Commit graph

14902 commits

Author SHA1 Message Date
Jouni Malinen
be609c6fc6 SAE: Fix commit message override with external authentication
Do not add duplicate Transaction Sequence and Status Code fields when
using test functionality to override SAE commit message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-01 13:28:26 +03:00
Jouni Malinen
d08ef5798d tests: sigma_dut controlled AP with PSK, SAE, FT
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-01 13:28:26 +03:00
Jouni Malinen
9af1eea37a Prefer FT-SAE over FT-PSK if both are enabled
FT-SAE is considered stronger than FT-PSK, so prefer it over FT-PSK
similarly to how SAE is preferred over WPA-PSK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 03:27:35 +02:00
Jouni Malinen
853bd19f22 Add more debug prints on suite selector selection
This makes it a bit easier to figure out why wpa_supplicant selects a
specific cipher/AKM for association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 02:58:00 +02:00
Jouni Malinen
659f7954f4 tests: WPA2-EAP-FT with SHA384 using REASSOCIATE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 01:57:10 +02:00
Jouni Malinen
6d77014e71 Suite B: Prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192
If both of these AKMs are enabled in the wpa_supplicant network profile
and the target AP advertises support for both, prefer the FT version
over the non-FT version to allow FT to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-28 01:57:10 +02:00
Jouni Malinen
1211031a60 tests: WPA2-FT-SAE AP and PMKSA caching for initial MD association
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:04:16 +02:00
Jouni Malinen
ab3aebcce5 SAE: Fix PMKSA cache entry search for FT-SAE case
Previously, PMKSA cache entries were search for AKM=SAE and that did not
find an entry that was created with FT-SAE when trying to use FT-SAE
again. That resulted in having to use full SAE authentication instead of
the faster PMKSA caching alternative.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:03:12 +02:00
Jouni Malinen
253ce212ee Add AKM info in the debug message noting PMKSA caching entry addition
This is useful for debugging issues where an expected PMKSA cache entry
is not found.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:02:19 +02:00
vamsi krishna
6fe3f0f798 FT-SAE: Use PMK as XXKey in AP when SAE PMKSA caching is used
When connected using FT-SAE key mgmt, use PMK from PMKSA cache as XXKey
for PMK-R0 and PMK-R1 derivations. This fixes an issue where FT key
hierarchy could not be established due to missing (not yet configured)
XXKey when using SAE PMKSA caching for the initial mobility domain
association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 04:01:26 +02:00
vamsi krishna
bcf1900058 FT-SAE: Enable external auth support for FT-SAE also
Extend the external authentication support to FT-SAE mode connections
also in addition to SAE mode connections.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 03:18:13 +02:00
Jouni Malinen
6d14b98fc6 nl80211: Do not add WMM parameters when updating an existing STA entry
In the case of the driver not supporting full AP mode STA state (i.e.,
not adding a STA entry before association), the QoS parameters are not
allowed to be modified when going through (re)association exchange for a
STA entry that has not been removed from the kernel. cfg80211 would
reject such command to update STA flags, so do not add the WMM parameter
in this case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 03:14:02 +02:00
Jouni Malinen
2ffd8076de FT/RRB: Pad RRB messages to at least minimum Ethernet frame length
Ethernet frames have minimum length of 64 octets and shorter frames may
end up getting arbitrary padding in the end. This would result in the
FT/RRB receiver rejecting the frame as an incorrectly protected one.
Work around this by padding the message so that it is never shorter than
the minimum Ethernet frame.

Unfortunately, this padding is apparently not enough with all Ethernet
devices and it is still possible to see extra two octet padding at the
end of the message even if larger frames are used (e.g., showed up with
128 byte frames). For now, work around this by trying to do AES-SIV
decryption with two octets shorter frame (ignore last two octets) if the
first attempt fails.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
555c93e2d8 FT/RRB: Add more debug prints for RRB message encryption/decryptiom
This is needed to make it easier to understand what could be going wrong
in RRB communication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
43f68853ab tests: sigma_dut controlled SAE association with Password Identifier/FT
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
cdf5391013 tests: SAE + FT-SAE configuration
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
76fd782abe SAE: Reorder SAE and FT-SAE AKM selection to prefer the FT option
If a network profile has both SAE and FT-SAE enabled, SAE was previously
picked (and used incorrectly as explained in the previous commit). This
is not ideal since use of FT protocol can speed up roaming within in
mobility domain. Reorder this checks so that FT-SAE is preferred over
SAE if both are enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
322d328e71 FT: Fix SAE + FT-SAE behavior in association parameter selection
Do not try to initialize FT reassociation if the selected AKM is for SAE
instead of FT-SAE when both of these are enabled in a network profile.
This fixes an issue with MDE being included in an (Re)Association
Request frame even when using a non-FT AKM (which is something that
results in hostapd rejecting the association).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
1b232c1b96 tests: sigma_dut and SAE Password Identifier
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-26 22:50:17 +02:00
Jouni Malinen
5be5b81678 tests: dpp_bootstrap_gen_failures to match implementation changes
The separate dpp_bootstrap_gen() functions were merged into a single
one, so the test case needs a matching change to avoid failures.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-24 17:29:45 +02:00
Jouni Malinen
87d8435cf9 DPP: Common configurator/bootstrapping data management
Merge the practically copy-pasted implementations in wpa_supplicant and
hostapd into a single shared implementation in dpp.c for managing
configurator and boostrapping information. This avoid unnecessary code
duplication and provides a convenient location for adding new global DPP
data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-24 17:29:45 +02:00
Jouni Malinen
74cb18c6b0 tests: sigma_dut sta_scan GetParameter,SSID_BSSID
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-23 12:50:46 +02:00
Jouni Malinen
08dc8efd29 Fix memcpy regression in PMK handling
The memcpy calls added for exposing the PMK from wpa_auth module could
end up trying to copy the same memory buffer on top of itself.
Overlapping memory areas are not allowed with memcpy, so this could
result in undefined behavior. Fix this by making the copies conditional
on the updated value actually coming from somewhere else.

Fixes: b08c9ad0c7 ("AP: Expose PMK outside of wpa_auth module")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-23 12:44:42 +02:00
Jouni Malinen
130444738b FILS: Fix KEK2 derivation for FILS+FT
The offset update for copying KEK2 from the extended PTK was overriding
the offset instead of incrementing it (a likely copy-paste error from
the first offset assignment based on KCK). This resulted in KEK2 being
set to incorrect segment of PTK. Fix this by updating the offset
properly so that KEK2 is copied from the correct place at the end of the
PTK.

Fixes: 2f37387812 ("FILS: Add more complete support for FT-FILS use cases")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-20 22:26:56 +02:00
Jouni Malinen
bf84e78cbc OpenSSL: Fix build with current BoringSSL
SSL_use_certificate_chain_file() is not available in the current
BoringSSL even though the defined OPENSSL_VERSION_NUMBER is large enough
to claim that this function would be present in the OpenSSL API.

Fall back to using SSL_use_certificate_file() with BoringSSL to fix the
build.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-19 18:24:09 +02:00
Jouni Malinen
7f1eeda2df tests: Reset sae_groups in sigma_dut_dpp_qr_init_enrollee_sae
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 19:00:06 +02:00
Jouni Malinen
f9bac0f6b3 tests: Remove unnecessary dump_monitor() calls from end of test cases
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
e105110f40 tests: Use a helper function for DPP_CONFIGURATOR_ADD/REMOVE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
5725b3e355 tests: Use a helper function for DPP_AUTH_INIT
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
b750dde64d OWE: Move Association Response frame IE addition to appropriate place
This code was after the FILS handling that would have encrypted the
frame. While FILS and OWE are never used together, the OWE handling
should really be before the FILS handling since no IEs can be added
after the FILS encryption step. In addition, the Diffie-Hellman
Parameter element is not a Vendor Specific element, so it should be
before some of the Vendor Specific elements even though it is not
defined in IEEE 802.11.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
84438350ae tests: DPP AP+STA provisioning and connection with Brainpool curves
Increase testing coverage by going through all six possible curves with
full provisioning of AP and STA and connection (which includes PFS with
DPP2).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
10ec6a5f38 DPP2: PFS for PTK derivation
Use Diffie-Hellman key exchange to derivate additional material for
PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element
(defined in OWE RFC 8110) is used in association frames to exchange the
DH public keys. For backwards compatibility, ignore missing
request/response DH parameter and fall back to no PFS in such cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 18:32:31 +02:00
Jouni Malinen
ecacd9ccd4 DPP2: Extend wpa_pmk_to_ptk() to support extra Z.x component in context
DPP allows Diffie-Hellman exchange to be used for PFS in PTK derivation.
This requires an additional Z.x (x coordinate of the DH shared secret)
to be passed to wpa_pmk_to_ptk(). This commit adds that to the function
and updates all the callers to pass NULL,0 for that part in preparation
of the DPP specific changes to start using this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 01:31:31 +02:00
Jouni Malinen
16a4e931f0 OWE: Allow Diffie-Hellman Parameter element to be included with DPP
The previous OWE implementation on the AP side rejected any
(Re)Association Request frame with the Diffie-Hellman Parameter element
if AKM was not OWE. This breaks compatibility with DPP PFS, so relax
that rule to allow DPP AKM to be used as well. While this commit alone
does not add support for PFS, this allows interoperability between
non-PFS implementation on the AP and a newer PFS implementation on the
STA.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 00:27:11 +02:00
Jouni Malinen
e71a90711d tests: Fix mesh_sae_groups_invalid to reset sae_groups setting
This test case did not clear a possibly modified sae_groups value from a
prior test case for adev[2] and could fail if the previously set group
was not supported by the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-18 00:02:16 +02:00
Jouni Malinen
96ad141e6c tests: Fix WPS with SAE test cases to reset sae_groups setting
These test cases did not clear a possibly modified sae_groups value from
a prior test case and could fail if the previously set group was not
supported by the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-18 00:02:11 +02:00
Jouni Malinen
95ace8670b tests: Fix ap_mixed_security to reset sae_groups setting
This test case did not clear a possibly modified sae_groups value from a
prior test case and could fail if the previously set group was not
supported by the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-18 00:02:08 +02:00
Jouni Malinen
296670aa94 tests: ap_mixed_security to use SAE capability from the correct station
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 21:38:34 +02:00
Jouni Malinen
203878d797 tests: Helper function for checking DPP-FAIL reporting
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 20:58:44 +02:00
Jouni Malinen
6d196e5928 tests: Helper functions for DPP PKEX initiator and responder
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 20:57:58 +02:00
Jouni Malinen
517f76b158 tests: DPP use the wait_auth_success() helper function
Use the already existing helper function and extend it to cover the most
common test sequences.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 19:17:31 +02:00
Jouni Malinen
7e0091007c tests: Use helper function for DPP_LISTEN commands
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 18:19:58 +02:00
Jouni Malinen
e01a492caa tests: Helper function for DISCONNECT + ABORT_SCAN + wait
Use a helper function to perform this common sequence to disconnect and
stop any possibly started reconnection attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 17:58:33 +02:00
Jouni Malinen
2b4263d06f tests: Handle scan result clearing more carefully in ap_country
If the ABORT_SCAN command succeeds, CTRL-EVENT-SCAN-RESULTS event is
delivered for the aborted scan. Following this with an immediate
flush_scan_cache() call can result in the first scan interpreting that
pending event as the completion and that results in trying to start
another scan while the first scan is still in progress.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 17:40:39 +02:00
Jouni Malinen
09bdbc6ed9 tests: Remove group at the end of p2p_ext_vendor_elem_invitation
This is needed to avoid leaving behind a ROC operation at the end of the
test case. This was found with the following test sequence:
p2p_ext_vendor_elem_invitation wifi_display_r2

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 17:06:04 +02:00
Jouni Malinen
421d658a67 tests: Fix ECDSA signature generation
Parsing of the DER encoded signature was unable to handle results that
were shorter than the prime. These need to be zero padded from left to
generate the correct value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 16:53:05 +02:00
Jouni Malinen
3a88b7e6e9 tests: Split event wait in grpform_cred_ready_timeout
The long wait for the monitor socket events resulted in another socket
running out of TX buffer space. Split the wait into smaller segments and
clear the other socket in each iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 16:08:53 +02:00
Jouni Malinen
e4b4e1748a tests: Clear monitor socket queue in ap_hs20_interworking_oom
Do not leave all the event messages pending in the socket queue for the
full duration of the test case to avoid hitting the TX socket queue
limit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 16:08:31 +02:00
Jouni Malinen
b21540e682 tests: Close wpa_supplicant control interface more robustly
Some of the test cases left behind attached control interface monitor
sockets that could result in hitting the wpa_supplicant socket TX queue
limit. Try to be a bit more careful about detaching and closing the
sockets to avoid this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 16:08:30 +02:00
Jouni Malinen
4d916a7f3e tests: Fix dump_monitor() without monitor attached
Do not try to dump pending event messages if the monitor socket has not
been attached.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-17 12:22:23 +02:00