Commit graph

4903 commits

Author SHA1 Message Date
Masashi Honma
ecd40fef74 mesh: Fix mesh SAE auth on low spec devices
The mesh SAE auth often fails with master branch. By bisect I found
commit eb5fee0bf5 ('SAE: Add side-channel
protection to PWE derivation with ECC') causes this issue. This does not
mean the commit has a bug. This is just a CPU resource issue.

After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel
Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So
auth_sae_retransmit_timer() is always called and it can causes
continuous frame exchanges. Before the commit, it was 23(msec).

On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod
is defined as 40(msec). But it looks short because generally mesh
functionality will be used on low spec devices. Indeed Raspberry Pi B+
(ARM ARM1176JZF-S 700MHz) requires 287(msec) for new
sae_derive_pwe_ecc().

So this patch makes the default to 1000(msec) and makes it configurable.

This issue does not occur on infrastructure SAE because the
dot11RSNASAERetransPeriod is not used on it.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-08-02 21:37:10 +03:00
Jouni Malinen
7cb53ded11 Add build option to remove all internal RC4 uses
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.

This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
4fc53159b9 OpenSSL: Fix FIPS mode enabling in dynamic interface case
FIPS_mode_set(1) cannot be called multiple times which could happen in
some dynamic interface cases. Avoid this by enabling FIPS mode only
once. There is no code in wpa_supplicant to disable FIPS mode, so once
it is enabled, it will remain enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
e234c7c010 OpenSSL: Remove md4_vector() from CONFIG_FIPS=y builds
MD4 is not allowed in such builds, so comment out md4_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD¤ operations at runtime. This makes it easier
to detect and fix accidental cases where MD4 could still be used in some
older protocols.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
4549607b04 EAP-pwd peer: Comment out MS password hash if CONFIG_FIPS=y
The needed hash functions are not available in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
cd94f0d159 tests: Skip ms_funcs module tests in CONFIG_FIPS=y builds
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
1046db8b53 Rename tls_connection_get_keys() to tls_connection_get_random()
Commit 94f1fe6f63 ('Remove master key
extraction from tls_connection_get_keys()') left only fetching of
server/client random, but did not rename the function and structure to
minimize code changes. The only name is quite confusing, so rename this
through the repository to match the new purpose.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
d0eb8a0b4e OpenSSL: Allow server/client random to be fetched in FIPS mode
tls_connection_get_keys() used to return TLS master secret, but that
part was removed in commit 94f1fe6f63
('Remove master key extraction from tls_connection_get_keys()'). Since
then, there is no real need for preventing this function from being used
in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
f413eb03d9 random: Fix random_get_bytes() with CONFIG_FIPS=y
The bytes pointer was not reset back to the beginning of the buffer when
mixing in additional entropy from the crypto module. This resulted in
writing beyond the return buffer and not getting the required mixing of
the extra entropy for the actual return buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:11 +03:00
Jouni Malinen
3b86d77bae P2P: Silence bogus compiler warnings
It looks like the compiler version used in Android 5.0 warns about
potentially uninitialized oper_freq variable in these debug messages.
That is not really valid since this code path can be reached only if
found != 0 and in such a case, oper_freq is set. Anyway, it seems better
to avoid compiler warnings, so add an unnecessary initialization for
oper_freq for now.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:11 +03:00
Jouni Malinen
4a26972dfc OpenSSL: Remove md5_vector() from CONFIG_FIPS=y builds
MD5 is not allowed in such builds, so comment out md5_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD5 operations at runtime. This makes it easier
to detect and fix accidental cases where MD5 could still be used in some
older protocols.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:06 +03:00
Jouni Malinen
835c89a16b EAP-TTLS: Disable CHAP, MSCHAP, and MSCHAPV2 in CONFIG_FIPS=y builds
FIPS builds do not include support for MD4/MD5, so disable
EAP-TTLS/CHAP, MSCHAP, and MSCHAPV2 when CONFIG_FIPS=y is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:07:44 +03:00
Jouni Malinen
125bbef0e7 EAP peer: Replace MD5 with SHA1 in duplicate message workaround
MD5 is not available in CONFIG_FIPS=y builds, so use SHA1 for the EAP
peer workaround that tries to detect more robustly whether a duplicate
message was sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:57:04 +03:00
Jouni Malinen
97e986cd74 tests: Skip MD5 module tests in CONFIG_FIPS=y builds
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:57:04 +03:00
Jouni Malinen
276a3c44dd OpenSSL: Implement aes_wrap/aes_unwrap through EVP for CONFIG_FIPS=y
The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are
unfortunately not available in FIPS mode. Trying to use them results in
"aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API
call to cipher AES forbidden in FIPS mode!" and process termination.
Work around this by reverting commit
f19c907822 ('OpenSSL: Implement aes_wrap()
and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this
ends up using the internal AES key wrap/unwrap implementation through
the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y
is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues
to be used to minimize code size.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:56:59 +03:00
Jouni Malinen
266cf4a0bc OpenSSL: Comment out openssl_get_keyblock_size() if CONFIG_FIPS=y
This function is not used in CONFIG_FIPS=y builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 15:52:35 +03:00
Jouni Malinen
5bbc1c2581 tests: Comment out TLS PRF test from CONFIG_FIPS=y build
This fixes CONFIG_FIPS=y build that may not include tls_prf_sha1_md5().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 15:51:44 +03:00
Jouni Malinen
e03e56c3d6 Comment out EAPOL-Key WEP support in CONFIG_FIPS=y build
This avoids a call to hmac_md5() to fix the build. The EAPOL-Key frame
TX code is not applicable for any FIPS mode operation, so the simplest
approach is to remove this from the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 15:49:34 +03:00
Jouni Malinen
bfc284c5c7 Make ieee802_1x_tx_key() static
This is used only within ieee802_1x.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 15:45:18 +03:00
Ahmad Kholaif
6cc364946c P2P: Process preferred frequency list as part of GO Neg Req/Resp
When processing a GO Negotiation Request and Response, if local driver
supports the preferred channel list extension, then:

- Check if peer's preference for operating channel is already included
  in our preferred channel list and if so, take the oper_channel as is.

- If peer's preference for operating channel is not in local device's
  preferred channel list and peer device has provided its preferred
  frequency list in the GO Negotiation Request/Response, then find a
  channel that is common for both preferred channel lists and use it
  for oper_channel.

- If peer's preference for operating channel is not in local device's
  preferred channel list and peer device doesn't use preferred channel
  list extension, i.e., no preferred channel list in GO Negotiation
  Request/Response, then look for a channel that is common for local
  device's preferred channel list and peer's list of supported channels
  and use it for oper_channel.

- In case no common channel is found, use the peer's preference for
  oper_channel as is.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-31 15:24:39 +03:00
Ahmad Kholaif
fc71f7d99d P2P: Expose driver preferred frequency list fetch to P2P
This adds a callback function that can be used from the P2P module to
request the current preferred list of operating channels from the
driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
0ef54bd30e P2P: Do not omit known operating channel preference from GO Neg Resp
Add an extra condition to omit operating channel preference when
building GO Negotiation Response. If the local device supports the
preferred frequency list extension, then when sending a GO Negotiation
Response frame, advertise the preferred operating channel unless local
device is assuming the P2P Client role and has an empty preferred
frequency list, in which case local device can omit its preference for
the operating channel.

This change helps make use of the preferred frequency list and the
calculated best channel for both negotiating parties of the P2P
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
def8f7035d P2P: Parse preferred frequency list extension
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
b841cf2fa6 P2P: Add preferred frequency list extension to GO Neg Req
When sending a GO Negotiation Request, advertise the preferred frequency
list in a new vendor specific IE. This can be used to extend the
standard P2P behavior where a single preferred channel can be advertised
by allowing a priority list of channels to be indicated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
370017d968 P2P: Use preferred frequency list from the local driver
If the driver supports the preferred frequency list extension, use this
information from the driver when no explicitly configured preference
list (p2p_pref_chan) is present for P2P operating channel selection.
This commit adds this for GO Negotiation and Invitation use cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
9baaac2d84 Add parsing of preferred frequency list element
This adds parsing of QCA vendor specific elements and as the first such
element to be parsed, stores pointers to the preferred frequency list
element that can be used to enhance P2P channel negotiation behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Jouni Malinen
b43b2b5203 Define new registry for QCA vendor specific elements
The new enum qca_vendor_element_id registry is used to manage
assignments of vendor specific elements using the QCA OUI 00:13:74. The
initial assignment is for the purpose for extending P2P functionality
for cases where the wpa_supplicant implementation is used by both ends
of an exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:47 +03:00
Ahmad Kholaif
983422088f nl80211: Add means to query preferred channels
Extend the QCA vendor specific nl80211 interface to query the preferred
frequency list from driver and add a new wpa_cli command to query this
information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-29 19:46:31 +03:00
Ahmad Kholaif
7c813acf9c P2P: Inform driver of the operating channel following group formation
Upon GO Negotiation completion, if the remote peer becomes GO, send a
hint event over QCA vendor specific interface to inform the driver of
the likely operating channel of the P2P GO.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-29 19:10:16 +03:00
Ahmad Kholaif
079a28f7b8 nl80211: Add concurrency capabilities to driver status
Extend the nl80211 interface command "driver status" to retrieve the
concurrency capabilities from the driver using the QCA vendor
extensions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-29 18:52:12 +03:00
Peng Xu
d0cdccd307 Fix generating offloaded ACS channel list when hw_mode is set to any
When ACS is offloaded to device driver and the hw_mode parameter is set
to any, the current_mode structure is NULL which fails the ACS command.
Fix this by populating the ACS channel list with channels from all bands
when current_mode is NULL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-28 23:22:24 +03:00
Srinivas Dasari
844dfeb804 QCA vendor command support to set band to driver
Add vendor command to pass SET setband command to the driver and read
the updated channel list from driver when this notification succeeds.
This allows the driver to update its internal channel lists based on
setband configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-28 21:00:18 +03:00
Jouni Malinen
06836013d3 OpenSSL: Remove EAP-FAST TLSv1.0 only workaround for OpenSSL 1.1.0
The issue with the special form of TLS session tickets has been fixed in
the OpenSSL 1.1.0 branch, so disable workaround for it. OpenSSL 1.0.1
and 1.0.2 workaround is still in place until a release with the fix has
been made.

This allows TLSv1.1 and TLSv1.2 to be negotiated for EAP-FAST with the
OpenSSL versions that support this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:18 +03:00
Jouni Malinen
3947997dcc EAP-TLS/TTLS/PEAP/FAST peer: Stop connection more quickly on local failure
If there is only zero-length buffer of output data in error case, mark
that as an immediate failure instead of trying to report that
non-existing error report to the server. This allows faster connection
termination in cases where a non-recoverable error occurs in local TLS
processing, e.g., if none of the configured ciphers are available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:18 +03:00
Jouni Malinen
bb91243047 EAP-TTLS/PEAP/FAST peer: Stop immediately on local TLS processing failure
EAP-TLS was already doing this, but the other TLS-based EAP methods did
not mark methodState DONE and decision FAIL on local TLS processing
errors (instead, they left the connection waiting for a longer timeout).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:18 +03:00
Jouni Malinen
c34cd66866 OpenSSL: Drop security level to 0 if needed for EAP-FAST
OpenSSL 1.1.0 disables the anonymous ciphers by default, so need to
enable these for the special case of anonymous EAP-FAST provisioning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:17 +03:00
Jouni Malinen
16bc3b8935 OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2
This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed parameters
for TLS PRF and the external-to-OpenSSL PRF needs to be used instead.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:17 +03:00
Jouni Malinen
3de28506d2 OpenSSL: Implement openssl_tls_prf() for OpenSSL 1.1.0
This needs to use the new accessor functions since the SSL session
details are not directly accessible anymore and there is now sufficient
helper functions to get to the needed information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 18:56:45 +03:00
Jouni Malinen
4d2a1b4f8f OpenSSL: Implement SSL_set_session_secret_cb() callback for OpenSSL 1.1.0
This needs to use the new accessor functions for client/server random
since the previously used direct access won't be available anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 18:56:45 +03:00
Jouni Malinen
005c5dcf43 OpenSSL: Implement tls_connection_get_keys() for OpenSSL 1.1.0
This needs to use the new accessor functions since the SSL session
details are not directly accessible anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 18:56:45 +03:00
Jouni Malinen
690e543e8a OpenSSL: Include openssl/engine.h and openssl/dsa.h explicitly
This seems to be needed for OpenSSL 1.1.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 18:56:45 +03:00
Jouni Malinen
e9690eb74e OpenSSL: Remove extra BIO_write() call on TLS client
openssl_handshake() was checking only that in_data is not NULL and not
its length when determining whether to call BIO_write(). Extend that to
check the buffer length as well. In practice, this removes an
unnecessary BIO_write() call at the beginning of a TLS handshake on the
client side. This did not cause issues with OpenSSL versions up to
1.0.2, but that call seems to fail with the current OpenSSL 1.1.0
degvelopment snapshot. There is no need for that zero-length BIO_write()
call, so remove it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 18:56:45 +03:00
Max Stepanov
88f3d7c980 P2PS: Add feature capability to PD events
Report the feature capability on P2PS-PROV-START and P2PS-PROV-DONE
ctrl-iface events. A feature capability value is specified as
'feature_cap=<hex>' event parameter, where <val> is a hexadecimal
string of feature capability bytes in a PD Response frame.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Max Stepanov
c3ddf2c798 P2PS: Add CPT handling on PD request and response
On PD Request/follow-on PD Request preparation set a feature capability
CPT value of PD context.

On PD Request processing use a request CPT and service advertisement
CPT priority list to select a feature capability CPT of PD Response.

On follow-on PD Request processing use a request CPT and a CPT priority
list in PD context to select a CPT value of follow on PD Response.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Max Stepanov
0670de74ae P2PS: Add CPT parameter to P2PS_PROVISION and P2PS_PROVISION_RESP
Add a parameter allowing to specify a value of Coordination
Protocol Transport to P2PS_PROVISION and P2PS_PROVISION_RESP commands.

Extend the p2ps_provision structure to contain cpt_priority and
cpt_mask properties and initialize them on a P2PS PD request command.

The format of the parameter:
    cpt=<cpt>[:cpt]

where <cpt> is CPT name e.g. UDP or MAC. The CPT names are listed
according to their preferences to be used for a specific P2PS session.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Max Stepanov
e2b7fbf2fb P2PS: Add CPT parameter to P2P_SERVICE_ADD asp command
Add Coordination Transport Protocol parameter to P2P_SERVICE_ADD
asp command.

Extend p2ps_advertisement structure to contain CPT priorities
and a supported CPT bitmask.

The format of the new parameter:
    cpt=<cpt>[:<cpt>]

where <cpt> is a name of the Coordination Protocol Transport.
This implementation supports two CPT names: UDP and MAC.
The order of specified CPTs defines their priorities where
the first one has the highest priority.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Max Stepanov
add5975751 utils: Add cstr_token() function
Add an auxiliary cstr_token() function to get a token from a const char
string. The function usage syntax is similar to str_token(), but unlike
str_token() the function doesn't modify the buffer of the string. Change
str_token() function implementation to use cstr_token().

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Jouni Malinen
8f997f044f FST: Make fst_hw_mode_to_band() non-inline function
There is no need for using an inline function for this. Save a bit in
binary size by using a normal function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 18:45:14 +03:00
Jouni Malinen
f4843c2645 FST: Fix get_peer_mbies interface fetching in multi-group case
The foreach_fst_group() loop needs "break-if-found", not
"continue-if-not-found" to do the search iteration properly. If there
were multiple groups, the previous design could have failed to find the
interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 18:45:13 +03:00
Jouni Malinen
1ab51fb595 FST: Merge unreachable error case to another error return
fst_read_next_text_param() is never called with buflen <= 1, so this
separate error path is practically unreachable. Merge it with another
error path to make this a bit more compact.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 18:45:13 +03:00
Jouni Malinen
fa95b7c073 FST: Use more robust interface-find for TEST_REQUEST
It is possible for there to be multiple FST groups, so the hardcoded
mechanism of selecting the first one when sending out an event message
may not be sufficient. Get the interface from the caller, if available,
and if not, go through all groups in search of an interface to send the
event on.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 18:45:13 +03:00
Jouni Malinen
481fa8fb22 FST: Use more robust interface-find for event messages
It is possible for there to be multiple FST groups, so the hardcoded
mechanism of selecting the first one when sending out an event message
may not be sufficient. Get the interface from the caller, if available,
and if not, go through all groups in search of an interface to send the
event on.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 18:12:09 +03:00
Jouni Malinen
55cd405a44 FST: Remove unnecessary fst_attach() already attached check
Now that both hostapd and wpa_supplicant already enforce no duplicate
fst_attach() calls, there is no need for this check within fst_attach().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 18:12:09 +03:00
Jouni Malinen
fe73b469e8 FST: Fix dialog token wrap-around
Dialog token is only 8 bits and maintaining u32 version of it in struct
fst_group resulted in incorrect wrap-around behavior in
fst_group_assign_dialog_token(). It was possible to assign u8
dialog_token value 0 because of this. Fix this by using u8 variable
consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 18:12:08 +03:00
Jouni Malinen
b019955297 FST: Validate STIE header in FST Setup Request/Response
While this is always supposed to be the first element, check that this
is indeed the case instead of blindly using values from within the
element.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 11:22:21 +03:00
Jouni Malinen
e49f535dc5 FST: Fix Session Transition element length field value
The Element ID and Length subfields are not supposed to be included in
the Length. In addition, both of these subfields needs to be filled in
even for non-zero status code cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 11:21:58 +03:00
Jouni Malinen
94edea89fd FST: Print reason for ignoring FST Action frame in debug log
This makes it easier to understand why some frames are not processed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-25 23:20:33 +03:00
Ashok Ponnaiah
8659e33342 atheros: Enable PMF functionality without CONFIG_IEEE80211R=y
This extends the previous PMF (CONFIG_IEEE80211W=y) design that used
functionality from the FT (CONFIG_IEEE80211R=y) changes to work without
requiring CONFIG_IEEE80211R=y build option to be included.

Signed-off-by: Ashok Ponnaiah <aponnaia@qti.qualcomm.com>
2015-07-24 16:55:16 +03:00
Jouni Malinen
7c524a64c1 eloop: Fix cases where a socket is reopened from a timeout/signal handler
It was possible for a registered eloop socket handler to be unregistered
and re-registered for a re-opened socket with the same fd from a timeout
or signal handler. If such a case happened with the old socket having a
pending event waiting for processing, some eloop combinations could end
up calling the new handler function with the new socket and get stuck
waiting for an event that has not yet happened on the new socket. This
happened with timeout and signal handlers with all eloop.c types. In
addition to that, the epoll case could also trigger this when a socket
handler re-registered a re-opened socket.

Fix these by checking whether there has been socket handler changes
during processing and break the processing round by going back to
select/poll/epoll for an updated result if any changes are done during
the eloop handler calls before processing the old socket results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-23 18:39:35 +03:00
Jouni Malinen
569f8f9b87 tests: eloop socket re-open from timeout/socket handler
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-23 18:39:02 +03:00
Jouni Malinen
48b06c17fa drv_callbacks: Coding style cleanup
Clean up inconsistent whitespace use and split strings.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-22 19:56:04 +03:00
Jouni Malinen
acbd59d0a8 eloop: Try to terminate more quickly on SIGINT and SIGTERM
It was possible for the SIGINT/SIGTERM signal to be received while
processing a pending timeout/socket/signal event and then get stuck in
the following select() call before processing the signal event. If no
other events show up within the two second SIGALRM trigger, process will
be terminated forcefully even though there would have been possibility
to do clean termination assuming no operationg blocked for that two
second time.

Handle this more cleanly by checking for eloop.pending_terminate before
starting the select()/poll()/epoll_wait() wait for the following event.
Terminate the loop if pending signal handling requests termination.

In addition, make eloop_terminated() return 1 on eloop.pending_terminate
in addition to eloop.terminate since the process will be terminated
shortly and there is no point in starting additional processing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-22 17:05:46 +03:00
Ahmad Kholaif
6b0ceee929 Add QCA vendor definitions for multi-port concurrency
Introduce definitions for QCA vendor specific subcommands and attributes
to support multiport concurrency.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-22 11:50:01 +03:00
Ravi Joshi
d71bdfbd83 Add QCA vendor command for updating gateway parameters
Add vendor command for updating gateway parameters to the driver.

Signed-off-by: Ravi Joshi <ravij@qca.qualcomm.com>
2015-07-21 13:20:08 +03:00
Jouni Malinen
de74489276 Move ap_list_timer() to use common AP periodic cleanup mechanism
This reduces number of periodic eloop timeouts when AP mode operations
are in progress.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:42:35 +03:00
Jouni Malinen
22fd2822f9 Move hostapd_acl_expire() to use common AP periodic cleanup mechanism
This reduces number of periodic eloop timeouts when AP mode operations
are in progress.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:39:22 +03:00
Jouni Malinen
3188aabaf1 Add shared periodic cleanup function for AP mode
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:33:30 +03:00
Jouni Malinen
8c0d0ff22e Use a single cleanup timer per wpa_supplicant process
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:28:12 +03:00
Jouni Malinen
3c48c9c08f tests: Additional module tests for src/utils
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-19 23:07:04 +03:00
Jouni Malinen
8d7aa7565b EAP server: Force FAILURE if EAP method buildReq fails
Previously, this resulted in unnecessary wait and retransmission of the
previous EAP-Request. Change that to trigger immediate transmission of
EAP-Failure and disconnection since the EAP method cannot really recover
from this state.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-19 16:29:29 +03:00
Jouni Malinen
7420e36293 hostap: Remove special handling for protocol version 3 on RX
This functionality was removed from the Host AP driver in May 2003, so
there is not any point in maintaining this in hostapd either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 23:43:10 +03:00
Jouni Malinen
9c68b6af97 FST: Fix FST-MANAGER TEST_REQUEST parsing
The space separator between the command and the parameter was not
skipped properly and the first integer ended up being interpreted as 0
in all cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 19:28:38 +03:00
Jouni Malinen
c715d5c36c FST: Remove unreachable code in fst_session_handle_tear_down()
fst_session_is_in_progress() is already checked as part of
fst_find_session_in_progress() before calling
fst_session_handle_action(). This is the only call path that can reach
fst_session_handle_tear_down() and as such, fst_session_is_in_progress()
cannot return 0 here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 19:06:34 +03:00
Jouni Malinen
a55ebeac26 FST: Remove duplicated dl_list_empty() check befor dl_list_first()
dl_list_first() takes care of this already, so there is no need to do a
separate check here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
73664e0985 FST: Use EINVAL more consistently as a negative return value
There was a mix of EINVAL and -EINVAL returns through the FST
implementation. Make this more consistent by always returning -EINVAL in
error cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
a0f04da517 FST: Mark get_mb_ie() return value const
The caller is not expected to free or modify the value since this is
returning a reference to a buffer maintained by the upper layer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
74619cc150 FST: Replace print_mb_ies() with wpa_snprintf_hex()
There is no need to add new functions with more or less identical
functionality of an already available helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
c836aa267e FST: Mark format_session_state_extra() static
This is not used outside fst_ctrl_iface.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 12:40:23 +03:00
PavanKumar N
fab51186dc Allow driver to be set in hostapd through global control interface
This extends the hostapd global control interface ADD command to allow
driver wrapper to be specified ("ADD <ifname> <ctrl_iface> <driver>").
Previously, this case that did not use a configuration file allowed only
the default driver wrapper to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 23:54:29 +03:00
Jouni Malinen
faf7ce5d4f Drop CONFIG_TI_COMPILER ifdefs
This experimental support for Texas Instruments C compiler was never
fully completed and it has not really been used in close to ten years,
so drop this to simply the header files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-17 21:57:07 +03:00
Jouni Malinen
c7068f106f WPS: Avoid bogus static analyzer warning in ndef_parse_record()
Use a local variable and check the record payload length validity before
writing it into record->payload_length in hopes of getting rid of a
bogus static analyzer warning. The negative return value was sufficient
to avoid record->payload_length being used, but that seems to be too
complex for some analyzers. (CID 122668)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 20:43:17 +03:00
Jouni Malinen
6462e7387d FST: Avoid using pointer to mgmt->u.action.u.fst_action
Typecasting &mgmt->u.action.u.fst_action to a struct pointer for various
FST Action frame payloads seemed to be triggering static analyzer
warnings about bounds checking since sizeof(mgmt->u.action.u.fst_action)
== 1 even though that is really a variable length structure. Try to
avoid this by calculating the pointer for the beginning of the frame
instead of variable length struct. (CID 125642)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 20:37:15 +03:00
Jouni Malinen
85b563f7a4 P2P: Clear p2p->ssid_set on flush
It was possible for the previously set SSID to remain in place between
test cases (e.g., in sequence "p2ps_connect_adv_go_persistent
p2p_set_ssid_postfix") and the P2P SSID postfix not getting used
properly. Make this less likely to occur by clearing the old SSID in
p2p_flush().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 20:32:13 +03:00
Jouni Malinen
9721b083f4 FST: Remove the IE header len/size macros
These are confusing when the style used with the couple of FST IE checks
differs from the rest of hostapd/wpa_supplicant implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 19:06:48 +03:00
Jouni Malinen
f5f1cc9307 FST: Clean up fst_group_update_ie()
None of the callers passed in cleaning_up == TRUE, so drop that unused
code path.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 19:06:48 +03:00
Jouni Malinen
2bb51eddad FST: Move fst_mbie_get_peer_addr() into fst_group.c
There is no need for this function to be an inline function in a header
file since it is used only within fst_group.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 19:06:48 +03:00
Jouni Malinen
be9fbd9b67 FST: Fix FST Action frame length validation
Commit 717333f4e4 ('FST: Add the Fast
Session Transfer (FST) module') performed incorrect frame length
validation for Setup Request (did not remove 24+1 header from
consideration) and did not include payload validation for other FST
Action frames. Fix these by explicitly verifying that the payload of
these frames is sufficiently long before reading the values from there.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 13:00:17 +03:00
Jouni Malinen
66d464067d FT: Register RRB l2_packet only if FT-over-DS is enabled
There is no need to waste resources for this packet socket if FT-over-DS
is disabled or when operating P2P GO or AP mode in wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 11:16:15 +03:00
Anton Nayshtut
a8dab08a28 FST: Testing support
This patch introduces infrastructure needed for FST module tests.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:16 +03:00
Anton Nayshtut
46ab9b8cf0 nl80211: Register for FST Action frames (STA)
wpa_supplicant will process these Action frames for FST operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:16 +03:00
Anton Nayshtut
3794af2dc1 FST: wpa_supplicant control interface
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
8bae489f15 FST: Do not prune STAs belonging to the same FST
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
347827ff6e FST: Add FST IEs into AP mode management frames
This adds the FST IEs received from the FST module into Beacon, Probe
Response, and (Re)Association Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
037378ff31 FST: Send FST Action frames to AP mode processing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
8e9a8b0f8c FST: hostapd control interface
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
6959145b86 FST: Integration into hostapd
This commit integrates the FST into the hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
ae667c0827 FST: Store MB IEs from (Re)Association Request
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
104bef453b FST: hostapd configuration parameters
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
659a1605d8 Parsing of multi band element
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
717333f4e4 FST: Add the Fast Session Transfer (FST) module
Fast Session Transfer (FST) is the transfer of a session from a channel
to another channel in a different frequency band. The term "session"
refers to non-physical layer state information kept by a pair of
stations (STAs) that communicate directly (i.e., excludes forwarding).

The FST is implemented in accordance with IEEE Std 802.11ad-2012.

Definitions

 * FST interface - an interface for which FST functionality is enabled
 * FST group - a bunch of FST interfaces representing single
		multi-band STA
 * FST peer - a multi-band capable STA connected
 * FST module - multi-band operation functionality implemented in
		accordance with IEEE Std 802.11ad-2012 (see 10.32
		Multi-band operation) as a part of hostapd/wpa_supplicant
 * FST manager - an external application that implements custom FST
		related logic, using the FST module's interfaces
		accessible via CLI or D-Bus

This commit introduces only the FST module. Integration of the FST
module into the hostapd/wpa_supplicant and corresponding CLI/D-Bus
interfaces and FST related tests are covered in separate commits.

FST manager application is out of scope of these commits.

As FST aggregates a few interfaces into FST group, the FST module uses
global CLI for both commands and notifications. It also exposes
alternative non-interface based D-Bus subtree for this purposes.

Configuration and Initialization

 * FST functionality can enabled by compilation flag (CONFIG_FST)
 * hostapd/wpa_supplicant controlling multiple interfaces are used for
   FST
 * once enabled by compilation, the FST can be enabled for specific
   interfaces in the configuration files
 * FST interfaces are aggregated in FST groups (fst_group_id config file
   entry), where each FST group:
   - represents one multi-band device
   - should have two or more FST interfaces in it
 * priority (fst_priority config file entry) must be configured for each
   FST interface. FST interface with higher priority is the interface FST
   will always try to switch to. Thus, for example, for the maximal
   throughput, it should be the fastest FST interface in the FST setup.
 * default Link Loss Timeout (LLT) value can be configured for each FST
   interface (fst_llt config file entry). It represents LLT to be used
   by FST when this interface is active.
 * FST interfaces advertise the Multi-band capability by including the
   Multi-band element in the corresponding frames

FST CLI commands:

 * fst list_groups - list FST groups configured.
 * fst list_ifaces - list FST interfaces which belong to specific group
 * fst iface_peers - list Multi-Band STAs connected to specific interface
 * fst list_sessions - list existing FST sessions
 * fst session_get - get FST session info
 * fst session_add - create FST session object
 * fst session_set - set FST session parameters (old_iface, new_iface,
                     peer_addr, llt)
 * fst session_initiate - initiate FST setup
 * fst session_respond - respond to FST setup establishemnt attempt by
                         counterpart
 * fst session_transfer - initiate FST switch
 * fst session_teardown - tear down FST Setup but leave the session object
			  for reuse
 * fst session_remove - remove FST session object

FST CLI notifications:
  * FST-EVENT-PEER - peer state changed (CONNECT/DISCONNECT)
  * FST-EVENT-SESSION - FST session level notification with following
                        sub-events:
     - EVENT_FST_SESSION_STATE - FST session state changed
     - EVENT_FST_ESTABLISHED - previously initiated FST session became
                               established
     - EVENT_FST_SETUP - new FST session object created due to FST session
                         negotiation attempt by counterpart

All the FST CLI commands and notifications are also implemented on D-Bus
for wpa_supplicant.

IEEE 802.11 standard compliance

FST module implements FST setup statemachine in compliance with IEEE
802.11ad (P802.11-REVmc/D3.3), as it described in 10.32 Multi-band
operation (see also Figure 10-34 - States of the FST setup protocol).

Thus, for example, the FST module initiates FST switch automatically
when FST setup becomes established with LLT=0 in accordance with
10.32.2.2 Transitioning between states.

At the moment, FST module only supports non-transparent STA-based FST
(see 10.32.1 General).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
290078a734 Add IEEE 802.11ad element descriptions
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Anton Nayshtut
36209df93a Add is_multicast_ether_addr()
This helper function can be used to check whether a MAC address is a
multicast (including broadcast) address.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Anton Nayshtut
ee1e3f57b5 hostapd: Global control interface notifications
This commit implements hostapd global control interface notifications
infrastructure. hostapd global control interface clients issue
ATTACH/DETACH commands to register and deregister with hostapd
correspondingly - the same way as for any other hostapd/wpa_supplicant
control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Anton Nayshtut
cb05808c46 nl80211: Generic Linux master interface support for hostapd
Previously, hostapd only supported the case of EAPOL frames receiving
from interfaces enslaved into bridge. This commit adds support for any
Linux master (teaming, openvswitch, bonding, etc.) to be detected.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Jouni Malinen
3722c0f4aa Add EAPOL_SET hostapd command to configure EAPOL parameters
This new control interface command "EAPOL_REAUTH <MAC address>
<parameter> <value>" can be used to implement the IEEE 802.1X PAE
Set Authenticator Configuration operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-12 11:34:18 +03:00
Jouni Malinen
cfb5c08f21 Add EAPOL_REAUTH hostapd command to trigger EAPOL reauthentication
This new control interface command "EAPOL_REAUTH <MAC address>" can be
used to implement the IEEE 802.1X PAE Reauthenticate operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-12 11:33:33 +03:00
Jouni Malinen
bddc51e8e4 RSN: Stop connection attempt on apparent PMK mismatch
If WPA2-Enterprise connection with full EAP authentication (i.e., no
PMKSA caching used) results in a PMKID that does not match the one the
AP/Authenticator indicates in EAPOL-Key msg 1/4, there is not much point
in trying to trigger full EAP authentication by sending EAPOL-Start
since this sequence was immediately after such full authentication
attempt.

There are known examples of authentication servers with incorrect MSK
derivation when TLS v1.2 is used (e.g., FreeRADIUS 2.2.6 or 3.0.7 when
built with OpenSSL 1.0.2). Write a clear debug log entry and also send
it to control interface monitors when it looks likely that this case has
been hit. After doing that, stop the connection attempt by
disassociating instead of trying to send out EAPOL-Start to trigger new
EAP authentication round (such another try can be tried with a new
association).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 20:55:17 +03:00
Jouni Malinen
fe1bf32974 Make TLS version number available in STATUS command
This adds a new STATUS command field "eap_tls_version" that shows the
TLS version number that was used during EAP-TLS/TTLS/PEAP/FAST exchange.
For now, this is only supported with OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:51:03 +03:00
Jouni Malinen
5650d379a3 OpenSSL: Add option to disable use of TLSv1.0
The new phase1 config parameter value tls_disable_tlsv1_0=1 can now be
used to disable use of TLSv1.0 for a network configuration. This can be
used to force a newer TLS version to be used. For example,
phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1" would indicate that
only TLS v1.2 is accepted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:27:57 +03:00
Jouni Malinen
2456264fad NFC: Add a hardcoded limit on maximum NDEF payload length
While this is already enforced in practice due to the limits on the
maximum control interface command length and total_length bounds
checking here, this explicit check on payload_length value may help
static analyzers understand the code better. (CID 122668)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 17:03:34 +03:00
Jouni Malinen
df9079e727 NFC: Fix payload length validation in NDEF record parser
It was possible for the 32-bit record->total_length value to end up
wrapping around due to integer overflow if the longer form of payload
length field is used and record->payload_length gets a value close to
2^32. This could result in ndef_parse_record() accepting a too large
payload length value and the record type filter reading up to about 20
bytes beyond the end of the buffer and potentially killing the process.
This could also result in an attempt to allocate close to 2^32 bytes of
heap memory and if that were to succeed, a buffer read overflow of the
same length which would most likely result in the process termination.
In case of record->total_length ending up getting the value 0, there
would be no buffer read overflow, but record parsing would result in an
infinite loop in ndef_parse_records().

Any of these error cases could potentially be used for denial of service
attacks over NFC by using a malformed NDEF record on an NFC Tag or
sending them during NFC connection handover if the application providing
the NDEF message to hostapd/wpa_supplicant did no validation of the
received records. While such validation is likely done in the NFC stack
that needs to parse the NFC messages before further processing,
hostapd/wpa_supplicant better be prepared for any data being included
here.

Fix this by validating record->payload_length value in a way that
detects integer overflow. (CID 122668)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 16:52:25 +03:00
Andrei Otcheretianski
b843a8b8a6 P2PS: Save intended interface address after P2PS PD
One possible outcome of the P2PS PD is P2P GO/P2P Client. In this case,
one peer becomes a P2P GO and the P2P Client joins it. Since multiple
GOs may run simultaneously on the same P2P Device, the P2P Client should
join using the intended interface address.

To be able to find the device by the intended interface address, save it
during the PD.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:59:44 +03:00
Andrei Otcheretianski
5cc6ec0f68 P2PS: Set intended interface address correctly for new group
If a device may be an explicit GO, it adds the GO details in the PD
Request. First, we try to reuse an active GO. If it is not present, we
try to reuse a non-active persistent group. In the latter case, if a
dedicated P2P interface is needed, the intended address should be that
of the pending interface. However, the wpas_get_go_info() provided the
ssid->bssid address, which is the address of the P2P device. This might
result in an incorrect intended interface attribute in the PD Request in
case a separate group interface is used.

Fix this by setting group_iface variable to true only if a dedicated
interface should be used and set the attribute accordingly.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:57:07 +03:00
Andrei Otcheretianski
1f14e2bf92 P2PS: Add PD Response validation
Validate the PD Response frame contents more thoroughly when it is used
for P2PS.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:52:38 +03:00
Andrei Otcheretianski
1f1a08b4cc P2PS: Add intended iface address during PD for persistent group
When persistent group is used and the peer is GO in this group,
intended interface attribute should be added to PD request/response.
Not doing so violates the spec.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:41:19 +03:00
Andrei Otcheretianski
223ccebfa3 P2PS: Save wps_prov_info on the responder side
When device A sends PD response to device B, device A should save
wps_prov_info for device B. Not doing so would result in a redundant and
incorrect PD flow, e.g., when upon PROV-DISC-DONE event device B starts
a GO and device A should join it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:26:07 +03:00
Andrei Otcheretianski
2fc866d1bc P2PS: Validate WPS config methods more accurately in PD Request
In case of a P2PS PD, allow keypad, display, and P2PS WPS config
methods. For a legacy PD, allow keypad, display, and pushbutton methods.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:24:01 +03:00
Max Stepanov
ea210b9f8a P2P: Refactor p2p_process_prov_disc_resp() function
Add 'else if' to P2PS status verification to prevent a redundant
condition checking. The first 'if' condition is true only if
  status == P2P_SC_SUCCESS || status == P2P_SC_SUCCESS_DEFERRED.
while the second condition checks:
  status != P2P_SC_SUCCESS &&
  status != P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE &&
  status != P2P_SC_SUCCESS_DEFERRED
Thus, the two conditions are mutually exclusive and 'else if' can be
used if this case.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:21:44 +03:00
Max Stepanov
20f4c3d76b P2P: Delete redundant comparison in p2p_process_prov_disc_resp()
Delete redundant comparison of msg.wps_config_methods with
dev->req_config_methods in p2p_process_prov_disc_resp() since it's
already done early in this function. Also, the second comparison
doesn't make too much sense: it can happen after a possible
p2p_reset_pending_pd() call setting dev->req_config_methods to 0.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:20:43 +03:00
Max Stepanov
82d6113502 P2PS: Fix adv_id and adv_mac params of P2P-PROV-DISC-FAILURE
When wpa_supplicant receives a PD Response with reject status it
generated P2P-PROV-DISC-FAILURE event without adv_id and adv_mac
parameters. Fix this by adding these parameters to the
wpas_prov_disc_fail() function call.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 19:40:49 +03:00
Dan Williams
e8492c8145 hostap: Fix send_mlme() after 'freq' parameter addition
This fixes the incomplete driver_hostap.c change from commit
5d180a7739 ('drivers: Add freq parameter
to send_mlme() function') that did not take into account the internal
callers.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2015-07-07 19:40:49 +03:00
Jouni Malinen
c8a15753eb Send EAPOL-Start on HELD->CONNECTING transition
Previously, only CONNECTING->CONNECTING case ended up sending out an
EAPOL-Start frame to avoid sending the unnecessary initial EAPOL-Start.
However, this optimization prevented new EAPOL-Start from being
initiated when leaving the HELD state. Allow that case to trigger
immediate EAPOL-Start transmission to speed up connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 19:25:31 +03:00
Mike Gerow
471c810bc1 pkcs11: Don't ask for a new PIN on TLS handshake failure
The only time the PIN should fail is when we initialize the TLS
connection, so it doesn't really make sense to get rid of the PIN just
because some other part of the handshake failed.

This is a followup to commit fd4fb28179
('OpenSSL: Try to ensure we don't throw away the PIN unnecessarily').

Signed-off-by: Mike Gerow <gerow@google.com>
2015-07-07 19:25:31 +03:00
Jouni Malinen
476a634d60 Avoid ubsan warning on 0x80<<24 not fitting in int in WPA_GET_BE32/LE32
Use a typecast to make this shift unsigned so that the MSB fits within
the range of allowed values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
cf6fd19b34 ndisc_snoop: Avoid misaligned read of IPv6 address
The IPv6 address in the frame buffer may not be 32-bit aligned, so use a
local copy to align this before reading the address with 32-bit reads
(s6_addr32[]).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
e9ed7d9898 EAP-TTLS: Avoid ubsan warning on 0x80<<24 not fitting in int
Use a typecast to make this unsigned so that the MSB fits within the
range of allowed values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
0f5fb8a467 radiotap: Avoid ubsan warning on 1<<31
Use the BIT() macro and unsigned int to avoid ubsan warning on 1<<31 not
fitting in an int.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
fc880b11ed NFC: Avoid misaligned read of an NDEF field
The 32-bit version of payload length field may not be 32-bit aligned in
the message buffer, so use WPA_GET_BE32() to read it instead of ntohl().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
e01281fccc trace: Use explicit alignment requirements to avoid misalignment
64-bit builds with CONFIG_WPA_TRACE=y resulted in the wpabuf pointers
getting misaligned (only 32-bit aligned) and that would result in reads
and writes of unaligned size_t values. Avoid this by indicating explicit
alignment requirement for wpabuf_trace to 8 octets (i.e., there will be
extra four octets of padding in case of 64-bit builds).

Similarly, struct os_alloc_trace resulted in some potential misalignment
cases, e.g., when CONFIG_ACS=y uses a 'long double' variable within
struct hostapd_channel_data. Avoid misalignment issues with explicit
alignment indication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
f97e3ce473 drivers: Use unsigned arguments for sta_set_flags()
Since BIT() is now returning unsigned int, these functions need to match
that to avoid compiler warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
32d6463fe7 Make BIT() unsigned int instead of int
This is needed to avoid ubsan warnings on BIT(31).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
bd47c80564 Include stddef.h to use the standard offsetof()
src/utils/list.h ended up defining a local version of offsetof() due to
stddef.h not getting included. This resulted in unnecessary warnings
from ubsan related to "dereferencing" of a NULL pointer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
028b19675d RADIUS DAS: Avoid compiler warning on abs()
The input parameter ended up being converted to long int instead of int,
so use an explicit typecase to get rid of the compiler warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
597e8afeb4 ERP: Avoid mixing of enum types
Use explicit typecasting to avoid implicit conversion warnings in cases
where enum eap_erp_type is used in functions taking an EapType argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
05a90d78dc FT: Allow CCMP-256 and GCMP-256 as group ciphers
The FT-specific check for valid group cipher in wpa_ft_gen_req_ies() was
not up-to-date with the current list of supported ciphers. Fix this by
using a generic function to determine validity of the cipher. In
practice, this adds support for using CCMP-256 and GCMP-256 as the group
cipher with FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
f24b97972b OpenSSL: Merge error returns
These similar error cases can use a single return statement.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:48:22 +03:00
Jouni Malinen
84d6a17a27 TLS: Remove unused tls_capabilities()
This mechanism to figure out TLS library capabilities has not been used
since commit fd2f2d0489 ('Remove
EAP-TTLSv1 and TLS/IA') (Sep 2011).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:40:48 +03:00
Jouni Malinen
786722763d ms_funcs: Merge similar return cases
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
359636170f hw_features: Merge similar return case in check_40mhz_2g4()
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
aac1efec34 Reject the initial 4-way handshake if initial GTK setup fails
This makes the AP/Authenticator design more robust against unexpected
failures in random number generation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
2da525651d Add backtrace-based error path testing mechanism
The new TEST_FAIL and GET_FAIL control interface commands can be used
similarly to the earlier TEST_ALLOC_FAIL/GET_ALLOC_FAIL design. The new
version is more generic framework allowing any function to be annotated
for failure testing with the TEST_FAIL() macro. This mechanism is only
available in builds with CONFIG_WPA_TRACE_BFD=y and
CONFIG_TESTING_OPTIONS=y. For other builds, the TEST_FAIL() macro is
defined to return 0 to allow the compiler to remove the test code from
normal production builds.

As the first test site, allow os_get_random() to be marked for failing
based on call backtrace.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
55413ce072 P2P: Do not allow 40 MHz co-ex PRI/SEC switch to force MCC
Do not allow 40 MHz co-ex PRI/SEC switch to force us to change our PRI
channel if we have an existing connection on the selected PRI channel
since doing multi-channel concurrency is likely to cause more harm than
using different PRI/SEC selection in environment with multiple BSSes on
these two channels with mixed 20 MHz or PRI channel selection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-28 18:14:58 +03:00
Stepanov, Max
8c43ef8449 P2PS: Fix attribute addition in p2p_buf_add_service_instance()
Fix a condition when Advertised Service Info Attribute is added to
a probe response in p2p_buf_add_service_instance(). The issue is
that a 'found' value is increased even if 'test' and 'adv->hash' hashes
are different. As result 'found' may have a non-zero value when an
attribute data length is 0. In this cause an empty attribute is about to
be added. Fixing it by eliminating 'found' and checking 'total_len'
containing a real number of bytes added to Advertised Service Info
Attribute.

This fixes an issue from commit 50a9efe713
('P2PS: Fix Probe Response frame building in error cases').

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-06-27 23:54:10 +03:00
Jouni Malinen
6c7314917b AP: Increase maximum value accepted for cwmin/cwmax
The cwmin/cwmax parameters were limited more than is needed. Allow the
full range (0..15 for wmm_ac_??_{cwmin,cwmax} and 1..32767 for
tx_queue_data?_{cwmin,cwmax}) to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 23:34:49 +03:00
Jouni Malinen
575e4f5d49 SAE: Reject FFC commit-element with value p-1
The current P802.11 description of SAE uses "1 < element < p" as the
required range. However, this is not correct and does not match the
Dragonfly description of "1 < element < p-1". SAE definition will need
to change here. Update the implementation to reject p-1 based on the
correct rule here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 21:20:14 +03:00
Jouni Malinen
a406244395 P2PS: Do not reply to ProbeReq on another channel when starting Listen
It was possible for the P2PS Probe Response frame to go out on the
channel on which a Probe Request frame was reported even when we are
just about to start Listen mode on another channel. This could result in
the peer device using incorrect channel for us. Fix this by skipping the
response in this special case while waiting for Listen mode to start.

This showed up as a hwsim test failure with test sequence "gas_fragment
p2ps_connect_display_method_nonautoaccept" in cases where the dev[0]
Listen channel was not same as the AP operating frequency in the GAS
test.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 17:10:19 +03:00
Jouni Malinen
0c2b3f6541 SAE: Reject commit-scalar value 1
IEEE Std 802.11-2012 description of SAE does not require this, i.e., it
describes the requirement as 0 < scalar < r for processing the Commit
message. However, this is not correct and will be changes to 1 < scalar
< r to match the Dragonfly description so that a trivial secret case
will be avoided explicitly.

This is not much of an issue for the locally generated commit-scalar
since it would be very unlikely to get the value of 1. For Commit
message processing, a peer with knowledge of the password could
potentially force the exchange to expose key material without this
check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 12:41:40 +03:00
Dmitry Shmidt
4f39908b60 Send CTRL-EVENT-NETWORK-NOT-FOUND if no suitable network was found
This provides more information to upper layer programs on what happens
with connection attempts in cases where the enabled networks are not
found in scan results.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-06-27 11:08:08 +03:00
Kevin Cernekee
ded14ce95d Android: Fix nl80211 build if BOARD_*_PRIVATE_LIB is unspecified
wpa_supplicant has stub functions if the external p2p symbols are
unavailable, but the build still fails if the
wpa_driver_nl80211_driver_cmd symbol is missing.  Fix this by leaving the
function pointer NULL.  This is safe because wpa_drv_driver_cmd() performs
a NULL check.

Signed-off-by: Kevin Cernekee <cernekee@google.com>
2015-06-26 22:46:49 +03:00
Kevin Cernekee
a1407217b1 Android: Rename ANDROID_P2P_STUB to ANDROID_LIB_STUB
If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will
need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd
in order to successfully link.  Let's make the name more generic so it is
more obvious what it is used for.

Suggested-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Kevin Cernekee <cernekee@google.com>
2015-06-26 22:46:16 +03:00
Maneesh Jain
4457f41b54 radius: Fix NULL dereference issue on allocation failure
In case memory allocation fails, data->pac_opaque_encr_key may be NULL
and lead to possible crash.

Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-06-26 22:44:41 +03:00
Jouni Malinen
f826fb1de1 OpenSSL: Handle EC_POINT_is_on_curve() error case
Even though this OpenSSL function is documented as returning "1 if point
if on the curve and 0 otherwise", it can apparently return -1 on some
error cases. Be prepared for that and check explicitly against 1 instead
of non-zero.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
bbb50086e3 SAE: Use random "password" in extra hunting-and-pecking loops
If PWE is discovered before the minimum number of loops (k) is reached,
the extra iterations use a random "password" to further obfuscate the
cost of discovering PWE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
eb5fee0bf5 SAE: Add side-channel protection to PWE derivation with ECC
This replaces the earlier IEEE Std 802.11-2012 algorithm with the design
from P802.11-REVmc/D4.0. Things brings in a blinding technique for
determining whether the pwd-seed results in a suitable PWE value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
16841ab246 crypto: Add functions for computing the Legendre symbol and EC y^2
These are needed to implement side-channel protection for SAE PWE
derivation for ECC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
c4a13b424b OpenSSL: Add support for Brainpool Elliptic Curves
This allows the IKE groups 27-30 (RFC 6932) to be used with OpenSSL
1.0.2 and newer. For now, these get enabled for SAE as configurable
groups (sae_groups parameter), but the new groups are not enabled by
default.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
4584b66eae SAE: Increase security parameter k to 40 based on Dragonfly recommendation
draft-irtf-cfrg-dragonfly recommends implementation to set the security
parameter, k, to a value of at least 40. This will make PWE generation
take significantly more resources, but makes it more likely to hide
timing differences due to different number of loops needed to find a
suitable PWE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-25 20:53:37 +03:00
Jouni Malinen
fdd731bd4a SAE: Fix PWE generation to use minimum loop count (k) properly
The implementation did not match the comment, i.e., only k-1 rounds were
required instead of k.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-25 20:53:37 +03:00
Jouni Malinen
8ec33326c1 SAE: Merge sae_derive_commit() error case return statements
These error cases have the exact same outcome, so a single return
statement can be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
d93abd4a97 SAE: Merge sae_get_rand() error case return statements
These error cases have the exact same outcome, so a single return
statement can be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
6a58444d27 SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are different
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
4e7e68890a Add crypto_ec_point_cmp()
This is needed to allow SAE to check whether ECC elements are identical.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 22:29:23 +03:00
Jouni Malinen
fdc5608c12 OpenSSL: Remove SSL_CTX_{get,set}_app_data() compatibility wrapper
OpenSSL 0.9.8 (and newer) includes SSL_CTX_get_app_data() and
SSL_CTX_set_app_data(), so there is no need to maintain this old
OPENSSL_SUPPORTS_CTX_APP_DATA backwards compatibility design.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 21:05:02 +03:00
Jouni Malinen
ba54933f63 libtommath: Fix mp_init_multi() stdarg use on error path
Previously, it would have been possible for va_end(args) to be called
twice in case mp_init() fails. While that may not cause issues on number
of platforms, that is not how va_start()/va_end() are supposed to be
used. Fix this by returning from the function without using va_end()
twice on the same va_list args.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 20:39:08 +03:00
Jouni Malinen
f6df3f3a00 Use os_* wrapper more consistently
os_free() needs to be used when freeing memory that was allocated with
os_malloc()/os_zalloc()/os_calloc().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 20:08:00 +03:00
Jouni Malinen
c5ca73d1f7 P2P: Use offsetof() instead of local implementation
The construction used here to figure out the offset of variable length
IEs in Probe Request frames was a bit odd looking and resulted in a
warning from a static analyzer, so replace it with more standard use of
offsetof().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 18:30:11 +03:00
Jouni Malinen
c3c5b5fe92 ERP server: Make erp_send_finish_reauth() easier for static analyzers
The flags argument is used to indicate a failure case (0x80) which
allows erp == NULL. This may be a bit too difficult combination for
static analyzers to understand, so add an explicit check for !erp as
another condition for returning from the function before the erp pointer
gets dereferenced without checking it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 18:27:06 +03:00
Jouni Malinen
6ce1bea1ff bsd: Remove redundant NULL check in bsd_init()
drv cannot be NULL here (it is dereferenced even on the preceding line)
and anyway, os_free(NULL) is allowed, so remove the redundant check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 18:20:24 +03:00
Jouni Malinen
c99df20192 Remove redundant NULL check in ieee802_1x_encapsulate_radius()
The eap argument to this function is never NULL and the earlier
ieee802_1x_learn_identity() call is dereferencing it anyway, so there is
no point in checking whether it is NULL later in the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 18:18:25 +03:00
Jouni Malinen
2eb5967d99 AP: Add more 2.4 GHz channels for 20/40 MHz HT co-ex scan
This needs to find the PRI channel also in cases where the affected
channel is the SEC channel of a 40 MHz BSS, so need to include the
scanning coverage here to be 40 MHz from the center frequency. Without
this, it was possible to miss a neighboring 40 MHz BSS that was at the
other end of the 2.4 GHz band and had its PRI channel further away from
the local BSS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 11:25:22 +03:00
Jouni Malinen
5ed6519625 hw_features: Merge similar return cases
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 11:24:52 +03:00
Jouni Malinen
4e37dd6c60 SAE: Simplify sae_prepare_commit() error path
There is no need to keep separate "return -1" statements for these error
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-22 00:38:02 +03:00
Jouni Malinen
3dce85ceb0 HS 2.0: Add WLAN RADIUS attributes in OSEN case
Previously, the common WLAN-* RADIUS attributes were added only when WPA
or WPA2 was used. These can be of use for OSEN as well, so include them
in that case, too.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:04:32 +03:00
Jouni Malinen
efd5d26d33 Remove unnecessary wpa_ie_len check from wpa_parse_wpa_ie_wpa()
There is no need to have a separate "fail silently" case for wpa_ie_len
== 0. That condition does not seem to be reachable and even if it were,
the following "ie len too short" case will result in the exact same
return value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:04:31 +03:00
Jouni Malinen
ce8963fc9f Remove WEP40/WEP104 cipher suite support for WPA/WPA2
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:04:31 +03:00
Jouni Malinen
1887be4fa7 Make check_20mhz_bss() static
This is not used outside this file anymore, so there is no need to
export the symbol either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 16:05:54 +03:00
Ilan Peer
1ac977bdd5 nl8021: Allow sending wowlan configuration on any interface
Sending a wowlan configuration command can be done on any wireless
interface (not only netdev), as it is a device configuration and not
interface configuration specific. Fix the code to allow it to be
sent on any interface.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-06-19 16:17:04 +03:00
Ilan Peer
489970270b nl80211: Remove android_genl_ctrl_resolve()
Android libnl_2 implementation added support for "nl80211" name in
commit 'libnl_2: Extend genl_ctrl_resolve() to support "nl80211" name'
in July 2012 which got included in Android 4.2. It is fine to drop this
old Android ICS workaround from wpa_supplicant now.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-06-19 16:06:28 +03:00
Ben Rosenfeld
6b5147af53 P2P: Fix memory leak in p2p_process_nfc_connection_handover()
p2p_process_nfc_connection_handover() allocates msg memory in the parser
and might return before memory is released if the received message is
not valid.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2015-06-19 01:23:24 +03:00
Jouni Malinen
33ba27d387 EAP-FAST peer: Stop immediately on key derivation failure
If key derivation fails, there is no point in trying to continue
authentication. In theory, this could happen if memory allocation during
TLS PRF fails.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-19 01:23:24 +03:00
Ben Rosenfeld
144b6a0650 OpenSSL: Fix memory leak on an openssl_tls_prf() error path
Free tmp_out before returning to prevent memory leak in case the second
memory allocation in openssl_tls_prf() fails. This is quite unlikely,
but at least theoretically possible memory leak with EAP-FAST.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2015-06-19 01:23:24 +03:00
Jouni Malinen
50a9efe713 P2PS: Fix Probe Response frame building in error cases
org.wi-fi.wfds service is not a replacement for non-WFA service matches.
Do not try to replace the results with that if there is not sufficient
room for the response. Instead, reply with all the matching services
that fit into the message. org.wi-fi.wfds is the first entry in the list
(if matching request/service is present), so it won't get overridden by
other services.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 18:14:04 +03:00
Jouni Malinen
509f269bbd P2PS: Fix org.wi-fi.wfds matching when building the response
The service hash for org.wi-fi.wfds is supposed to match only if the
device has a WFA defined org.wi-fi.wfds.* service. Verify that before
adding org.wi-fi.wfds to the response.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 18:14:04 +03:00
Jouni Malinen
5fa5f84324 P2PS: Add more debug prints for service info building
This makes the debug log much more helpful for figuring out results from
service hash matching.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 18:14:04 +03:00
Jouni Malinen
fdde3db6b8 P2PS: Remove unnecessary service hash filtering from p2p_reply_probe()
Probe Response building is already doing service matching and there is
no need to do this in both places, so simplify the p2p_reply_probe()
implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 18:14:04 +03:00
Jouni Malinen
f2e0eecf09 P2PS: Do not ignore other hashes if org.wi-fi.wfds hash is included
When doing initial processing of Probe Request frame service hashes, the
previous implementation dropped all other hash values if a hash for
org.wi-fi.wfds was included. This is not correct, since that is not a
full wildcard of all services (it only matches WFA defined
org.wi-fi.wfds.* services).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 17:27:31 +03:00
Jouni Malinen
ebdc32f350 P2PS: Fix service hash matching for org.wi-fi.wfds
This "wildcard" match is for WFA specified org.wi-fi.wfds.* services,
not for all services. Verify that there is a really matching service
being advertised instead of assuming this "wildcard" matches if any
services are advertised.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 17:27:31 +03:00
Jouni Malinen
24533f7e81 P2PS: Fix p2p_find handling to allow "wildcard" with other hash values
The org.wi-fi.wfds "wildcard" is not a full wildcard of all service
names and as such, it must not remove other service name hash values
from the Probe Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 17:27:31 +03:00
Jouni Malinen
f33a31b06c P2PS: Verify service name length in P2P_FIND command
p2ps_gen_hash() has a limit on service names based on the temporary
buffer from stack. Verify that the service name from the local P2P_FIND
command is short enough to fix into that buffer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 17:27:30 +03:00
Max Stepanov
83e520e473 P2PS: Add a wildcard with other advertised service info
Quoting P2PS specification: "If multiple Service Hash values are
included in the Probe Request frame, then the ASP shall find a match for
each Service Hash, and it shall send a Probe Response frame with the
information listed in this section for all matched Service Hashes." This
commit changes handling of wildcard hash matching by adding a
wildcard 'org.wi-fi.wfds' info together with the other hash matches.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-18 15:06:54 +03:00
Max Stepanov
c5d3cadbfb P2PS: Re-factor p2p_buf_add_service_instance function
Add auxiliary functions to write a single advertised service info record
into a wpabuf and to find P2PS wildcard hash in a received hash
attribute. Re-factor p2p_buf_add_service_instance() function to allow
adding new wildcard types in future commits.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-18 15:06:48 +03:00
Jouni Malinen
b4c0f58452 Clear allocated debug message buffers explicitly
When hostapd or wpa_supplicant is run in debug more with key material
prints allowed (-K on the command line), it is possible for passwords
and keying material to show up in debug prints. Since some of the debug
cases end up allocating a temporary buffer from the heap for processing
purposes, a copy of such password may remain in heap. Clear these
temporary buffers explicitly to avoid causing issues for hwsim test
cases that verify contents of memory against unexpected keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-17 16:30:34 +03:00
Max Stepanov
e12c4004e4 P2PS: Refactor p2p_data::query_hash and p2p_data::query_count use
Avoid using p2p_data::query_hash for both Probe Request frame processing
and for hashes specified by p2p_find. It's resolved by use of local
query_hash and query_count variables in p2p_reply_probe().

Since p2p_data::query_hash is used only for seek hash values rename
p2p_data::query_hash to p2ps_seek_hash.

Delete p2p_data::query_count since it's not needed anymore.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-15 17:30:01 +03:00
Sunil Dutt
4839da4d4f P2P: Add vendor elements into Invitation Response frames
Commit 86bd36f0d5 ('Add generic mechanism
for adding vendor elements into frames') introduced a mechanism to add
vendor elements into various frames, but missed the addition to the
Invitation Response frame. This commit addresses the same.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-15 14:16:30 +03:00
Max Stepanov
886f583dd7 P2PS: Delete p2ps_svc_found from struct p2p_data
This variable is used locally only in the p2p_reply_probe() function.
The value of this variable is valid only in the context of the single
Probe Request message handling and doesn't make much sense in p2p
context.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Max Stepanov
3f048aa8d2 P2PS: Add a function to free a PD context
Free a PD context with a function encapsulating both os_free() call and
setting a PD context pointer to NULL.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Andrei Otcheretianski
8f52409972 P2P: Prefer direct Probe Response frames over GO's client list
A P2P Client may be discoverable and reply to Probe Request frames,
while at the same time the P2P GO would also be discoverable and include
the P2P Client information in the P2P Group Info attribute of the Probe
Response frames.

If a seeker constantly hears the Probe Response frames from a P2P Client
and then from the GO, but handles them in the opposite order (due to
scan results ordering), the more valuable Probe Response frame from the
P2P Client will be ignored. Fix this by defining a threshold (1 second)
during which the direct Probe Response frame will be preferred over the
information acquired from the GO and will not be considered as old.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Andrei Otcheretianski
4e8817f7f0 P2P: Use more precise device timestamping for group clients
When adding group clients to the P2P peer list, use the driver provided
BSS entry timestamp instead of the current time. Otherwise, the time
comparison which is made in p2p_add_device() doesn't make sense.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Andrei Otcheretianski
0799b3f899 P2P: Specify frequency when sending Probe Response frame
If the RX frequency of the Probe Request frame is known, specify it when
sending the Probe Response frame. This is needed when the Probe Request
frame is received on another virtual interface, for example, when a GO
or P2PS client are discoverable on the group operating channel.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Andrei Otcheretianski
5d180a7739 drivers: Add freq parameter to send_mlme() function
Change send_mlme() API to allow sending management frames on a specific
channel, overriding the internal driver decision.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Max Stepanov
5143e7ee6e P2P: Fix return value of p2p_reply_probe() and p2p_probe_req_rx()
Return P2P_PREQ_PROCESSED instead of P2P_PREQ_NOT_PROCESSED on
a successful Probe Request frame handling in p2p_reply_probe().

Verify a return value of p2p_reply_probe() in p2p_probe_req_rx()
and continue a pending invitation/connection flow only if the
Probe Request frame is from an expected P2P peer.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Max Stepanov
734ddf6125 P2P: Add rx_freq parameter to Probe Request frame handler
In some cases, Probe Request frames can be received by a peer not only
on a listen channel. In this case an additional rx_freq parameter
explitly contains a Probe Request frame RX frequency. In case rx_freq is
set to 0, a Probe Request frame RX channel is assumed to be our own
listen channel (p2p->cfg->channel).

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-06-14 23:16:55 +03:00
Jouni Malinen
a9a4841010 Remove duplicated country code from operating class lists
CA country code was included mistakenly (copy-paste..) in cn_op_class_cc
while it was supposed to be included only in us_op_class_cc. In
practice, this did not result in incorrect operation due to the
us_op_class_cc list being checked first. Anyway, better fix
cn_op_class_cc to avoid confusion here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-14 17:40:10 +03:00
Jouni Malinen
bbd0bf811e tests: Additional ieee802_11_parse_elems() module test coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-14 16:47:29 +03:00
Jouni Malinen
41ecd3778d tests: Module test for gas.c corner cases in gas_anqp_set_len()
This increases code coverage for gas.c testing to cover areas that
cannot be reached with pure hwsim test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-14 16:27:21 +03:00
Michael Braun
132dfbe8c2 Fix removal of tagged interface and bridge when multiple BSS share them
Currently, if multiple bss share are bridge and tagged vlan interface,
only the first instance of struct hostapd_vlan for this vlanid will have
the DVLAN_CLEAN_VLAN flag added. Thus, when this instance is removed,
the tagged vlan interface will be removed from bridge, thought other bss
might still need it. Similarily, the bridge will be left over, as the
does not have zero ports when the first instance of a struct
hostapd_vlan is freed.

This patch fixes this by having a global (per process) reference counter
for dynamic tagged vlan and dynamically created bridge interfaces, so
they are only removed after all local users are freed. (struct
hapd_interfaces *)->vlan_priv is used to hold src/ap/vlan_init.c global
per-process data like drv_priv does; right now this is only used for the
interface reference counting, but could get extended when needed. Then
possibly some vlan_global_init / vlan_global_deinit should be added, but
this is not required right now.

Additionally, vlan->configured is checked to avoid reference counter
decreasing before vlan_newlink increased them.

In order to avoid race conditions, vlan_dellink is called explicitly
after hostapd_vlan_if_remove. Otherwise there would be a short timeframe
between hostapd_vlan_if_remove and vlan_dellink during which the struct
hostapd_vlan still exists, so ap_sta_bind_vlan would try to attach
stations to it.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-06-14 13:33:07 +03:00
Amr BEN ABDESSALEM
0c9fb14ec4 P2P: Add Operating class 125 for P2P supported channels
Add operating class 125 (channels 149..169) to the list of P2P supported
channels. This allows the 5 GHz channels 161 and 169 to be used for P2P
GO when those channels are allowed for AP mode in the current regulatory
domain.

Signed-off-by: Amr BEN ABDESSALEM <amrx.ben.abdessalem@intel.com>
2015-06-12 20:39:49 +03:00
Jouni Malinen
995a3a06f4 Document the wpa_msg_cb "global" parameter
Instead of an int variable with magic values 0, 1, 2, use an enum that
gives clearer meaning to the values now that the original boolean type
global argument is not really a boolean anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-10 16:02:00 +03:00
Jouni Malinen
e19c1d2cc7 Fix pairwise cipher suite bitfields to the driver in mixed mode
Commit 95b6bca66d ('Add rsn_pairwise bits
to set_ieee8021x() driver_ops') modified cipher configuration to use
unconditionally wpa_pairwise | rsn_pairwise. While that works for many
cases, it does not handle the case of dynamic configuration changes over
the control interface where wpa_pairwise or rsn_pairwise values may not
get cleared when the wpa parameter is modified. Fix this inconsistency
by configuring the driver with only the bits that are valid for the
currently enabled WPA/WPA2 version(s).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-10 13:49:59 +03:00
Jouni Malinen
c5ee4dd9d9 Fix spelling of initialize in a comment and an error message
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-10 12:02:46 +03:00
MAYANK HAARIT
aa2b12562b P2P: Add GO Intent of connecting device in GO Negotiation Request event
Add GO Intent information of connecting device in GO Negotiation Request
event which will help applications to decide its own GO intent value in
advance and can avoid failure cases when both devices use GO Intent 15
depending on application requirement.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2015-06-06 18:16:39 +03:00
Alan T. DeKok
f13e815491 Set Acct-Session-Id from os_get_random() instead of os_get_time()
So that systems with bad clocks will send random session IDs,
instead of always ones starting at the same second.

If os_get_random() isn't available, use os_get_time(). But also
mix in now.tv_usec, so that the accounting session ID is more
likely to be globally and temporally unique.

Signed-off-by: Alan DeKok <aland@freeradius.org>
2015-06-06 17:23:43 +03:00
MAYANK HAARIT
92f190a0ac OpenSSL: Fix build iwth OpenSSL 0.9.8
The OPENSSL_VERSION_NUMBER < 0x00909000L case of
openssl_get_keyblock_size() had not been kept in sync with the cleanup
changes.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2015-06-06 17:15:47 +03:00
Jouni Malinen
0980c7face hostapd: Make sure band selection does not result in NULL dereference
Explicitly check for iface->current_mode before dereferencing it. While
this case may not happen in practice, it is better for the setup
functions to be more careful when doing the initial band selection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-02 20:06:49 +03:00
Peng Xu
3784c0589e Extend hw_mode to support any band for offloaded ACS case
When device supports dual band operations with offloaded ACS, hw_mode
can now be set to any band (hw_mode=any) in order to allow ACS to select
the best channel from any band. After a channel is selected, the hw_mode
is updated for hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-05-27 12:17:57 +03:00
Jouni Malinen
ca24117a5a EAP-EKE: Add Session-Id
While RFC 6124 does not define how Session-Id is constructed for
EAP-EKE, there seems to be consensus among the authors on the
construction. Use this Type | Nonce_P | Nonce_S construction based on
the following email:

 From: Yaron Sheffer <yaronf.ietf at gmail.com>
 To: ietf at ietf.org
 Date: Wed, 17 Nov 2010 13:13:42 +0200

Expanding on my previous response, I suggest to resolve Bernard's
concern by adding the following text:

5.6 EAP Key Generation

EAP-EKE can be used for EAP key generation, as defined by [RFC 5247].
When used in this manner, the values required to establish the key
hierarchy are defined as follows:

- Peer-Id is the EAP-EKE ID_P value.
- Server-Id is the EAP-EKE ID_S value.
- Session-Id is the concatenated Type | Nonce_P | Nonce_S, where Type is
  the method type defined for EAP-EKE in [Sec. 4.1], a single octet.

Thanks,
	Yaron

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 11:58:45 +03:00
Srinivasa Duvvuri
567098ec74 ACS: Scan only channels specified in the channel list
The ACS code part of hostapd scans all the channels even if the channel
list is specified in the hostapd.conf. Limit the ACS scan channels to
the list specified in the config file.

Signed-off-by: Srinivasa Duvvuri<sduvvuri@chromium.org>
2015-05-24 10:38:27 +03:00
Ilan Peer
9b05135aa4 P2P: Fix association with an AP/P2P GO that is not a P2P manager
Do not add a P2P IE when a station interface is trying to associate
to an AP or P2P GO that publishes a P2P IE but does not include
a P2P manageability attribute.

This addresses an interoperability issue that was reported in
https://bugzilla.kernel.org/show_bug.cgi?id=96471, where a P2P GO
rejects association from a station interface without a specified
reason.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-05-07 21:00:22 +03:00
Matthias May
8884ce03bc hostapd: check validity of cwMin/cwMax values
Signed-off-by: Matthias May <matthias.may@neratec.com>
2015-05-07 20:57:32 +03:00
Michael Braun
9649b5342d vlan: Print libnl error message on vlan_add / vlan_del
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-05-07 20:54:26 +03:00
Sunil Dutt
279724d835 Add QCA vendor subcmd for Link Property Query
Link Property query vendor command shall facilitate the information
of the Wi-Fi link. MAC address of the Wi-Fi peer is given as an input
for querying the link properties.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-05-07 18:53:23 +03:00
Jouni Malinen
58606fd987 EAP-pwd server: Make sure in_frag_pos is cleared to zero on allocation
The cleanup code will handle this, but it is more robust to make sure
this is cleared to zero when allocating a new buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
6aa5d95dab EAP-pwd peer: Make sure in_frag_pos is cleared to zero on allocation
The cleanup code will handle this, but it is more robust to make sure
this is cleared to zero when allocating a new buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
28a069a545 EAP-pwd peer: Fix asymmetric fragmentation behavior
The L (Length) and M (More) flags needs to be cleared before deciding
whether the locally generated response requires fragmentation. This
fixes an issue where these flags from the server could have been invalid
for the following message. In some cases, this could have resulted in
triggering the wpabuf security check that would terminate the process
due to invalid buffer allocation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
3035cc2894 EAP-pwd server: Fix Total-Length parsing for fragment reassembly
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.

In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
477c74395a EAP-pwd peer: Fix Total-Length parsing for fragment reassembly
The remaining number of bytes in the message could be smaller than the
Total-Length field size, so the length needs to be explicitly checked
prior to reading the field and decrementing the len variable. This could
have resulted in the remaining length becoming negative and interpreted
as a huge positive integer.

In addition, check that there is no already started fragment in progress
before allocating a new buffer for reassembling fragments. This avoid a
potential memory leak when processing invalid message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
e28a58be26 EAP-pwd server: Fix payload length validation for Commit and Confirm
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.

Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
dd2f043c9c EAP-pwd peer: Fix payload length validation for Commit and Confirm
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.

Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
ef566a4d4f AP WMM: Fix integer underflow in WMM Action frame parser
The length of the WMM Action frame was not properly validated and the
length of the information elements (int left) could end up being
negative. This would result in reading significantly past the stack
buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
so, resulting in segmentation fault.

This can result in an invalid frame being used for a denial of service
attack (hostapd process killed) against an AP with a driver that uses
hostapd for management frame processing (e.g., all mac80211-based
drivers).

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
8640cf7f8f WPS: Add more debug prints to httpread
These can be helpful when debugging HTTP error cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
1bd0d578a9 WPS: Replace the httpread_debug design with standard debug prints
The debug information from httpread can be helpful in figuring out error
cases in general and as such, should be enabled by default. Get rid of
the hardcoded httpread_debug value that would require source code
changes to enable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
7da4f4b499 WPS: Check maximum HTTP body length earlier in the process
There is no need to continue processing a HTTP body when it becomes
clear that the end result would be over the maximum length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
af185d0b57 WPS: Extra validation step for HTTP reader
Verify that ncopy parameter to memcpy is not negative. While this is not
supposed to be needed, it is a good additional protection against
unknown implementation issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Jouni Malinen
5acd23f458 WPS: Fix HTTP chunked transfer encoding parser
strtoul() return value may end up overflowing the int h->chunk_size and
resulting in a negative value to be stored as the chunk_size. This could
result in the following memcpy operation using a very large length
argument which would result in a buffer overflow and segmentation fault.

This could have been used to cause a denial service by any device that
has been authorized for network access (either wireless or wired). This
would affect both the WPS UPnP functionality in a WPS AP (hostapd with
upnp_iface parameter set in the configuration) and WPS ER
(wpa_supplicant with WPS_ER_START control interface command used).

Validate the parsed chunk length value to avoid this. In addition to
rejecting negative values, we can also reject chunk size that would be
larger than the maximum configured body length.

Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 18:26:50 +03:00
Maks Naumov
74d912f134 libtommath: Fix check mp_init_multi() result
If the mp_init_multi() call had failed due to memory allocation failure,
mp_div() would have returned 1 instead of MP_MEM (-2). It looks like all
callers are checking the return value against MP_OKAY instead of <1
(etc.), so this does not seem to result in difference in behavior.
Anyway, it's best to fix the mp_div() return value for the MP_MEM error
case to avoid unexpected behavior.

Signed-off-by: Maks Naumov <maksqwe1@ukr.net>
2015-05-03 16:53:59 +03:00
Jouni Malinen
fd66aa63f4 Check Public Action length explicitly before reading Action Code
In theory, the previous version could have resulted in reading one byte
beyond the end of the management frame RX buffer if the local driver
were to deliver a truncated Public Action frame for processing. In
practice, this did not seem to happen with mac80211-based drivers and
even if it were, the extra octet would be an uninitialized value in a
buffer rather than read beyond the end of the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:33:08 +03:00
Jouni Malinen
ff4a6d4382 EAP-SIM/AKA: Explicitly check for header to include Reserved field
This was previously checked as part of the eap_sim_parse_attr()
processing, but it is easier to review the code if there is an
additional explicit check for confirming that the Reserved field is
present since the pos variable is advanced beyond it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:33:03 +03:00
Jouni Malinen
f5ed40010c EAP-SAKE: Make attribute parser more readable
Clean up eap_sake_parse_add_attr() design by passing in pointer to the
payload of the attribute instead of parsing these separately for each
attribute within the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:50 +03:00
Jouni Malinen
0dfb7be470 EAP-SAKE: Pass EAP identifier instead of full request
This simplifies analysis of areas that get access to unverified message
payload.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:46 +03:00
Jouni Malinen
354e3f7959 TLS: Fix debug dump of X.509 certificate
The length of the extra data following the encoded certificate was
printed out in debug hexdump.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:40 +03:00
Jouni Malinen
87fcb5a735 EAP-PAX: Fix PAX_STD-1 and PAX_STD-3 payload length validation
The req_plen argument to eap_pax_process_std_1() and
eap_pax_process_std_3() could be smaller than sizeof(struct eap_pax_hdr)
since the main processing function was only verifying that there is
enough room for the ICV and then removed ICV length from the remaining
payload length.

In theory, this could have resulted in the size_t left parameter being
set to a negative value that would be interpreted as a huge positive
integer. That could then result in a small buffer read overflow and
process termination if MSGDUMP debug verbosity was in use.

In practice, it does not seem to be feasible to construct a short
message that would be able to pass the ICV validation (calculated using
HMAC-SHA1-128) even for the case where an empty password is used.
Anyway, the implementation should really check the length explicitly
instead of depending on implicit check through ICV validation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:36 +03:00
Jouni Malinen
c3c5615ee0 EAP-GPSK: Pass EAP identifier instead of full request
This simplifies analysis of areas that get access to unverified message
payload.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:28 +03:00
Jouni Malinen
d36c803c69 EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf
The EAP-TLS-based helper functions can easily use struct wpabuf in more
places, so continue cleanup in that direction by replacing separate
pointer and length arguments with a single struct wpabuf argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:23 +03:00
Jouni Malinen
8d9f3b8ed6 EAP-FAST: Do not use type cast to remove const specification
All the uses here are read only, so there is no need to type case the
const specification away.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:19 +03:00
Jouni Malinen
07f9034d14 EAP-FAST: Pass EAP identifier instead of full request
This simplifies analysis of areas that get access to unverified message
payload.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:10 +03:00
Jouni Malinen
f153e41bb2 EAP-EKE: Do not pass full request to eap_eke_build_fail()
This function is only using the Identifier field from the EAP request
header, so there is no need to pass it a pointer to the full message.
This makes it a bit easier to analyze the area that gets access to
unverified message payload.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:32:05 +03:00
Jouni Malinen
53f376c103 Fix a typo in function documentation
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-03 16:31:59 +03:00
Jouni Malinen
dea0d8ee29 RADIUS: Fix a copy-paste error in variable name
MS-MPPE-Recv-Key generation in radius_msg_add_mppe_keys() used incorrect
function argument (send_key_len; should be recv_key_len) when allocating
a temporary buffer. Fix this by using the correct argument.

The only caller of the function uses the same length for both
send_key_len and recv_key_len, so this copy-paste error did not result
in any difference in the behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-29 12:08:27 +03:00
Hamad Kadmany
01a025937c WPS: Add support for 60 GHz band
Handling of WPS RF band for 60 GHz was missing. Add it in all relevant
places and also map "AES" as the cipher to GCMP instead of CCMP when
operating on the 60 GHz band.

Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
2015-04-28 00:22:16 +03:00
Jouni Malinen
346517674a nl80211: Verify that cipher suite conversion succeeds
It was possible for the WPA_ALG_PMK algorithm in set_key() to result in
trying to configure a key with cipher suite 0. While this results in a
failure from cfg80211 or driver, this is not really desirable operation,
so add a check for cipher suite conversion result before issuing the
nl80211 command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-27 16:49:06 +03:00