Commit graph

11524 commits

Author SHA1 Message Date
Jouni Malinen
6a9681e90c OpenSSL: Make dh5_init() match the generic implementation
Commit 4104267e81 ('Fix memory leak on NFC
DH generation error path') modified the generic (non-OpenSSL)
implementation of dh5_init() to free the previously assigned public key,
if any. However, that commit did not modify the OpenSSL specific version
of this function. Add the same change there to maintain consistent
behavior between these two implementations of the same function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-13 18:25:57 +03:00
Rujun Wang
46bac6520d WPS: Fix segmentation fault in new DH key derivation
Commit 4104267e81 ('Fix memory leak on NFC
DH generation error path') modified dh5_init() behavior in the
non-OpenSSL implementation to free the public key (if any was previously
set). However, this did not update one of the callers to make sure the
publ argument in the call is initialized. This could result in trying to
free invalid pointer and segmentation fault when hostapd or
wpa_supplicant was built against some other crypto library than OpenSSL.

Signed-off-by: Rujun Wang <chinawrj@gmail.com>
2016-05-13 18:25:47 +03:00
David Benjamin
e4471338c6 OpenSSL: BoringSSL has SSL_get_client_random(), etc.
BoringSSL added OpenSSL 1.1.0's SSL_get_client_random() and friends in
working towards opaquifying the SSL struct. But it, for the moment,
still looks more like 1.0.2 than 1.1.0 and advertises
OPENSSL_VERSION_NUMBER as such. This means that there is no need to
define those in BoringSSL and defining them causes conflicts. (C does
not like having static and non-static functions with the same name.)

As requested, this is conditioned on defined(BORINGSSL_API_VERSION) so
wpa_supplicant may continue to support older BoringSSLs for a time.
(BoringSSL revisions without the accessors predate BoringSSL maintaining
a BORINGSSL_API_VERSION.)

Also add a missing opensslv.h include. tls_openssl.c is sensitive to
OPENSSL_VERSION_NUMBER, so it should include the header directly rather
than rely on another header to do so.

Signed-off-by: David Benjamin <davidben@google.com>
2016-05-10 19:36:46 +03:00
Jouni Malinen
9524e7e5a4 tests: Open network connection with pmf=2
This verifies that pmf=2 is ignored for a non-RSN network while a
network profile specific ieee80211w=2 is enforced.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-06 00:35:08 +03:00
Sunil Dutt
03626e9157 Skip connection attempt for non-RSN networks if PMF is set to required
Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the
connection attempt for such non-PMF (non-RSN) capable networks should be
skipped.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-05 21:09:08 +03:00
Jouni Malinen
22950049e4 Ignore pmf=1/2 parameter for non-RSN networks
PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-05 21:09:08 +03:00
Jouni Malinen
2dc754e170 tests: wpa_supplicant config file parsing of arbitrary global values
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
2a3f56502b Reject SET commands with newline characters in the string values
Many of the global configuration parameters are written as strings
without filtering and if there is an embedded newline character in the
value, unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file global parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the value of a parameter before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
596a3fef83 tests: Use \t instead of \n in discovery_ctrl_char_in_devname
This is needed to allow the SET command to be modified to reject newline
characters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
8721af54e4 tests: wpa_supplicant config parsing of arbitrary cred values
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
b166cd84a7 Reject SET_CRED commands with newline characters in the string values
Most of the cred block parameters are written as strings without
filtering and if there is an embedded newline character in the value,
unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file cred parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the credential value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Paul Stewart
0fe5a23424 Remove newlines from wpa_supplicant config network output
Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.

Signed-off-by: Paul Stewart <pstew@google.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
5594df44c7 tests: wpa_supplicant config file writing with arbitrary PSK value
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
73e4abb24a Reject psk parameter set with invalid passphrase character
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a passphrase configuration attempt if that passphrase
includes an invalid passphrase.

This fixes an issue where wpa_supplicant could have updated the
configuration file psk parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the passphrase value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject up to 63 characters of
almost arbitrary data into the configuration file. Such configuration
file could result in wpa_supplicant trying to load a library (e.g.,
opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
load_dynamic_eap) from user controlled location when starting again.
This would allow code from that library to be executed under the
wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
f529c0d908 tests: wpa_supplicant config file parsing/writing with WPS
This verifies that a WPA2PSK passphrase with control characters gets
rejected in a WPS Credential and that control characters in SSID get
written as a hexdump.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
ecbb0b3dc1 WPS: Reject a Credential with invalid passphrase
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a Credential received from a WPS Registrar both as
STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
WPA2PSK authentication type and includes an invalid passphrase.

This fixes an issue where hostapd or wpa_supplicant could have updated
the configuration file PSK/passphrase parameter with arbitrary data from
an external device (Registrar) that may not be fully trusted. Should
such data include a newline character, the resulting configuration file
could become invalid and fail to be parsed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Rafał Miłecki
f4830bed66 nl80211: Try running without mgmt frame subscription (driver AP SME)
One of supported code paths already allows this scenario. It is used if
driver doesn't report NL80211_ATTR_DEVICE_AP_SME and doesn't support
monitor interface. In such situation:
1) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails
2) We don't try subscribing for WLAN_FC_STYPE_ACTION
3) We fallback to AP SME mode after failing to create monitor interface
4) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails
Above scenario is used, e.g., with brcmfmac. As you can see - thanks to
events provided by cfg80211 - it's not really required to receive Probe
Request or action frames.

However, the previous implementation did not allow using hostapd with
drivers that:
1) Report NL80211_ATTR_DEVICE_AP_SME
2) Don't support subscribing for PROBE_REQ and/or ACTION frames
In case of using such a driver hostapd will cancel setup after failing
to subscribe for WLAN_FC_STYPE_ACTION. I noticed it after setting flag
WIPHY_FLAG_HAVE_AP_SME in brcmfmac driver for my experiments.

This patch allows working with such drivers with just a small warning
printed as debug message.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-04-28 20:47:12 +03:00
Dmitry Shmidt
df5bde83da Android: Remove EAP-FAST option
Current BoringSSL version is not suitable for EAP-FAST.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2016-04-28 20:43:43 +03:00
Jouni Malinen
60d9f67c68 WPS: Explicitly clear wpabuf memory with key information
This reduces duration that private keying material might remain in the
process memory by clearing wpabuf data used in WPS operations when there
is possibility of the buffer including keys or related material.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-28 20:32:15 +03:00
Jouni Malinen
0663ae22ff tests: Do not use tabs for indentation
Be more consistent with indentation (always uses spaces in Python
files).

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-25 00:19:40 +03:00
Andrei Otcheretianski
a274b1bcbb tests: Test configuration propagation to group interface
When a dedicated P2P Device interface is used, its configuration should
be cloned to the group interface. Add a test that covers this both when
a separate group interface is used and not.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:15:35 +03:00
Andrei Otcheretianski
9b377be037 P2P: Copy config from p2pdev when not using dedicated group interface
When the P2P Device interface is used and an existing interface is used
for P2P GO/Client, the P2P Device configuration was not cloned to the
configuration of the existing interface. Thus, configuration parameters
such as idle_group_time, etc., were not propagated to the P2P GO/Client
interface.

Handle this by copying all configuration parameters of the P2P device
interface to the reused interface, with the following exceptions:

1. Copy the NFC key data only if it was not set in the configuration
   file.
2. The WPS string fields are set only if they were not previously set
   in the configuration of the destination interface (based on the
   assumption that these fields should be identical among all
   interfaces).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:10:49 +03:00
Andrei Otcheretianski
3c88d26941 P2P: Fix wpas_p2p_nfc_auth_join()
Use the p2pdev pointer instead of the parent pointer to comply with the
flows when a dedicated P2P Device interface is used and
p2p_no_group_iface == 1 (in which case the parent of the reused
interface isn't necessary the same as p2pdev).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:10:10 +03:00
Andrei Otcheretianski
597cbc0075 tests: Fix persistent_group_peer_dropped tests
Use the global control interface to remove P2P network blocks, to
support cases when a dedicated P2P Device interface is used.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:06:20 +03:00
Andrei Otcheretianski
aa713e71e9 tests: Don't use proxy in urllib.urlopen()
Some environments define default system wide HTTP proxy. Using default
system configuration may result in a failure to open some HTTP URLs. Fix
this by ensuring that no proxies are used.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:05:34 +03:00
Andrei Otcheretianski
fc30cc10ac tests: Use global control interface for P2P configurations
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:03:40 +03:00
Ilan Peer
9c01d6a965 tests: Use global control interface to set p2p_no_group_iface
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-04-24 23:47:29 +03:00
Ilan Peer
463b7f3511 tests: Parse group results in a couple of p2p_channel tests
In p2p_channel_vht80_autogo and p2p_channel_vht80p80_autogo, parse the
P2P-GROUP-STARTED event prior to calling the group_request() method, as
otherwise the group ifname is not set.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-04-24 23:45:57 +03:00
Avraham Stern
af93c61450 tests: Modify use of GET command to support P2P Device interface
Support configurations that use a dedicated P2P Device interface by
using the global control interface and specifying the interface name for
the GET commands fetching the ip_addr_go parameter.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-04-24 23:45:19 +03:00
Avraham Stern
5e65346ade tests: persistent_group_profile_add to support P2P Device interface
Modify the persistent_group_profile_add test to support configurations
that use a dedicated P2P Device interface by sending the ADD_NETWORK and
SET_NETWORK commands on the global control interface and specifying the
P2P Device interface name.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-04-24 23:45:16 +03:00
Avraham Stern
afb2e8b891 tests: Store P2P Device ifname in class WpaSupplicant
Add an attribute to class WpaSupplicant with the name of the
P2P Device interface. If a separate interface is not used for
P2P Device, this attribute will hold the name of the only used
interface (with functions also as the P2P Device management
interface).

This attribute will be used to direct P2P related commands to the
P2P Device interface, which is needed for configurations that use
a separate interface for the P2P Device.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-04-24 23:24:06 +03:00
Avraham Stern
d43fc7c6b0 tests: Modify p2p_msg_long_ssid to support P2P Device interface
Waiting for the P2P-DEVICE-FOUND event should be done on the global
control interface to support configurations that use a dedicated P2P
Device interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-04-24 23:13:14 +03:00
Avraham Stern
a7efe6c386 tests: Modify autogo_scan to support P2P Device interface
Support configurations that use a dedicated P2P Device interface by
sending the P2P_CONNECT command on the global control interface.

In addition, when a dedicated P2P Device interface is used, there is no
need to manually respond to the Provision Discovery Request since the
request is processed by the P2P Device interface and this interface was
not set for external RX management frames handling.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-04-24 23:11:13 +03:00
Ilan Peer
12de787527 tests: Fix error message in test_p2ps_connect_p2ps_method_4()
This fixes commit 2f0f69a9ec ('tests: Use
p2ps_provision() and p2ps_connect_pd() in p2ps_connect_p2ps_method()').

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-04-24 23:00:44 +03:00
Ilan Peer
fed0a9f519 tests: Add couple of roam failure tests
1. Fail roaming to an AP which exceeded its number of allowed stations.
2. Fail roaming due to passphrase mismatch.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-04-24 22:56:39 +03:00
Jouni Malinen
b3a27c8a30 tests: Remove unused eap_connect import
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-24 20:16:30 +03:00
Jouni Malinen
5a766accee tests: Convert Host() class to use list of arguments instead of string
It is better to use a list of command line arguments for the local
execution case and convert that to a space-separated string for the
remote case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-24 20:16:30 +03:00
Janusz Dziedzic
2147b3a7f8 tests: Print traceback if test fails
This is useful in case we hit a problem in test code.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:30 +03:00
Janusz Dziedzic
5148b392ab tests: Use hapd from hostapd.add_bss()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:30 +03:00
Janusz Dziedzic
6f334bf7a0 tests: Use hapd from hostapd.add_ap()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:29 +03:00
Janusz Dziedzic
4063590525 tests: Use hapd from hostapd.add_ap() in start_ap_er()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:29 +03:00
Janusz Dziedzic
63e6e62f23 tests: Use hapd from hostapd.add_ap() in TDLS
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:29 +03:00
Janusz Dziedzic
c8ef2f6ef4 tests: Pass apdev to HostapdGlobal() in ap_add_with_driver
This is needed for running the test with a remote host.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:16:29 +03:00
Janusz Dziedzic
3b3e26875a tests: Use hapd from hostapd.add_ap() in eap_connect()
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 20:06:17 +03:00
Janusz Dziedzic
50e49cd240 tests: Use hapd from hostapd.add_iface()
Since add_iface() now returns the correct hapd, just use it.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 19:26:25 +03:00
Janusz Dziedzic
dc6342de92 tests: Pass apdev to HostapdGlobal()
This can be used to work with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 19:26:11 +03:00
Janusz Dziedzic
1728a2e73c tests: Replace HostapdGlobal() + remove() with hostapd.remove_bss()
This can be used to work with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 19:25:12 +03:00
Janusz Dziedzic
b29c46beb9 tests: Use hostapd.add_ap() instead of HostapdGlobal() (DFS)
This makes the DFS test cases that use start_dfs_ap() more usable for
testing with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 19:25:06 +03:00
Janusz Dziedzic
01703a9f2f tests: Use hostapd.remove_bss() instead of HostapdGlobal() (WPS)
This makes ap_wps_twice more usable for testing with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 19:24:55 +03:00
Janusz Dziedzic
84f3f3a5e6 tests: Use hostapd.add_ap() instead of HostapdGlobal() (PSK)
This makes ap_cli_order more usable for testing with remote hosts.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-04-24 19:24:49 +03:00