Commit graph

9985 commits

Author SHA1 Message Date
Masashi Honma
ecd40fef74 mesh: Fix mesh SAE auth on low spec devices
The mesh SAE auth often fails with master branch. By bisect I found
commit eb5fee0bf5 ('SAE: Add side-channel
protection to PWE derivation with ECC') causes this issue. This does not
mean the commit has a bug. This is just a CPU resource issue.

After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel
Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So
auth_sae_retransmit_timer() is always called and it can causes
continuous frame exchanges. Before the commit, it was 23(msec).

On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod
is defined as 40(msec). But it looks short because generally mesh
functionality will be used on low spec devices. Indeed Raspberry Pi B+
(ARM ARM1176JZF-S 700MHz) requires 287(msec) for new
sae_derive_pwe_ecc().

So this patch makes the default to 1000(msec) and makes it configurable.

This issue does not occur on infrastructure SAE because the
dot11RSNASAERetransPeriod is not used on it.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-08-02 21:37:10 +03:00
Johannes Berg
3dfa519c32 tests: Work around iw scan getting stuck
On recent kernels, it seems that something changed (scheduler?)
that makes hwsim send the scan done event so quickly that iw isn't
scheduled back in to listen for it, causing iw to get stuck.

Work around this by using the scan trigger command (it'll be quick
enough so that we don't really need to wait) and the scan trigger
and dump commands where the results are required (and use a small
sleep there instead of waiting for the scan results.)

I'll try to fix this separately in iw later.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-08-02 21:37:10 +03:00
Jouni Malinen
a0e117c684 tests: P2P extended listen timing operations
This verifies P2P extended listen timing operations by confirming that a
peer is not discoverable during the provisioning step and that the peer
becomes discoverable after having removed the group during such
provisioning step. The latter case was broken until the 'P2P: Cancel
group formation when deleting a group during group formation' commit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 21:37:10 +03:00
Michael Olbrich
be11a59486 P2P: Cancel group formation when deleting a group during group formation
Otherwise P2P remains in provisioning state and continues to skip
extended listening forever.

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
2015-08-02 21:37:09 +03:00
Purushottam Kushwaha
86e2dcf5a6 P2P: Fix update of listen_reg_class and listen_channel
Allow proper update for listen_reg_class and listen_channel with
changed_parameters [CFG_CHANGED_P2P_LISTEN_CHANNEL] configuration for
command received through ctrl_interface. Without this, "set
p2p_listen_channel" and "set p2p_listen_reg_class" do not update the
listen channel. The D-Bus version was already setting these flags.

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
2015-08-02 21:37:09 +03:00
Jouni Malinen
20fd8defa0 tests: D-Bus PropertiesChanged events on P2P Peer.Groups
Verify that Groups list for a P2P Peer gets updated properly on group
addition and removal (three different paths).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 21:37:09 +03:00
Jouni Malinen
9f59fe8dc8 P2P: Do not clear wpa_s->go_dev_addr before group removal
This variable is needed to figure out whether a wpa_supplicant interface
is for a P2P group that is (or was) connected to a specific GO. The
previous implementation was able to find such a case only when there was
an association with the GO. However, this may be needed even if there is
a temporary disconnection from the GO. Keep the GO device address
information over such temporary disconnections and only remove it on
group termination. This fixes an issue with D-Bus Peer PropertiesChanged
signals for the Groups property in case a P2P group gets removed due to
group idle timeout instead of explicit group termination command (local
request) or GO notification.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 21:37:09 +03:00
Gautam
d4e597959c P2P: Fix P2P configuration file name
The P2P configuration file is wrongly set as STA configuration file,
even though a separate configuration file is mentioned with '-m' option.
Add initialization and deallocation of global.params->conf_p2p_dev to
fix this.

Signed-off-by: Gautam <gautams@broadcom.com>
2015-08-02 21:37:09 +03:00
Jouni Malinen
a2bc326e1e tests: Run Suite B test cases with OpenSSL 1.1.0
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 17:11:47 +03:00
Jouni Malinen
a00b218651 tests: Skip ERP tests with EAP methods that are not supported
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
597516df79 tests: Skip LEAP tests if not included in the build
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
24072e17bc tests: Skip IEEE 802.1X dynamic WEP tests in FIPS mode
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
7cb53ded11 Add build option to remove all internal RC4 uses
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.

This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
a1eabc74b8 tests: Skip WPA(V1) test cases in FIPS mode
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
4fc53159b9 OpenSSL: Fix FIPS mode enabling in dynamic interface case
FIPS_mode_set(1) cannot be called multiple times which could happen in
some dynamic interface cases. Avoid this by enabling FIPS mode only
once. There is no code in wpa_supplicant to disable FIPS mode, so once
it is enabled, it will remain enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
38934ed100 tests: Skip ap_wpa2_eap_psk_oom and ap_ft_oom in FIPS mode
omac1_aes_128() implementation within crypto_openssl.c is used in this
case and that cannot fail the memory allocation similarly to the
non-FIPS case and aes-omac1.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
06cdd1cd79 tests: Allow FIPS error case for openssl_cipher_suite_config_wpas
OpenSSL rejects the cipher string 'EXPORT' in FIPS mode in a way that
results in the locally generated error showing up before the EAP method
has been accepted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
0392867b6b tests: Skip EAP-pwd NTHash test in FIPS build
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
c8e82c94da tests: Skip EAP-IKEV2 tests if not included in the build
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
e234c7c010 OpenSSL: Remove md4_vector() from CONFIG_FIPS=y builds
MD4 is not allowed in such builds, so comment out md4_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD¤ operations at runtime. This makes it easier
to detect and fix accidental cases where MD4 could still be used in some
older protocols.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
4549607b04 EAP-pwd peer: Comment out MS password hash if CONFIG_FIPS=y
The needed hash functions are not available in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
cd94f0d159 tests: Skip ms_funcs module tests in CONFIG_FIPS=y builds
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
e7ac04ceaf tests: Skip EAP-MD5 and EAP-MSCHAPV2 test cases in FIPS mode
These would require MD5 or MD4 which are not allowed in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
ca158ea621 tests: Skip EAP-TTLS/CHAP, MSCHAP, MSCHAPV2 test cases in FIPS mode
In addition, replace some of the CHAP cases with PAP since that enables
more coverage without breaking the main test focus.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
d35b0227c1 tests: Use openssl pkcs12 -descert workaround to allow FIPS mode
The PKCS12 file with default openssl options cannot be used with OpenSSL
1.0.1 in FIPS mode. Replace this with -descert version as a workaround.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
1046db8b53 Rename tls_connection_get_keys() to tls_connection_get_random()
Commit 94f1fe6f63 ('Remove master key
extraction from tls_connection_get_keys()') left only fetching of
server/client random, but did not rename the function and structure to
minimize code changes. The only name is quite confusing, so rename this
through the repository to match the new purpose.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
1e4f7bf5d0 Add 'GET_CAPABILITY fips' to enable runtime check for CONFIG_FIPS=y
This can be used to check whether the running wpa_supplicant version was
built with CONFIG_FIPS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
d0eb8a0b4e OpenSSL: Allow server/client random to be fetched in FIPS mode
tls_connection_get_keys() used to return TLS master secret, but that
part was removed in commit 94f1fe6f63
('Remove master key extraction from tls_connection_get_keys()'). Since
then, there is no real need for preventing this function from being used
in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
f413eb03d9 random: Fix random_get_bytes() with CONFIG_FIPS=y
The bytes pointer was not reset back to the beginning of the buffer when
mixing in additional entropy from the crypto module. This resulted in
writing beyond the return buffer and not getting the required mixing of
the extra entropy for the actual return buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:11 +03:00
Jouni Malinen
3b86d77bae P2P: Silence bogus compiler warnings
It looks like the compiler version used in Android 5.0 warns about
potentially uninitialized oper_freq variable in these debug messages.
That is not really valid since this code path can be reached only if
found != 0 and in such a case, oper_freq is set. Anyway, it seems better
to avoid compiler warnings, so add an unnecessary initialization for
oper_freq for now.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:11 +03:00
Jouni Malinen
4a26972dfc OpenSSL: Remove md5_vector() from CONFIG_FIPS=y builds
MD5 is not allowed in such builds, so comment out md5_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD5 operations at runtime. This makes it easier
to detect and fix accidental cases where MD5 could still be used in some
older protocols.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:06 +03:00
Jouni Malinen
835c89a16b EAP-TTLS: Disable CHAP, MSCHAP, and MSCHAPV2 in CONFIG_FIPS=y builds
FIPS builds do not include support for MD4/MD5, so disable
EAP-TTLS/CHAP, MSCHAP, and MSCHAPV2 when CONFIG_FIPS=y is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:07:44 +03:00
Jouni Malinen
125bbef0e7 EAP peer: Replace MD5 with SHA1 in duplicate message workaround
MD5 is not available in CONFIG_FIPS=y builds, so use SHA1 for the EAP
peer workaround that tries to detect more robustly whether a duplicate
message was sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:57:04 +03:00
Jouni Malinen
97e986cd74 tests: Skip MD5 module tests in CONFIG_FIPS=y builds
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:57:04 +03:00
Jouni Malinen
b2a1f26259 tests: Set FIPSLD_CC=gcc (if not set) to make CONFIG_FIPS=y use easier
This makes it easier to build wpa_supplicant for OpenSSL FIPS mode
testing. wpa_supplicant/.config needs following type of configuration
for this:
CONFIG_FIPS=y
CFLAGS += -I/usr/local/ssl/include
LIBS += -L/usr/local/ssl/lib
CC=/usr/local/ssl/fips-2.0/bin/fipsld

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:57:04 +03:00
Jouni Malinen
276a3c44dd OpenSSL: Implement aes_wrap/aes_unwrap through EVP for CONFIG_FIPS=y
The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are
unfortunately not available in FIPS mode. Trying to use them results in
"aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API
call to cipher AES forbidden in FIPS mode!" and process termination.
Work around this by reverting commit
f19c907822 ('OpenSSL: Implement aes_wrap()
and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this
ends up using the internal AES key wrap/unwrap implementation through
the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y
is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues
to be used to minimize code size.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:56:59 +03:00
Jouni Malinen
266cf4a0bc OpenSSL: Comment out openssl_get_keyblock_size() if CONFIG_FIPS=y
This function is not used in CONFIG_FIPS=y builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 15:52:35 +03:00
Jouni Malinen
5bbc1c2581 tests: Comment out TLS PRF test from CONFIG_FIPS=y build
This fixes CONFIG_FIPS=y build that may not include tls_prf_sha1_md5().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 15:51:44 +03:00
Jouni Malinen
e03e56c3d6 Comment out EAPOL-Key WEP support in CONFIG_FIPS=y build
This avoids a call to hmac_md5() to fix the build. The EAPOL-Key frame
TX code is not applicable for any FIPS mode operation, so the simplest
approach is to remove this from the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 15:49:34 +03:00
Jouni Malinen
bfc284c5c7 Make ieee802_1x_tx_key() static
This is used only within ieee802_1x.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 15:45:18 +03:00
Jouni Malinen
72f460a27b tests: Support non-social oper channel in persistent_group_per_sta_psk
This allows driver-based preference list to override default operating
channel selection mechanism by using a non-social P2P find if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-31 15:24:45 +03:00
Jouni Malinen
191d8c4f78 tests: Make wifi_display enforce social channel as operating channel
Previously, this was assumed to be the case due to default channel
selection behavior. However, that may not be the case with driver-based
preference list processing. Enforce a social channel to be used as the
operating channel here since dev[2] uses social channel only device
discovery and needs to find the GO.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-31 15:24:45 +03:00
Ahmad Kholaif
6cc364946c P2P: Process preferred frequency list as part of GO Neg Req/Resp
When processing a GO Negotiation Request and Response, if local driver
supports the preferred channel list extension, then:

- Check if peer's preference for operating channel is already included
  in our preferred channel list and if so, take the oper_channel as is.

- If peer's preference for operating channel is not in local device's
  preferred channel list and peer device has provided its preferred
  frequency list in the GO Negotiation Request/Response, then find a
  channel that is common for both preferred channel lists and use it
  for oper_channel.

- If peer's preference for operating channel is not in local device's
  preferred channel list and peer device doesn't use preferred channel
  list extension, i.e., no preferred channel list in GO Negotiation
  Request/Response, then look for a channel that is common for local
  device's preferred channel list and peer's list of supported channels
  and use it for oper_channel.

- In case no common channel is found, use the peer's preference for
  oper_channel as is.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-31 15:24:39 +03:00
Ahmad Kholaif
fc71f7d99d P2P: Expose driver preferred frequency list fetch to P2P
This adds a callback function that can be used from the P2P module to
request the current preferred list of operating channels from the
driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
0ef54bd30e P2P: Do not omit known operating channel preference from GO Neg Resp
Add an extra condition to omit operating channel preference when
building GO Negotiation Response. If the local device supports the
preferred frequency list extension, then when sending a GO Negotiation
Response frame, advertise the preferred operating channel unless local
device is assuming the P2P Client role and has an empty preferred
frequency list, in which case local device can omit its preference for
the operating channel.

This change helps make use of the preferred frequency list and the
calculated best channel for both negotiating parties of the P2P
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
def8f7035d P2P: Parse preferred frequency list extension
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
b841cf2fa6 P2P: Add preferred frequency list extension to GO Neg Req
When sending a GO Negotiation Request, advertise the preferred frequency
list in a new vendor specific IE. This can be used to extend the
standard P2P behavior where a single preferred channel can be advertised
by allowing a priority list of channels to be indicated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
370017d968 P2P: Use preferred frequency list from the local driver
If the driver supports the preferred frequency list extension, use this
information from the driver when no explicitly configured preference
list (p2p_pref_chan) is present for P2P operating channel selection.
This commit adds this for GO Negotiation and Invitation use cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
9baaac2d84 Add parsing of preferred frequency list element
This adds parsing of QCA vendor specific elements and as the first such
element to be parsed, stores pointers to the preferred frequency list
element that can be used to enhance P2P channel negotiation behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Jouni Malinen
b43b2b5203 Define new registry for QCA vendor specific elements
The new enum qca_vendor_element_id registry is used to manage
assignments of vendor specific elements using the QCA OUI 00:13:74. The
initial assignment is for the purpose for extending P2P functionality
for cases where the wpa_supplicant implementation is used by both ends
of an exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:47 +03:00