Commit graph

10518 commits

Author SHA1 Message Date
Jouni Malinen
0764dd6849 TLS client: Multi-OCSP check to cover intermediate CAs
This extends multi-OCSP support to verify status for intermediate CAs in
the server certificate chain.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-24 00:54:30 +02:00
Jouni Malinen
d6b536f7e5 Add ocsp=3 configuration parameter for multi-OCSP
ocsp=3 extends ocsp=2 by require all not-trusted certificates in the
server certificate chain to receive a good OCSP status. This requires
support for ocsp_multi (RFC 6961). This commit is only adding the
configuration value, but all the currently included TLS library wrappers
are rejecting this as unsupported for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-24 00:54:30 +02:00
Jouni Malinen
02683830b5 TLS: Move variable declaration to the beginning of the block
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-24 00:54:30 +02:00
Jouni Malinen
98d125cafa tests: Minimal testing of OCSP stapling with ocsp_multi
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-23 00:32:52 +02:00
Jouni Malinen
b5677752b2 TLS client: OCSP stapling with ocsp_multi option (RFC 6961)
This adds a minimal support for using status_request_v2 extension and
ocsp_multi format (OCSPResponseList instead of OCSPResponse) for
CertificateStatus. This commit does not yet extend use of OCSP stapling
to validate the intermediate CA certificates.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 20:44:56 +02:00
Jouni Malinen
8ea6a27003 TLS server: OCSP stapling with ocsp_multi option (RFC 6961)
This allows hostapd with the internal TLS server implementation to
support the extended OCSP stapling mechanism with multiple responses
(ocsp_stapling_response_multi).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 20:44:52 +02:00
Jouni Malinen
5addb0df59 Server configuration for OCSP stapling with ocsp_multi (RFC 6961)
This adds a new hostapd configuration parameter
ocsp_stapling_response_multi that can be used similarly to the existing
ocsp_stapling_response, but for the purpose of providing multiple cached
OCSP responses. This commit adds only the configuration parameter, but
does not yet add support for this mechanism with any of the supported
TLS implementations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 19:42:07 +02:00
Jouni Malinen
bca0872dd5 TLS server: OCSP stapling
This adds support for hostapd-as-authentication-server to be build with
the internal TLS implementation and OCSP stapling server side support.
This is more or less identical to the design used with OpenSSL, i.e.,
the cached response is read from the ocsp_stapling_response=<file> and
sent as a response if the client requests it during the TLS handshake.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 17:53:45 +02:00
Jouni Malinen
8adce07a73 tests: Add dh_file parameter for integrated EAP server
This is needed for number of EAP test cases at least when using the
internal TLS server implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 17:51:54 +02:00
Jouni Malinen
9532bd2b44 GnuTLS: OCSP stapling on the server side
This adds support for hostapd-as-authentication-server to be build
against GnuTLS with OCSP stapling server side support. This is more or
less identical to the design used with OpenSSL, i.e., the cached
response is read from the ocsp_stapling_response=<file> and sent as a
response if the client requests it during the TLS handshake.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 16:47:29 +02:00
Jouni Malinen
6241766709 Use wpa_msg() for the "RSN: PMKID mismatch" message
This message is sent at MSG_INFO level and it is supposed to go out even
even debug messages were to be removed from the build. As such, use
wpa_msg() instead of wpa_dbg() for it.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 11:22:19 +02:00
Jouni Malinen
e161451fc8 EAP-EKE: Merge identical error return paths
There is no need to maintain multiple copies of the same error return
path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-22 00:10:22 +02:00
Jouni Malinen
13cb0a66d5 EAP-EKE: Reject too long Prot() data when building a frame
This error case in own buffer lengths being too short was not handled
properly. While this should not really happen since the wpabuf
allocation is made large for the fixed cases that are currently
supported, better make eap_eke_prot() safer if this functionally ever
gets extended with a longer buffer need.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-22 00:10:22 +02:00
Jouni Malinen
3b6f3b37b8 tests: WPA2-Enterprise connection using EAP-EKE (many connections)
This tries to make it more likely to hit the special case of pub_len <
prime_len for additional code coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-21 23:57:16 +02:00
Jouni Malinen
2fd377dea1 tests: EAP protocol tests with expanded header
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-21 23:31:15 +02:00
Jouni Malinen
0ab0de88e8 Document previously missing key_mgmt values
Number of key_mgmt options were missing from the documentation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-21 17:45:57 +02:00
Jouni Malinen
47eac38a63 tests: Add AP Location Public Identifier into gas_anqp_extra_elements
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-21 11:56:56 +02:00
Jouni Malinen
f2dfb1dafa tests: GAS fragmentation and comeback delay
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 21:07:33 +02:00
Jouni Malinen
c24f8e8e75 GAS: Do not cancel initial offchannel wait with comeback delay 1
The minimum comeback delay 1 is used to indicate that fragmentation is
needed instead of indicating that the response is going to be available
only after some time. Do not cancel offchannel wait for this case
between the initial and comeback exchanges to avoid delaying the full
operation unnecessarily.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 21:07:33 +02:00
Jouni Malinen
70f2a3f4ab tests: GAS fragmentation with mac80211_hwsim MCC enabled
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 21:07:33 +02:00
Jouni Malinen
35c146bc1b tests: Update gas_anqp_oom_hapd to match new implementation
Since wpa_supplicant is now retrying GAS comeback failures once, the
gas_anqp_oom_hapd test case started failing. Fix this by updating the
test case to expect success (on the retry).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 21:07:33 +02:00
Jouni Malinen
364282c8c9 GAS: Retry full GAS query if comeback response is not received
It is possible for a comeback response to get lost especially when going
through a large GAS exchange fragmented to multiple frames in an
environment with interference or other traffic. Make this less likely to
fail the full exchange by trying full GAS query again and using longer
wait time on the GAS comeback exchanges.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 21:07:33 +02:00
Jouni Malinen
f9a9304479 tests: Modify gas_malformed_comeback_resp to allow GAS retries
This is in preparation of a wpa_supplicant change to allow GAS retries
which can result in the previous test case design showing failures due
to "unexpected" management frames (GAS Initial Request from the retry).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 21:07:33 +02:00
Jouni Malinen
a587666cba GAS server: Replenish temporary STA entry timeout on comeback request
Previously, the five second timeout was added at the beginning of the
full GAS query and it was not replenished during fragmented exchanges.
This could result in timing out a query if it takes significant time to
go through the possibly multiple fragments and long comeback delay.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 19:43:23 +02:00
Matti Gottlieb
8fb718a748 GAS: Shorten the duration of the wait for GAS comeback response
When exchanging GAS frames with the AP, the initial response from the AP
may take a while to come, since the AP may need to fetch the info from a
server. The next fragments/comeback response frames should take much
less time since the AP already has all of the info, so the wait time
for these frames can be reduced.

In addition, some drivers, e.g., mac80211, try to combine ROC based flows,
to improve medium utilization. For example, if the requested ROC fits
entirely in a previous requested ROC they can be combined. Thus, reducing
the wait time for the next frames can improve medium utilization.

Shorten the duration of GAS comeback to improve medium utilization and
overall GAS exchange times.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2015-12-20 19:42:12 +02:00
Jouni Malinen
c012567df6 GAS: Clear offchannel_tx_started when ending remain-on-channel
Commit 2c0d0ae370 ('GAS: End
remain-on-channel due to delayed GAS comeback request') started ending
the remain-on-channel operation between the initial request and the
following comeback request. However, it did not check or update the
offchannel_tx_started variable. While this alone would not necessarily
be problematic, this makes it more difficult to optimize wait time for
offchannel TX operations, so make sure the internal tracking variable
gets updated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 19:40:01 +02:00
Jouni Malinen
d5f5d260b8 tests: EAP-PEAP phase1 TLS flags
This adds some more test coverage for phase1 parameters that had not
previously been included in any of the test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:36:51 +02:00
Jouni Malinen
5382712518 tests: EAP-TTLS with unsupported Phase 2 EAP method in configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:33:03 +02:00
Jouni Malinen
cb73008594 EAP-TTLS/PEAP/FAST: Reject unsupported Phase 2 method in configuration
Instead of using default list of methods, reject a configuration with an
unsupported EAP method at the time the main TLS method is being
initialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:32:10 +02:00
Jouni Malinen
18704f6cdc EAP-TLS: Merge common error paths
There is no need to keep these identical error paths separate.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
7cb27f89f2 tests: EAP-TLS and TLS Message Length in unfragmented packets
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
cef42a44e2 tests: EAP-TLS and config blob missing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
02b4fb4057 tests: Speed up TNC test cases with the use of a single channel scan
There is no need for these test cases to run a full scan.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
7789070b95 tests: TNC PEAP-SoH local error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
4f5c86e7bd EAP-PEAP peer: Fix a memory leak on an error path
If memory allocation for adding SoH response fails, the SoH response was
not freed properly on the error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
212d6a1732 tests: TNC TTLS local error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
e7160bd8fe Drop any pending EAPOL RX frame when starting a new connection
Such a pending frame cannot be valid anymore, so drop it instead of
risking of using an unexpected EAPOL frame after association if a
previous association received one at the end and the new association can
happen within 100 ms.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
7c7234a583 tests: Fix scan result clearing in ssid_hidden*
These test cases were supposed to clear the cfg80211 and wpa_supplicant
scan caches in the end to avoid causing issues to the following test
cases. This did not work properly after introduction of the support for
aborting a pending scan. Fix this by using the flush_scan_cache()
function and waiting within the test case until the final scan operation
completes.

This issue was triggered by ssid_hidden/ssid_hidden2 followed by
ext_password_interworking (though, not every time).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
bfdb90d40f tests: EAP-TTLS/MSCHAP with password hash
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
c44e499463 tests: EAP-TTLS local error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
cd5895e8c5 WPA: Explicitly clear the buffer used for decrypting Key Data
When AES-WRAP was used to protect the EAPOL-Key Key Data field, this was
decrypted using a temporary heap buffer with aes_unwrap(). That buffer
was not explicitly cleared, so it was possible for the group keys to
remain in memory unnecessarily until the allocated area was reused.
Clean this up by clearing the temporary allocation explicitly before
freeing it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 10:52:30 +02:00
Jouni Malinen
a551da6aae tests: EAP-PEAP local error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 21:31:17 +02:00
Jouni Malinen
09a4404a33 tests: EAP-PEAP version forcing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:59:14 +02:00
Jouni Malinen
4b90fcdb76 EAP-PEAP peer: Check SHA1 result when deriving Compond_MAC
This handles a mostly theoretical case where hmac_sha1_vector() might
fail for some reason.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:34:27 +02:00
Jouni Malinen
81e1ab85bc tests: EAP-PEAP session resumption with crypto binding
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:23:51 +02:00
Jouni Malinen
6ca5838b01 EAP-PEAP server: Add support for fast-connect crypto binding
IPMK and CMK are derived from TK when using TLS session resumption with
PEAPv0 crypto binding. The EAP-PEAP peer implementation already
supported this, but the server side did not.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:22:43 +02:00
Jouni Malinen
09ad98c58a tests: EAP-PEAP with peap_outer_success=0
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:05:50 +02:00
Jouni Malinen
6560caf2ca EAP-PEAP peer: Remove unused return value and error path
eap_peap_parse_phase1() returned 0 unconditionally, so there was no need
for that return value or the code path that tried to address the error
case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 19:54:56 +02:00
Jouni Malinen
61f25f80b4 HS 2.0: Remove duplicate icon entries
Only one of the icon entries with a matching BSSID and file name can be
fetched from wpa_supplicant and as such, there is no need to maintain
the old data if it was not explicitly deleted before running a new fetch
for the same BSSID and icon. Remove older duplicated entries whenever
completing a pending icon fetch to optimize memory use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 18:53:27 +02:00
Jouni Malinen
ca9968a012 HS 2.0: Convert icon storage to use dl_list
This simplifies the list operations quite a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 18:49:57 +02:00