Commit graph

10805 commits

Author SHA1 Message Date
Jouni Malinen
24a5e528ce WPS: Remove duplicated isgraph() loop in HTTP header parsing
The hbp pointer is moved to the next space already earlier in this code
path, so the while loop here did not really do anything.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-28 23:59:28 +03:00
Jouni Malinen
f79a19746a WPS: Merge common error paths in HTTP server
There is no need to maintain three separate "goto fail" cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-28 20:33:22 +03:00
Jouni Malinen
96ace55e6c tests: cfg80211 connect command to trigger roam
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-28 19:01:47 +03:00
Jouni Malinen
bb119228b0 Remove unnecessary enum typedef from wpa_auth_sm_event()
This is more consistent with the expected coding style.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-28 16:34:38 +03:00
Jouni Malinen
43f49c3788 EAPOL auth: Avoid recursive wpa_sm_step() on WPA_DEAUTH case
It was possible for wpa_auth_sm_event(WPA_DEAUTH) to be called from
wpa_sm_step() iteration in the case the EAPOL authenticator state
machine ended up requesting the station to be disconnected. This
resulted in unnecessary recursive call to wpa_sm_step(). Avoid this by
using the already running call to process the state change.

It was possible to hit this sequence in the hwsim test case
ap_wpa2_eap_eke_server_oom.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-28 16:32:14 +03:00
Jouni Malinen
dee2020243 EAPOL auth: clear keyRun in AUTH_PAE INITIALIZE
Clearing keyRun here is not specified in IEEE Std 802.1X-2004, but it
looks like this would be logical thing to do here since the EAPOL-Key
exchange is not possible in this state. It is possible to get here on
disconnection event without advancing to the AUTHENTICATING state to
clear keyRun before the IEEE 802.11 RSN authenticator state machine runs
and that may advance from AUTHENTICATION2 to INITPMK if keyRun = TRUE
has been left from the last association. This can be avoided by clearing
keyRun here.

It was possible to hit this corner case in the hwsim test case
ap_wpa2_eap_eke_server_oom in the case getKey operation was forced to
fail memory allocation. The following association resulted in the
station getting disconnected when entering INITPMK without going through
EAP authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-28 16:30:06 +03:00
Jouni Malinen
f429ec443f nl80211: Use nla_put_nested() to set NL80211_ATTR_MAC_ADDRS
This allows an empty nested list (i.e., no MAC addresses) to be included
in the NL80211_CMD_SET_MAC_ACL message unlike with
nla_nest_start()/nla_nest_end() where the current libnl implementation
removes the "empty" attribute and causes cfg80211 to reject the command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-28 12:49:17 +03:00
MAYANK HAARIT
80bb38742c dbus: Fix a typo in function comment
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
2015-08-28 00:23:23 +03:00
Purushottam Kushwaha
658665551c P2PS: Remove redundant check in for loop
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2015-08-28 00:22:49 +03:00
Jouni Malinen
5a233fbdf0 tests: Regression test for D-Bus setting scan_freq and freq_list
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-28 00:20:30 +03:00
Jiří Klimeš
98da137545 dbus: Do not quote scan_freq and freq_list in dbus_old_handlers.c
scan_freq and freq_list are not parsed correctly by
wpa_config_parse_int_array() if quoted.

Patch for dbus_old_handlers.c, the same change as done by Robert Shade
<robert.shade@gmail.com> for dbus_new_handlers.c in commit
99276998fa ('dbus: Do not quote scan_freq
and freq_list').

Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
2015-08-28 00:13:26 +03:00
Jouni Malinen
d9c807cab1 Fix key derivation for Suite B 192-bit AKM to use SHA384
While the EAPOL-Key MIC derivation was already changed from SHA256 to
SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly.
Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK
from PMK when using the Suite B 192-bit AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-27 20:42:14 +03:00
Mitchell Wills
a218e1ded4 Make sure configuration is saved to storage device
Config file is written to a temp file and then it is renamed to the
original config file. However, it is possible that the rename operation
will be commited to storage while file data will be still in cache
causing original config file to be empty or partially written in case of
a system reboot without a clean shutdown. Make this less likely to occur
by forcing the data to be written to the storage device before renaming
the file.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-08-27 18:06:05 +03:00
Jouni Malinen
6aaa661af1 tests: More WPS ER coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-26 21:09:37 +03:00
Jouni Malinen
2313e6c96b tests: BSS entry expiration when AP changes SSID
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-26 16:46:28 +03:00
Jingxiang Ge
3008d0a6b8 Do not mark BSS entry in use if SSID has changed
This allows a BSS entry to be expired if the AP has changed its SSID
while maintaining the same BSSID and we are associated with the BSS.
Previously, the same BSSID was enough to mark all BSS entries from the
BSSID as in use regardless of the SSID and as such, they could remain in
the wpa_supplicant BSS table indefinitely as long as the association
remaining.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-26 16:46:28 +03:00
Jouni Malinen
2ce741fe0f WPS: Fix HTTP body length check
Commit 7da4f4b499 ('WPS: Check maximum
HTTP body length earlier in the process') added too strict check for
body length allocation. The comparison of new_alloc_nbytes against
h->max_bytes did not take into account that HTTPREAD_BODYBUF_DELTA was
added to previous allocation even if that ended up going beyond
h->max_bytes. This ended up rejecting some valid HTTP operations, e.g.,
when checking AP response to WPS ER setting selected registrar.

Fix this by taking HTTPREAD_BODYBUF_DELTA into account.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-25 00:17:00 +03:00
Jouni Malinen
20f331b707 OpenSSL: Write PKCS#12 extra cert errors into debug log
Commit de2a7b796d ('OpenSSL: Use
connection certificate chain with PKCS#12 extra certs') added a new
mechanism for doing this with OpenSSL 1.0.2 and newer. However, it did
not poinr out anything in debug log if SSL_add1_chain_cert() failed. Add
such a debug print and also silence static analyzer warning on res being
stored without being read (since the error case is ignored at least for
now).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 19:36:34 +03:00
Johannes Berg
c5e44b5917 tests: Catch RTNL assertions in the kernel check
Catch RTNL assertions made by ASSERT_RTNL() in the kernel message
checks.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-08-24 19:28:12 +03:00
Jouni Malinen
f9dd43eac2 tests: EAP-TLS/TTLS/PEAP session resumption
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 19:28:12 +03:00
Jouni Malinen
acf36f319f OpenSSL: Enable support for server side TLS session resumption
This allows TLS-based EAP server methods to use session resumption.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 18:01:40 +03:00
Jouni Malinen
7f417feaa1 EAP-TLS server: Add support for session resumption
This allows TLS session resumption to be used to enable abbreviated
handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 18:01:40 +03:00
Jouni Malinen
b6f2ae3b5b EAP-TTLS server: Add support for session resumption
This allows TLS session resumption to be used to enable abbreviated
handshake and skipping of Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 18:01:40 +03:00
Jouni Malinen
8bb5b875d1 EAP-PEAP server: Add support for session resumption
This allows TLS session resumption to be used to enable abbreviated
handshake and skipping of Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 18:01:40 +03:00
Jouni Malinen
e23e35e39a EAP server: Set per-EAP method session context
This can be used to limit TLS session resumption within a TLS library
implementation to apply only for the cases where the same EAP method is
used. While the EAP server method matching will be enforced separately
by EAP server method implementations, this additional steps can optimize
cases by falling back to full authentication instead of having to reject
attempts after having completed session resumption successfully.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:30 +03:00
Jouni Malinen
b3b8085ae8 TLS: Add functions for managing cached session state
The new tls_connection_set_success_data(),
tls_connection_set_success_data_resumed(),
tls_connection_get_success_data(), and tls_connection_remove_session()
functions can be used to mark cached sessions valid and to remove
invalid cached sessions. This commit is only adding empty functions. The
actual functionality will be implemented in followup commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:30 +03:00
Jouni Malinen
681e199dfb EAP server: Add tls_session_lifetime configuration
This new hostapd configuration parameter can be used to enable TLS
session resumption. This commit adds the configuration parameter through
the configuration system and RADIUS/EAPOL/EAP server components. The
actual changes to enable session caching will be addressed in followup
commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:30 +03:00
Jouni Malinen
3f1b792fbe EAP server: Disable TLS session ticket with EAP-TLS/TTLS/PEAP
The EAP server is not yet capable of using TLS session ticket to resume
a session. Explicitly disable use of TLS session ticket with
EAP-TLS/TTLS/PEAP to avoid wasting resources on generating a session
ticket that cannot be used for anything.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:30 +03:00
Jouni Malinen
93bc654996 OpenSSL: Allow server connection parameters to be configured
This extends OpenSSL version of tls_connection_set_verify() to support
the new flags argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:29 +03:00
Jouni Malinen
bfbebd2665 TLS: Add new arguments to tls_connection_set_verify()
The new flags and session_ctx arguments will be used in followup
commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:29 +03:00
Jouni Malinen
bd9b8b2b68 OpenSSL: Add wrapper struct for tls_init() result
This new struct tls_data is needed to store per-tls_init() information
in the followup commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:25 +03:00
Jouni Malinen
137b293963 Remove unnecessary NULL check from LOG_LEVEL handler
cmd cannot be NULL here, so there is no need to check it before calling
os_strlen().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-22 00:22:12 +03:00
Jouni Malinen
941cd3ec70 P2P: Request fresh scan results after GO Negotiation
The P2P group is not yet operating when going through GO Negotiation
exchange. Previously, an old cached scan result could be used to skip
the scan immediately after the GO Negotiation. While this is quite
unlikely to happen in practice, we can easily force a scan here now with
the generic scan_min_time mechanism. Do that to avoid any corner cases
that a previous instance of the group could have if found in cached scan
results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-22 00:22:12 +03:00
Jouni Malinen
dfaf11d648 P2P: Require fresh scan results for persistent group re-invocation
The P2P group is not yet operating when going through invitation
exchange for re-invocation. Previously, an old cached scan result could
be used to skip the scan immediately after the invitation exchange.
While this may result in the fastest possible connection, it does have
some issues with cases where the GO takes some time to start up. It
would also be at least theoretically possible for some of the BSS
parameters to be different, so having a fresh scan result from the new
GO instance may be desired in any case.

Add a mechanism to skip scan results that have been last updated before
a specific point in time and as the first user for this mechanism,
require chan results to be more recent than the invitation message
exchange for the P2P Client role in persistent group re-invocation case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-22 00:22:12 +03:00
Jouni Malinen
8493fe3457 eapol_test: Add an example controller script for RADIUS testing
This new script can be used as an example of load testing for RADIUS
authentication servers. It can control multiple eapol_test processes
over the control interface to run EAP-TLS authentication. As an example,
the following commands would run eight instances of eapol_test
concurrently:

for i in 0 1 2 3 4 5 6 7; do
    ./eapol_test -T /tmp/eapol_test -i $i > eapol_test.log$i &
done

time ./eapol_test.py --ctrl /tmp/eapol_test --num 8 --iter 100
0: PASS 100
1: PASS 100
2: PASS 100
3: PASS 100
4: PASS 100
5: PASS 100
6: PASS 100
7: PASS 100

real	0m0.339s

time ./eapol_test.py --ctrl /tmp/eapol_test --num 8 --iter 100 --no-fast-reauth
0: PASS 100
1: PASS 100
2: PASS 100
3: PASS 100
4: PASS 100
5: PASS 100
6: PASS 100
7: PASS 100

real	0m1.876s

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-22 00:22:09 +03:00
Jouni Malinen
048d084d45 eapol_test: Add a new operation mode for control interface use
The -T<ctrl_iface> command line argument can now be used to start
eapol_test in mode where the configuration file is not needed and the
authentication operations are started through the control interface.
Network profile is also managed through the control interface in this
case. This can be used to provide more control for scripted RADIUS
authentication server testing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-21 00:48:29 +03:00
Jouni Malinen
3b3677b3bc eapol_test: Allow interface name to be specified
The new -i<ifname> command line argument can be used to specify the name
of the interface to use. This is mainly to allow unique control
interface names to be defined without having to use multiple
directories.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-20 23:13:33 +03:00
Jouni Malinen
4c3ae1c0d1 tests: More WPS ER HTTP protocol testing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-19 01:36:48 +03:00
Jouni Malinen
0dae8c9974 tests: Skip TLS OCSP stapling test cases with BoringSSL builds
BoringSSL removed the OpenSSL API used to implement OCSP stapling
support.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 20:21:44 +03:00
Jouni Malinen
87c59a1e5a tests: Allow AES-WRAP-192 test cases to be commented out with BoringSSL
BoringSSL does not support 192-bit AES, so these parts of the
wpa_supplicant module tests would fail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 20:21:44 +03:00
Jouni Malinen
5f2e454790 tests: Allow group 25 to fail in ap_wpa2_eap_pwd_groups with BoringSSL
It looks like NID_X9_62_prime192v1 is not available, so allow that group
to fail without failing the full ap_wpa2_eap_pwd_groups test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 19:52:38 +03:00
Jouni Malinen
db036ed53d tests: Use group 26 instead of 25 in sae_oom_wpas with BoringSSL
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 19:46:56 +03:00
Jouni Malinen
a68d17929b tests: Allow group 25 to fail in sae_groups if running with BoringSSL
It looks like NID_X9_62_prime192v1 is not available, so allow that group
to fail without failing the full sae_groups test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 19:43:23 +03:00
Jouni Malinen
355a5c8ec5 OpenSSL: Reject OCSP-required configuration if no OCSP support
This is needed at least with BoringSSL to avoid accepting OCSP-required
configuration with a TLS library that does not support OCSP stapling.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 02:24:06 +03:00
Jouni Malinen
c07e7b43e9 BoringSSL: Fix PKCS12_parse() segfault when used without password
Unlike OpenSSL PKCS12_parse(), the BoringSSL version seems to require
the password pointer to be non-NULL even if no password is present. Map
passwrd == NULL to passwd = "" to avoid a NULL pointer dereference
within BoringSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 02:06:02 +03:00
Jouni Malinen
a89beee589 OpenSSL: Handshake completion and resumption state into debug log
This new debug log entry makes it more convenient to check how TLS
handshake was completed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:05 +03:00
Jouni Malinen
a7803b0caf BoringSSL: Fix session resumption
BoringSSL commit 533ef7304d9b48aad38805f1997031a0a034d7fe ('Remove
SSL_clear calls in handshake functions.') triggered a regression for
EAP-TLS/TTLS/PEAP session resumption in wpa_supplicant due to the
removed SSL_clear() call in ssl3_connect() going away and wpa_supplicant
not calling SSL_clear() after SSL_shutdown(). Fix this by adding the
SSL_clear() call into wpa_supplicant after SSL_shutdown() when preparing
the ssl instance for another connection.

While OpenSSL is still call SSL_clear() in ssl3_connect(), it looks to
be safe to add this call to wpa_supplicant unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:05 +03:00
Jouni Malinen
0f56057c64 BoringSSL: Make SSL_set_ssl_method() conditional on EAP-FAST
This function does not seem to be available in BoringSSL. Since it is
needed for EAP-FAST (which is not currently working with BoringSSL),
address this by commenting out the EAP-FAST specific step from builds
that do not include EAP-FAST support.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:05 +03:00
Jouni Malinen
226cdea6ca BoringSSL: Comment out SSL_build_cert_chain() call
It looks like BoringSSL does include that function even though it claims
support for OPENSSL_VERSION_NUMBER where this is available (1.0.2). For
now, comment out that call to fix build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:04 +03:00
Jouni Malinen
812f28b79c BoringSSL: Allow internal AES key wrap to be used with "OpenSSL" build
It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key()
API. This broke wpa_supplicant/hostapd build since those functions from
OpenSSL were used to replace the internal AES key wrap implementation.
Add a new build configuration option
(CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal
implementation to be used with CONFIG_OPENSSL=y build to allow build
against the latest BoringSSL version.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:02 +03:00