14 16:47:29 +03:00
Jouni Malinen
41ecd3778d tests: Module test for gas.c corner cases in gas_anqp_set_len()
This increases code coverage for gas.c testing to cover areas that
cannot be reached with pure hwsim test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-14 16:27:21 +03:00
Michael Braun
132dfbe8c2 Fix removal of tagged interface and bridge when multiple BSS share them
Currently, if multiple bss share are bridge and tagged vlan interface,
only the first instance of struct hostapd_vlan for this vlanid will have
the DVLAN_CLEAN_VLAN flag added. Thus, when this instance is removed,
the tagged vlan interface will be removed from bridge, thought other bss
might still need it. Similarily, the bridge will be left over, as the
does not have zero ports when the first instance of a struct
hostapd_vlan is freed.

This patch fixes this by having a global (per process) reference counter
for dynamic tagged vlan and dynamically created bridge interfaces, so
they are only removed after all local users are freed. (struct
hapd_interfaces *)->vlan_priv is used to hold src/ap/vlan_init.c global
per-process data like drv_priv does; right now this is only used for the
interface reference counting, but could get extended when needed. Then
possibly some vlan_global_init / vlan_global_deinit should be added, but
this is not required right now.

Additionally, vlan->configured is checked to avoid reference counter
decreasing before vlan_newlink increased them.

In order to avoid race conditions, vlan_dellink is called explicitly
after hostapd_vlan_if_remove. Otherwise there would be a short timeframe
between hostapd_vlan_if_remove and vlan_dellink during which the struct
hostapd_vlan still exists, so ap_sta_bind_vlan would try to attach
stations to it.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-06-14 13:33:07 +03:00
Amr BEN ABDESSALEM
0c9fb14ec4 P2P: Add Operating class 125 for P2P supported channels
Add operating class 125 (channels 149..169) to the list of P2P supported
channels. This allows the 5 GHz channels 161 and 169 to be used for P2P
GO when those channels are allowed for AP mode in the current regulatory
domain.

Signed-off-by: Amr BEN ABDESSALEM <amrx.ben.abdessalem@intel.com>
2015-06-12 20:39:49 +03:00
Jouni Malinen
995a3a06f4 Document the wpa_msg_cb "global" parameter
Instead of an int variable with magic values 0, 1, 2, use an enum that
gives clearer meaning to the values now that the original boolean type
global argument is not really a boolean anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-10 16:02:00 +03:00
Jouni Malinen
e19c1d2cc7 Fix pairwise cipher suite bitfields to the driver in mixed mode
Commit 95b6bca66d ('Add rsn_pairwise bits
to set_ieee8021x() driver_ops') modified cipher configuration to use
unconditionally wpa_pairwise | rsn_pairwise. While that works for many
cases, it does not handle the case of dynamic configuration changes over
the control interface where wpa_pairwise or rsn_pairwise values may not
get cleared when the wpa parameter is modified. Fix this inconsistency
by configuring the driver with only the bits that are valid for the
currently enabled WPA/WPA2 version(s).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-10 13:49:59 +03:00
Jouni Malinen
c5ee4dd9d9 Fix spelling of initialize in a comment and an error message
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-10 12:02:46 +03:00
MAYANK HAARIT
aa2b12562b P2P: Add GO Intent of connecting device in GO Negotiation Request event
Add GO Intent information of connecting device in GO Negotiation Request
event which will help applications to decide its own GO intent value in
advance and can avoid failure cases when both devices use GO Intent 15
depending on application requirement.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2015-06-06 18:16:39 +03:00
Alan T. DeKok
f13e815491 Set Acct-Session-Id from os_get_random() instead of os_get_time()
So that systems with bad clocks will send random session IDs,
instead of always ones starting at the same second.

If os_get_random() isn't available, use os_get_time(). But also
mix in now.tv_usec, so that the accounting session ID is more
likely to be globally and temporally unique.

Signed-off-by: Alan DeKok <aland@freeradius.org>
2015-06-06 17:23:43 +03:00
MAYANK HAARIT
92f190a0ac OpenSSL: Fix build iwth OpenSSL 0.9.8
The OPENSSL_VERSION_NUMBER < 0x00909000L case of
openssl_get_keyblock_size() had not been kept in sync with the cleanup
changes.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2015-06-06 17:15:47 +03:00
Jouni Malinen
0980c7face hostapd: Make sure band selection does not result in NULL dereference
Explicitly check for iface->current_mode before dereferencing it. While
this case may not happen in practice, it is better for the setup
functions to be more careful when doing the initial band selection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-02 20:06:49 +03:00
Peng Xu
3784c0589e Extend hw_mode to support any band for offloaded ACS case
When device supports dual band operations with offloaded ACS, hw_mode
can now be set to any band (hw_mode=any) in order to allow ACS to select
the best channel from any band. After a channel is selected, the hw_mode
is updated for hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-05-27 12:17:57 +03:00
Jouni Malinen
ca24117a5a EAP-EKE: Add Session-Id
While RFC 6124 does not define how Session-Id is constructed for
EAP-EKE, there seems to be consensus among the authors on the
construction. Use this Type | Nonce_P | Nonce_S construction based on
the following email:

 From: Yaron Sheffer <yaronf.ietf at gmail.com>
 To: ietf at ietf.org
 Date: Wed, 17 Nov 2010 13:13:42 +0200

Expanding on my previous response, I suggest to resolve Bernard's
concern by adding the following text:

5.6 EAP Key Generation

EAP-EKE can be used for EAP key generation, as defined by [RFC 5247].
When used in this manner, the values required to establish the key
hierarchy are defined as follows:

- Peer-Id is the EAP-EKE ID_P value.
- Server-Id is the EAP-EKE ID_S value.
- Session-Id is the concatenated Type | Nonce_P | Nonce_S, where Type is
  the method type defined for EAP-EKE in [Sec. 4.1], a single octet.

Thanks,
	Yaron

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 11:58:45 +03:00
Srinivasa Duvvuri
567098ec74 ACS: Scan only channels specified in the channel list
The ACS code part of hostapd scans all the channels even if the channel
list is specified in the hostapd.conf. Limit the ACS scan channels to
the list specified in the config file.

Signed-off-by: Srinivasa Duvvuri<sduvvuri@chromium.org>
2015-05-24 10:38:27 +03:00
Ilan Peer
9b05135aa4 P2P: Fix association with an AP/P2P GO that is not a P2P manager
Do not add a P2P IE when a station interface is trying to associate
to an AP or P2P GO that publishes a P2P IE but does not include
a P2P manageability attribute.

This addresses an interoperability issue that was reported in
https://bugzilla.kernel.org/show_bug.cgi?id=96471, where a P2P GO
rejects association from a station interface without a specified
reason.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-05-07 21:00:22 +03:00
Matthias May
8884ce03bc hostapd: check validity of cwMin/cwMax values
Signed-off-by: Matthias May <matthias.may@neratec.com>
2015-05-07 20:57:32 +03:00
Michael Braun
9649b5342d vlan: Print libnl error message on vlan_add / vlan_del
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-05-07 20:54:26 +03:00
Sunil Dutt
279724d835 Add QCA vendor subcmd for Link Property Query
Link Property query vendor command shall facilitate the information
of the Wi-Fi link. MAC address of the Wi-Fi peer is given as an input
for querying the link properties.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-05-07 18:53:23 +03:00
Jouni Malinen
58606fd987 EAP-pwd server: Make sure in_frag_pos is cleared to zero on allocation
The cleanup code will handle this, but it is more robust to make sure
this is cleared to zero when allocating a new buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
6aa5d95dab EAP-pwd peer: Make sure in_frag_pos is cleared to zero on allocation
The cleanup code will handle this, but it is more robust to make sure
this is cleared to zero when allocating a new buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
28a069a545 EAP-pwd peer: Fix asymmetric fragmentation behavior
The L (Length) and M (More) flags needs to be cleared before deciding
whether the locally generated response requires fragmentation. This
fixes an issue where these flags from the server could have been invalid
for the following message. In some cases, this could have resulted in
triggering the wpabuf security check that would terminate the process
due to invalid buffer allocation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
3035cc2894 EAP-pwd server: Fix Total-Length parsing for fragment reassembly
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.

In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
477c74395a EAP-pwd peer: Fix Total-Length parsing for fragment reassembly
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.

In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
e28a58be26 EAP-pwd server: Fix payload length validation for Commit and Confirm
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.

Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
dd2f043c9c EAP-pwd peer: Fix payload length validation for Commit and Confirm
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.

Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
ef566a4d4f AP WMM: Fix integer underflow in WMM Action frame parser
The length of the WMM Action frame was not properly validated and the
length of the information elements (int left) could end up being
negative. This would result in reading significantly past the stack
buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
so, resulting in segmentation fault.

This can result in an invalid frame being used for a denial of service
attack (hostapd process killed) against an AP with a driver that uses
hostapd for management frame processing (e.g., all mac80211-based
drivers).

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
8640cf7f8f WPS: Add more debug prints to httpread
These can be helpful when debugging HTTP error cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
1bd0d578a9 WPS: Replace the httpread_debug design with standard debug prints
The debug information from httpread can be helpful in figuring out error
cases in general and as such, should be enabled by default. Get rid of
the hardcoded httpread_debug value that would require source code
changes to enable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
7da4f4b499 WPS: Check maximum HTTP body length earlier in the process
There is no need to continue processing a HTTP body when it becomes
clear that the end result would be over the maximum length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
af185d0b57 WPS: Extra validation step for HTTP reader
Verify that ncopy parameter to memcpy is not negative. While this is not
supposed to be needed, it is a good additional protection against
unknown implementation issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
5acd23f458 WPS: Fix HTTP chunked transfer encoding parser
strtoul() return value may end up overflowing the int h->chunk_size and
resulting in a negative value to be stored as the chunk_size. This could
result in the following memcpy operation using a very large length
argument which would result in a buffer overflow and segmentation fault.

This could have been used to cause a denial service by any device that
has been authorized for network access (either wireless or wired). This
would affect both the WPS UPnP functionality in a WPS AP (hostapd with
upnp_iface parameter set in the configuration) and WPS ER
(wpa_supplicant with WPS_ER_START control interface command used).

Validate the parsed chunk length value to avoid this. In addition to
rejecting negative values, we can also reject chunk size that would be
larger than the maximum configured body length.

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Maks Naumov
74d912f134 libtommath: Fix check mp_init_multi() result
If the mp_init_multi() call had failed due to memory allocation failure,
mp_div() would have returned 1 instead of MP_MEM (-2). It looks like all
callers are checking the return value against MP_OKAY instead of <1
(etc.), so this does not seem to result in difference in behavior.
Anyway, it's best to fix the mp_div() return value for the MP_MEM error
case to avoid unexpected behavior.

Signed-off-by: Maks Naumov <maksqwe1@ukr.net>
2015-05-03 16:53:59 +03:00
Jouni Malinen
fd66aa63f4 Check Public Action length explicitly before reading Action Code
In theory, the previous version could have resulted in reading one byte
beyond the end of the management frame RX buffer if the local driver
were to deliver a truncated Public Action frame for processing. In
practice, this did not seem to happen with mac80211-based drivers and
even if it were, the extra octet would be an uninitialized value in a
buffer rather than read beyond the end of the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:33:08 +03:00
Jouni Malinen
ff4a6d4382 EAP-SIM/AKA: Explicitly check for header to include Reserved field
This was previously checked as part of the eap_sim_parse_attr()
processing, but it is easier to review the code if there is an
additional explicit check for confirming that the Reserved field is
present since the pos variable is advanced beyond it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:33:03 +03:00
Jouni Malinen
f5ed40010c EAP-SAKE: Make attribute parser more readable
Clean up eap_sake_parse_add_attr() design by passing in pointer to the
payload of the attribute instead of parsing these separately for each
attribute within the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:50 +03:00
Jouni Malinen
0dfb7be470 EAP-SAKE: Pass EAP identifier instead of full request
This simplifies analysis of areas that get access to unverified message
payload.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:46 +03:00
Jouni Malinen
354e3f7959 TLS: Fix debug dump of X.509 certificate
The length of the extra data following the encoded certificate was
printed out in debug hexdump.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:40 +03:00
Jouni Malinen
87fcb5a735 EAP-PAX: Fix PAX_STD-1 and PAX_STD-3 payload length validation
The req_plen argument to eap_pax_process_std_1() and
eap_pax_process_std_3() could be smaller than sizeof(struct eap_pax_hdr)
since the main processing function was only verifying that there is
enough room for the ICV and then removed ICV length from the remaining
payload length.

In theory, this could have resulted in the size_t left parameter being
set to a negative value that would be interpreted as a huge positive
integer. That could then result in a small buffer read overflow and
process termination if MSGDUMP debug verbosity was in use.

In practice, it does not seem to be feasible to construct a short
message that would be able to pass the ICV validation (calculated using
HMAC-SHA1-128) even for the case where an empty password is used.
Anyway, the implementation should really check the length explicitly
instead of depending on implicit check through ICV validation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:36 +03:00
Jouni Malinen
c3c5615ee0 EAP-GPSK: Pass EAP identifier instead of full request
This simplifies analysis of areas that get access to unverified message
payload.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:28 +03:00
Jouni Malinen
d36c803c69 EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf
The EAP-TLS-based helper functions can easily use struct wpabuf in more
places, so continue cleanup in that direction by replacing separate
pointer and length arguments with a single struct wpabuf argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:23 +03:00
Jouni Malinen
8d9f3b8ed6 EAP-FAST: Do not use type cast to remove const specification
All the uses here are read only, so there is no need to type case the
const specification away.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:19 +03:00
Jouni Malinen
07f9034d14 EAP-FAST: Pass EAP identifier instead of full request
This simplifies analysis of areas that get access to unverified message
payload.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:10 +03:00
Jouni Malinen
f153e41bb2 EAP-EKE: Do not pass full request to eap_eke_build_fail()
This function is only using the Identifier field from the EAP request
header, so there is no need to pass it a pointer to the full message.
This makes it a bit easier to analyze the area that gets access to
unverified message payload.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:05 +03:00
Jouni Malinen
53f376c103 Fix a typo in function documentation
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:31:59 +03:00