Commit graph

17183 commits

Author SHA1 Message Date
Ilan Peer
1ca1c3cfee AP: Handle deauthentication frame from PASN station
When a Deauthentication frame is received, clear the corresponding PTKSA
cache entry for the given station, to invalidate previous PTK
information.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:41:02 +02:00
Ilan Peer
166e357e63 AP: Enable anti clogging handling code in PASN builds without SAE
The anti-clogging code was under CONFIG_SAE. Change this so it can be
used both with CONFIG_SAE and CONFIG_PASN.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:58:10 +02:00
Ilan Peer
6fe0d56e88 AP: Rename SAE anti clogging variables and functions
PASN authentication mandates support for comeback flow, which
among others can be used for anti-clogging purposes.

As the SAE support for anti clogging can also be used for PASN,
start modifying the source code so the anti clogging support
can be used for both SAE and PASN.

As a start, rename some variables/functions etc. so that they would not
be SAE specific. The configuration variable is also renamed, but the old
version remains available for backwards compatibility.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:44:24 +02:00
Ilan Peer
b42b6c4d53 tests: Add test coverage for PASN with MIC errors
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:22:23 +02:00
Ilan Peer
b866786338 PASN: For testing purposes allow to corrupt MIC
For testing purposes, add support for corrupting the MIC in PASN
Authentication frames for both wpa_supplicant and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:19:12 +02:00
Ilan Peer
2264a29890 tests: PASN: configure the nid before sending the command
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:15:55 +02:00
Ilan Peer
2efa60344e PASN: Encode the public key properly
When a public key is included in the PASN Parameters element, it should
be encoded using the RFC 5480 conventions, and thus the first octet of
the Ephemeral Public Key field should indicate whether the public key is
compressed and the actual key part starts from the second octet.

Fix the implementation to properly adhere to the convention
requirements for both wpa_supplicant and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 12:31:31 +02:00
Ilan Peer
cd0813763a PASN: Include PMKID in RSNE in PASN response from AP
As defined in IEEE P802.11az/D3.0, 12.12.3.2 for the second PASN frame.
This was previously covered only for the case when the explicit PMKSA
was provided to the helper function. Extend that to cover the PMKID from
SAE/FILS authentication cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 11:45:12 +02:00
Ilan Peer
da3ac98099 PASN: Fix setting frame and data lengths in AP mode PASN response
Frame length and data length can exceed 256 so need to use size_t
instead of u8.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 11:38:51 +02:00
Jouni Malinen
c733664be9 EAP peer: Make EAP-Success handling more robust against race conditions
When ERP initialization was moved from the METHOD state to the SUCCESS
state, the conditions for checking against EAP state being cleared was
missed. The METHOD state verified that sm->m is not NULL while the
SUCCESS state did not have such a check. This opened a window for a race
condition where processing of deauthentication event and EAPOL RX events
could end up delivering an EAP-Success to the EAP peer state machine
after the state had been cleared. This issue has now been worked around
in another manner, but the root cause for this regression should be
fixed as well.

Check that the EAP state machine is properly configured before trying to
initialize ERP in the SUCCESS state.

Fixes: 2a71673e27 ("ERP: Derive ERP key only after successful EAP authentication")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-15 00:45:20 +02:00
Jouni Malinen
19a11f629f tests: Enable HE overrides in wpa_supplicant build
This is needed for the recently added he_disabled_on_sta test case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 19:12:07 +02:00
Jouni Malinen
6e3fed1d98 tests: DPP Authentication Confirm timeout in hostapd
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:52:54 +02:00
Jouni Malinen
72a17937ca DPP: Add init/respond retries parameter configuration to hostapd
These parameters were already defined in struct hostapd_data, but there
was no way of setting them. Add these to hostapd control interface
similarly to the wpa_supplicant implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:51:43 +02:00
Jouni Malinen
f18b5542ad tests: OCV without PMF
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:27:47 +02:00
Jouni Malinen
a288775851 tests: WEP and HE
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:21:47 +02:00
Jouni Malinen
2cc7f6dfe5 tests: HE AP and 6 GHz security parameter validation
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:17:33 +02:00
Jouni Malinen
98ce8ae328 tests: Automatic channel selection for VHT 80+80
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:07:19 +02:00
Jouni Malinen
7d251654db tests: RADIUS Accounting and interim updates failing
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 17:59:52 +02:00
Jouni Malinen
49de30404e tests: Fix ap_wpa2_eap_tls_ocsp_multi_revoked
The index-revoked.txt file had not been updated when the server
certificate was updated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:46:03 +02:00
Jouni Malinen
6ed0c212e4 TLS: Fix highest TLS version disabling with internal TLS client
The highest supported TLS version for pre_master_secret needs to be
limited based on the local configuration for the case where the highest
version number is being explicitly disabled. Without this, the server
would likely detect a downgrade attack.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
9a9b461fee tests: Check SAE capability for couple of forgotten sigma_dut cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
87429fc687 tests: Check DPP capability in couple of forgotten cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
4bfe80f297 tests: Skip ap_cipher_wpa_sae without SAE support
Even though the STA in this test case does not actually use SAE, it
needs to recognize the "SAE H2E only "BSS membership selector.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
577abde952 tests: Fix check_sae_pk_capab() with non-SAE builds
dev.get_capability() returns None in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
57550cb27a DPP2: Use ASN.1 helper functions
Simplify ASN.1 parser operations by using the shared helper functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
626035bec7 TLS: Use ASN.1 helper functions
Simplify ASN.1 parser operations by using the shared helper functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
d4e1d76dbf X509: Use ASN.1 helper functions
Simplify ASN.1 parser operations by using the shared helper functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 12:23:41 +02:00
Jouni Malinen
173e7eedef RSA: Use ASN.1 helper functions
Simplify ASN.1 parser operations by using the shared helper functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 11:37:58 +02:00
Jouni Malinen
72b0217ab1 PKCS: Use ASN.1 helper functions
Simplify ASN.1 parser operations by using the shared helper functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 11:37:58 +02:00
Jouni Malinen
a0541334a6 ASN.1: Validate DigestAlgorithmIdentifier parameters
The supported hash algorithms do not use AlgorithmIdentifier parameters.
However, there are implementations that include NULL parameters in
addition to ones that omit the parameters. Previous implementation did
not check the parameters value at all which supported both these cases,
but did not reject any other unexpected information.

Use strict validation of digest algorithm parameters and reject any
unexpected value when validating a signature. This is needed to prevent
potential forging attacks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 11:37:58 +02:00
Jouni Malinen
94beb8e367 ASN.1: Fix AlgorithmInfo parsing for signatures
Digest is within the DigestInfo SEQUENCE and as such, parsing for it
should use the end of that data instead of the end of the decrypted
signature as the end point. Fix this in the PKCS #1 and X.509
implementations to avoid accepting invalid digest data that is
constructed to get the hash value from after the actual DigestInfo
container.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 11:37:58 +02:00
Jouni Malinen
ee76493bbd ASN.1: Reject invalid definite long form length values in DER encoding
The definite long form for the length is allowed only for cases where
the definite short form cannot be used, i.e., if the length is 128 or
greater. This was not previously enforced and as such, multiple
different encoding options for the same length could have been accepted.

Perform more strict checks to reject invalid cases for the definite long
form for the length. This is needed for a compliant implementation and
this is especially important for the case of verifying DER encoded
signatures to prevent potential forging attacks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 11:37:58 +02:00
Jouni Malinen
3af75f23b0 ASN.1: Reject invalid extended tags in DER encoding
The extended tag case is allowed only for tag values that are 31 or
larger (i.e., the ones that would not fit in the single octet identifier
case with five bits). Extended tag format was previously accepted even
for the values 0..31 and this would enable multiple different encodings
for the same tag value. That is not allowed for DER.

Perform more strict checks to reject invalid extended tag values. This
is needed for a compliant implementation and this is especially
important for the case of verifying DER encoded signatures to prevent
potential forging attacks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 11:37:58 +02:00
Jouni Malinen
d6831a0e93 ASN.1: Explicitly validate constructed bit while parsing DER
The identifier octet in DER encoding includes three components. Only two
of these (Class and Tag) were checked in most cases when looking for a
specific data type. Also check the Primitive/Constructed bit to avoid
accepting invalid encoding.

This is needed for correct behavior in DER parsing and especially
important for the case of verifying DER encoded signatures to prevent
potential forging attacks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 11:37:58 +02:00
Jouni Malinen
b421a7cf2a ASN.1: Use the helper functions for recognizing tags and debug prints
Simplify the core ASN.1 parser implementation by using the helper
functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 11:37:58 +02:00
Jouni Malinen
9a990e8c4e ASN.1: Add helper functions for recognizing tag values
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 11:37:58 +02:00
Jouni Malinen
9bf4c0539b ASN.1: Verify that NULL value has zero length
This value is required to contain no octets, so verify that its length
octet agrees with that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-13 23:15:55 +02:00
Jouni Malinen
f629bfe225 ASN.1: Add helper functions for debug printing identifier/length info
These can be helpful in cleaning up implementation of more or less
identical debug printing operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-13 23:15:55 +02:00
Jouni Malinen
429f725d9b ASN.1: Define tag value for TIME
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-13 23:15:55 +02:00
Jouni Malinen
4481b03ee3 ASN.1: Fix a typo in a not-used tag name
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-13 23:15:55 +02:00
Jouni Malinen
4ca8ef3df1 tests: Allow test-rsa-sig-ver data files to be set on command line
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-12 23:24:29 +02:00
Jouni Malinen
2b4db417d5 tests: Work around race conditions in OWE test cases
Need to explicitly wait for hostapd to report STA connection before
starting the traffic test to avoid the potential race condition when
testing with UML and time travel mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-12 19:59:52 +02:00
Jouni Malinen
f164dd87b9 tests: Make INTERWORKING_SELECT test cases more reliable
These could fail if a scan entry from a previous test case was still
present in the BSS table, e.g., by wpa_supplicant selecting the SSID
from that old entry instead of the new SSID. Try to avoid that by
explicitly flushing the scan results before starting these tests.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-12 11:46:22 +02:00
Peter Åstrand
2f2a570755 nl80211: Restore station mode on deinit only if station when started
With the earlier code, a mesh interface was changed to station after
deinit.

Signed-off-by: Peter Astrand <peter.astrand@etteplan.com>
2021-03-12 11:00:15 +02:00
Jouni Malinen
5013897532 tests: TWT_SETUP with the control argument
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-12 10:54:14 +02:00
Ben Greear
a746393dcf TWT: Allow specifying Control field value in TWT Request
See IEEE P802.11ax/D8.0, Figure 9-687 (Control field format) for
details.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2021-03-12 10:53:02 +02:00
Jouni Malinen
a3c94d61cd tests: Disabling HE support in STA
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-12 10:47:50 +02:00
Ben Greear
a6b2007c2f nl80211: Support disabling HE in infrastructure BSS as station
Send a flag to the kernel when user has specified disable_he=1 in the
network configuration block. This extends the functionality added in
commit 7c8f540ee0 ("wpa_supplicant: Add HE override support") to cover
the cases that need kernel functionality.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2021-03-12 10:40:25 +02:00
Andrei Otcheretianski
01f2e54ce7 P2P: Clear pending_listen_freq when stopping listen
If listen work never started, pending_listen_freq might be left
uncleared, preventing the subsequent listen to start. This could happen
in p2p_timeout_wait_peer_idle() after the commit 13256b8cf ("P2P: Stop
old listen radio work before go to WAIT_PEER_IDLE state") added a
stop_listen() call there.

Fixes: 13256b8cf3 ("P2P: Stop old listen radio work before go to WAIT_PEER_IDLE state")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-03-12 10:38:14 +02:00
Andrei Otcheretianski
82a348eda4 wpa_supplicant: Don't process EAPOL frames while disconnecting
An EAPOL frame may be pending when wpa_supplicant requests to
deauthenticate. At this stage the EAP SM cache is already cleaned by
calling eapol_sm_invalidate_cached_session(). Since at this stage the
wpa_supplicant's state is still set to associated, the EAPOL frame is
processed and results in a crash due to NULL dereference.

This wasn't seen previously as nl80211 wouldn't process the
NL80211_CMD_CONTROL_PORT_FRAME, since wpa_driver_nl80211_mlme() would
set the valid_handler to NULL. This behavior was changed in commit
ab89291928 exposing this race.

Fix it by ignoring EAPOL frames while the deauthentication is in
progress.

Fixes: ab89291928 ("nl80211: Use process_bss_event() for the nl_connect handler")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2021-03-12 09:57:23 +02:00