Commit graph

16471 commits

Author SHA1 Message Date
Jouni Malinen
65e94351dc DPP2: Reconfig Authentication Request processing and Response generation
Extend Enrollee functionality to process Reconfig Authentication Request
message, derive the needed keys, and generate Reconfig Authentication
Response message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
3774b6bd03 DPP2: Reconfig Authentication Request generation and transmission
Extend Configurator functionality to sign a special Connector for
reconfiguration and reply with Reconfig Authentication Request frame
when Reconfig Announcement frame is received with a matching C-sign key
hash value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
66ac616cdb DPP2: Process received Reconfig Announcement frame
Check if there is a matching Configurator and be ready to initiate
Reconfig Authentication (which itself is not included in this commit).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
0c043d9de7 DPP2: Reconfig Announcement transmission
Extend DPP chirping mechanism to allow Reconfig Announcement frames to
be transmitted instead of the Presence Announcement frames. Add a new
wpa_supplicant control interface command "DPP_RECONFIG <network id>" to
initiate reconfiguration for a specific network profile.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
92492dd3ac DPP2: Extend connector matching for reconfiguration
Allow the same helper functions to be used with reconfiguration
connector.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
961435097b DPP2: Move connStatus object building into a helper function
Allow the same helper function to be used for reconfiguration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
b227515fae tests: Update dpp_peer_intro_local_failures to match implementation
The memory allocation in dpp_peer_intro() was moved into a helper
function dpp_check_signed_connector(), so update the test case to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
94f73f90ef DPP: Move signed connector checking into a helper function
This can be reused for similar need with reconfiguration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
94a28a4940 DPP: Move parsing of own connector into a helper function
This can be used for reconfiguration as well.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
d4ae12355a DPP: Move PKEX functionality into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
87b6572616 DPP: Move crypto routines into a separate source code file
This is an initial step in splitting the overly long dpp.c into smaller
pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 12:09:24 +03:00
Jouni Malinen
6eb03715e3 tests: Update dpp_pkex_test_fail to match implementation
dpp_derive_ke() was renamed to dpp_derive_bk_ke().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-10 15:55:30 +03:00
Jouni Malinen
16626dff9b DPP2: Derive bk ("base key")
Split ke derivation into two parts so that the previously used
internal-only PRK gets stored as the bk in the authentication state.
This new key will be needed for deriving additional keys with DPP R2.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-10 15:55:30 +03:00
Jouni Malinen
76029c6e11 DPP: Use EVP_PKEY_get0_EC_KEY() when a const reference is sufficient
This removes unnecessary allocations and simplifies the implementation
by not having to remember to free the cloned reference.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-10 15:55:30 +03:00
Jouni Malinen
0a488ef35c DPP: Track ending time for remain-on-channel operations
This may be needed to optimize use of offchannel TX operations with
wait-for-response when near the end of a pending remain-on-channel
operation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-09 17:32:26 +03:00
Jouni Malinen
046f2d1fb9 tests: DPP URI version information
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-06 11:59:11 +03:00
Jouni Malinen
481fdfc462 DPP2: Fix URI version parser
Fix a copy-paste error in parsing the version info.

Fixes: 7dd768c3ca ("DPP2: Version information in bootstrapping info URI")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-06 11:58:56 +03:00
Jouni Malinen
6b8dde4ec9 tests: sigma_dut controlled AP doing DPP on offchannel
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-06 01:14:13 +03:00
Jouni Malinen
7dd768c3ca DPP2: Version information in bootstrapping info URI
Add the local supported version information into the bootstrapping
information (V=2 in the URI) and parse this from received URI.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-05 20:48:23 +03:00
Jouni Malinen
cbafc8ef4b Fix truncated control interface command detection
The recvfrom() calls were supposed to use the full allocated buffer size
(max+1) to match the res > max check.

Fixes: 96b6dd21a0 ("Increase wpa_supplicant control interface buffer size")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-05 00:18:29 +03:00
Jouni Malinen
c32c3bcc6b tests: sigma_dut and DPP MUD URL
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 15:33:03 +03:00
Jouni Malinen
5a0718a19c DPP2: Report MUD URL and bandSupport in control interface events
Report MUD URL and bandSupport from config request if those optional
nodes are included. For now, these are mainly for testing purposes since
there is no mechanism to delay sending of config response.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 15:33:03 +03:00
Jouni Malinen
1d4a1a819a tests: sigma_dut DPP chirping
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 15:33:03 +03:00
Jouni Malinen
769139c490 DPP2: Do not include Protocol Version in Auth Req when testing v1
When DPP v2 implementation is hardcoded to behave as v1 for testing
purposes, leave out the Protocol Version attribute form Authentication
Request instead of including it there with indication for v1.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 13:12:21 +03:00
Jouni Malinen
fad64b4168 DPP: Move dppCon signing to a set of helper functions
This simplifies dpp_build_conf_obj_dpp() and makes it easier to share
the signing functionality for other purposes like reconfiguration where
the Configurator needs to sign a dppCon object for itself without
generating the encapsulating config object.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:39:19 +03:00
Jouni Malinen
bb8e191cca tests: Verify Deauthentication frame transmission to STA in PS mode
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
ccca850898 tests: Disable power saving explicitly for pmksa_cache_ap_expiration
This test case seems to be failing every now and then due to the AP not
getting out the Deauthentication frame after PMKSA expiration if the STA
is in power save mode.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
8a8001989a tests: Clear power save configuration in ap_open_sta_ps
It looks like this test case was supposed to set power_save off at the
end instead of repeating the same setting twice.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
1a59ebf2e5 tests: DPP version override
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
12c8eacf73 DPP: Allow version number to be overridden for testing purposes
"SET dpp_version_override <ver>" can now be used to request
wpa_supplicant and hostapd to support a subset of DPP versions. In
practice, the only valid case for now is to fall back from DPP version 2
support to version 1 in builds that include CONFIG_DPP2=y.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:45 +03:00
Jouni Malinen
c3c38bc8b9 DPP2: Detect PFS downgrade attack while processing EAPOL-Key msg 3/4
Do not allow association to continue if the local configuration enables
PFS and the station indicates it supports PFS, but PFS was not
negotiated for the association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
9561925b4d DPP2: Detect PFS downgrade attack while processing EAPOL-Key msg 2/4
Do not allow association to continue if the local configuration enables
PFS and the station indicates it supports PFS, but PFS was not
negotiated for the association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
68422fedbf DPP2: Parse DPP KDE in EAPOL-Key Key Data field
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
143e3d8bc5 DPP2: Add DPP KDE into EAPOL-Key msg 2/4 when using DPP AKM
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
b11a12401a DPP2: Add DPP KDE into EAPOL-Key msg 3/4 when using DPP AKM
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
f114156804 tests: Disable PFS in dpp_akm_sha*
These test cases are using externally generated PMKSA cache entry which
does not support use of PFS. This will start failing if the station
claims to support PFS in such cases, so explicitly disable PFS
functionality in these test cases for now.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
61e22e45c8 tests: DPP PFS and cfg80211 connect command
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
6c67ad0a52 tests: Check DPP PFS negotiation result
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
85d5456997 DPP2: Indicate if PFS was used in control interface STATUS
The new "dpp_pfs=1" entry can be used to determine whether PFS was used
during derivation of PTK when DPP AKM is negotiated for an association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
1f5f000086 DPP2: Try to negotiate PFS only if AP supports version 2 or newer
Check AP's DPP Protocol Version during network introduction and mark the
PMKSA cache as suitable for PFS use with version 2 or newer. This avoids
unnecessary attempt of negotiating PFS with version 1 APs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
f6c22dcdea Use a local pointer to simply current_ssid accesses in sme_associate()
It is simpler to assign wpa_s->current_ssid to a local pointer now that
there are numerous dereferences of current_ssid within sme_associate().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Jouni Malinen
42acf1292d DPP2: Add Protocol Version attribute to network introduction messages
This can be used to determine whether to try to negotiate PFS (only
available with version 2 or higher).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-04 00:37:44 +03:00
Thomas Pedersen
7ec86f6599 tests: Skip proxyarp tests properly if ebtables rule install fails
Otherwise the test will continue on and fail later due to unexpected
foreign ARP request. The try/except design here did not work properly to
detect this.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-05-03 18:46:34 +03:00
Jouni Malinen
82f2e3ddce tests: Move from 1024 bit private keys to 2048 bit keys
Crypto libraries are starting to refuse to accept the old shorter keys,
so move all test certificates and DH to use 2048 bit (or longer) keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-03 18:21:13 +03:00
Jouni Malinen
96b6dd21a0 Increase wpa_supplicant control interface buffer size
Increase the maximum command length from 4 kB to 8 kB mainly to allow
larger certificate blobs to be configured. Use heap memory to avoid
inconveniently large stack requirements. In addition, reject potentially
truncated commands instead of trying to process them.

The maximum length of the request can now be determined with
"GET max_command_len".

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-03 12:16:29 +03:00
Jouni Malinen
674758ed59 tests: Provide digestmod to hmac.new() for Python 3.8
Python 3.8 removed the previously used default of MD5 algorithm, so
provide the explicit digestmod=hashlib.md5 parameter to the couple of
places that were missing it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-03 11:58:54 +03:00
Jouni Malinen
a7d6098fb4 Add PRINTF_FORMAT for printf wrapper functions
This avoids compiler format-nonliteral warnings ("format string is not a
string literal").

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-02 21:04:17 +03:00
Hai Shalom
c54a5e96b5 Randomize GAS dialog token
Randomize GAS dialog token field, instead of using an incremental
counter with predictable values. This change will make this field
unuseful for user fingerprinting.

Signed-off-by: Hai Shalom <haishalom@google.com>
2020-04-29 13:15:34 +03:00
Jouni Malinen
a803ba4f9d Use more specific reason codes for 4-way handshake timeouts
IEEE 802.11 defines reason codes for indicating 4-way handshake and
group key handshake timeouts. Use those reason codes instead of the more
generic one for these particular cases in the Authenticator state
machine.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-29 13:00:53 +03:00
Jouni Malinen
83c9b69b01 tests: Wait a bit to get Beacon frames into capture
The ap_beacon_rate_* test cases could end up terminating before the very
first Beacon frame is captured, so wait a bit after the connection to
make sure at least one Beacon frame is going to be in the capture file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-25 17:23:24 +03:00