Commit Graph

4973 Commits

Author SHA1 Message Date
Jouni Malinen
af4eba16ce TLS: Parse and validate BasicOCSPResponse
This adds the next step in completing TLS client support for OCSP
stapling. The BasicOCSPResponse is parsed, a signing certificate is
found, and the signature is verified. The actual sequence of OCSP
responses (SignleResponse) is not yet processed in this commit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 00:48:34 +02:00
Jouni Malinen
06f14421ea TLS: Parse OCSPResponse to extract BasicOCSPResponse
This adds the next step for OCSP stapling. The received OCSPResponse is
parsed to get the BasicOCSPResponse. This commit does not yet process
the BasicOCSPResponse.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
d560288a44 TLS: Parse CertificateStatus message
This allows the internal TLS client implementation to accept
CertificateStatus message from the server when trying to use OCSP
stapling. The actual OCSPResponse is not yet processed in this commit,
but the CertificateStatus message is accepted to allow the TLS handshake
to continue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
eeba168453 TLS: Add status_request ClientHello extension if OCSP is requested
This allows the internal TLS implementation to request server
certificate status using OCSP stapling. This commit is only adding code
to add the request. The response is not yet used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
4303d531a8 TLS: Parse ServerHello extensions
This prints the received ServerHello extensions into the debug log and
allows handshake to continue even if such extensions are included.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
6b7bb42923 TLS: Add minimal support for PKCS #12
This allows the internal TLS implementation to parse a private key and a
certificate from a PKCS #12 file protected with
pbeWithSHAAnd3-KeyTripleDES-CBC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
5ce2941bfe TLS: Extend PKCS #5 to support PKCS #12 style key decryption
This adds support for decrypting private keys protected with the old
PKCS #12 mechanism using OID pbeWithSHAAnd3-KeyTripleDES-CBC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
f6a62df8e1 TLS: Fix and complete ASN.1 tag list
One of the unused defines had incorrect value and couple of tags were
missing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-13 22:12:07 +02:00
Jouni Malinen
3c108b7573 EAP peer: External server certificate chain validation
This adds support for optional functionality to validate server
certificate chain in TLS-based EAP methods in an external program.
wpa_supplicant control interface is used to indicate when such
validation is needed and what the result of the external validation is.

This external validation can extend or replace the internal validation.
When ca_cert or ca_path parameter is set, the internal validation is
used. If these parameters are omitted, only the external validation is
used. It needs to be understood that leaving those parameters out will
disable most of the validation steps done with the TLS library and that
configuration is not really recommend.

By default, the external validation is not used. It can be enabled by
addingtls_ext_cert_check=1 into the network profile phase1 parameter.
When enabled, external validation is required through the CTRL-REQ/RSP
mechanism similarly to other EAP authentication parameters through the
control interface.

The request to perform external validation is indicated by the following
event:
CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid>

Before that event, the server certificate chain is provided with the
CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump>
parameter. depth=# indicates which certificate is in question (0 for the
server certificate, 1 for its issues, and so on).

The result of the external validation is provided with the following
command:
CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad>

It should be noted that this is currently enabled only for OpenSSL (and
BoringSSL/LibreSSL). Due to the constraints in the library API, the
validation result from external processing cannot be reported cleanly
with TLS alert. In other words, if the external validation reject the
server certificate chain, the pending TLS handshake is terminated
without sending more messages to the server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 18:24:27 +02:00
Jouni Malinen
b6e5e14fd4 EAP-FAST peer: Fix PAC parser error messages
Do not override the parsing error with the "PAC block not terminated
with END" message if the reason for the END line not yet being seen is
in failure to parse an earlier line.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 12:00:28 +02:00
Jouni Malinen
5b904b3e42 EAP-FAST: Check T-PRF result in MSK/EMSK derivation
Pass the error return from sha1_t_prf() to callers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 11:20:05 +02:00
Jouni Malinen
b1d8c5ce6a EAP-FAST peer: Fix error path handling for Session-Id
It was possible to hit a NULL pointer dereference if Session-Id
derivation failed due to a memory allocation failure.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 11:12:32 +02:00
Jouni Malinen
36478a16e6 OpenSSL: Support new API for HMAC/EVP_MD_CTX in OpenSSL 1.1.x-pre1
The EVP_MD_CTX and HMAC_CTX definitions are now hidden from applications
using OpenSSL. Fix compilation issues with OpenSSL 1.1.x-pre1 by using
the new API for allocating these structures.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 18:11:39 +02:00
Jouni Malinen
9257610a6e FT: Fix FTIE generation for EAPOL-Key msg 3/4
This FTIE needs to be an exact copy of the one in (Re)Association
Response frame. Copy the stored element rather than building a new copy
that would not have the correct MIC value. This is needed to fix PTK
rekeying after FT protocol run.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 00:14:36 +02:00
Jouni Malinen
e44bd28cd1 FT: Fix sm->assoc_resp_ftie storing on the AP side
The FTIE from (Re)Association Response frame was copied before
calculating the MIC. This resulted in incorrect value being used when
comparing the EAPOL-Key msg 2/4 value in case PTK rekeying was used
after FT protocol run. Fix this by storing the element after the MIC
field has been filled in.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 00:14:35 +02:00
Jouni Malinen
59e78c2408 FT: Fix FTIE generation for 4-way handshake after FT protocol run
wpa_insert_pmkid() did not support cases where the original RSN IE
included any PMKIDs. That case can happen when PTK rekeying through
4-way handshake is used after FT protocol run. Such a 4-way handshake
used to fail with wpa_supplicant being unable to build the EAPOL-Key msg
2/4.

Fix this by extending wpa_insert_pmkid() to support removal of the old
PMKIDs, if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 00:14:35 +02:00
Jouni Malinen
b0ecbd3a4a AP: Use more readable version of management group cipher in error cases
This makes it easier to interpret AP side debug log for a case where a
station specifies in unsupported management group cipher.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 20:01:05 +02:00
Jouni Malinen
651c6a84af Add TEST_ASSOC_IE for WPA/RSN IE testing on AP side
The new wpa_supplicant control interface command "TEST_ASSOC_IE
<hexdump>" can now be used to override the WPA/RSN IE for Association
Request frame and following 4-way handshake to allow protocol testing of
AP side processing of WPA/RSN IE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 19:33:16 +02:00
Jouni Malinen
5c8acf7d96 EAP-IKEv2: Check HMAC SHA1/MD5 result
Make the IKEv2 helper functions return a possible error return from the
HMAC routines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-05 21:49:04 +02:00
Jouni Malinen
4db29e6a8a TLS: Add support for PKCS #5 v2.0 PBES2
This extends the internal TLS support for PKCS #5 v2.0 PBES2 private key
format with des-ede3-cbc encryption and PBKDF2 SHA-1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-05 20:23:12 +02:00
Jouni Malinen
8d27efa814 HTTP (curl): OCSP with BoringSSL
This adds experimental support for using OCSP with libcurl that is built
against BoringSSL. This needs small modifications to libcurl to allow
CURLOPT_SSL_VERIFYSTATUS to be used to call
SSL_enable_ocsp_stapling(connssl->handle) in ossl_connect_step1().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-04 20:08:31 +02:00
Jouni Malinen
213e158ca8 BoringSSL: Move OCSP implementation into a separate file
This makes it easier to share the OCSP implementation needed for
BoringSSL outside tls_openssl.c. For now, this is mainly for
http_curl.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-04 20:08:31 +02:00
Jouni Malinen
f846211e3e BoringSSL: Support new SHA_CTX definition for EAP-SIM PRF
BoringSSL modified the struct sha_state_st (SHA_CTX) definition by
converting h0..h4 with h[5] array. This broke wpa_supplicant/hostapd
build with EAP-SIM enabled. BoringSSL restored the old version for
ANDROID builds, but only the new version is currently defined for
non-Android cases. For now, fix this by having matching selection in
fips_prf_openssl.c based on OPENSSL_IS_BORINGSSL and ANDROID defines.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-04 11:30:36 +02:00
Jouni Malinen
b34c623c07 OpenSSL: Fix build with current OpenSSL master branch snapshot
OpenSSL 1.1.x will apparently go out with "SSLeay" renamed in the API to
"OpenSSL", which broke the build here for fetching the version of the
running OpenSSL library when wpa_supplicant/hostapd is built against the
current OpenSSL snapshot.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-03 23:53:35 +02:00
Jouni Malinen
759a8a3a99 nl80211: Cancel all pending TX frame cookies
These needs to be cancelled so that the kernel driver does not get left
with all old entries blocking other offchannel operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-02 12:37:10 +02:00
Jouni Malinen
9ea91cd67c EAP-EKE peer: Fix memory leak on error path
If DHComponent_P derivation fails (local crypto operation failure), the
message buffer was not freed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-01 00:20:25 +02:00
Jouni Malinen
0e559dc5ad WPS: Support parallel UPnP WPS protocol runs
This allows multiple external registrars to execute a WPS protocol run
with a WPS AP over UPnP. Previously, hostapd supported only a single WPS
peer entry at a time and if multiple ERs tried to go through a WPS
protocol instance concurrently, only one such exchange could succeed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-30 16:57:11 +02:00
Avraham Stern
09ea4309b6 nl80211: Add support for multiple scan plans for scheduled scan
Add 'scan plans' to driver scan parameters for scheduled scan.
Each 'scan plan' specifies the number of iterations to run the scan
request and the interval between iterations. When a scan plan
finishes (i.e., it was run for the specified number of iterations),
the next scan plan is executed. The last scan plan will run
infinitely.

The maximum number of supported scan plans, the maximum number of
iterations for a single scan plan and the maximum scan interval
are advertised by the driver.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-30 14:03:28 +02:00
Jouni Malinen
88119880e0 TLS client: Fix session_resumed status after TLS session ticket use
conn->session_resumed was not set to 1 after successful use of a TLS
session ticket with EAP-FAST. This resulted in the wpa_supplicant STATUS
tls_session_reused showing incorrect value (0 instead of 1) when
EAP-FAST PAC was used. Fix this by setting conn->session_resumed = 1
when TLS handshake using the session ticket succeeds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 23:52:30 +02:00
Jouni Malinen
7fff91ae51 Fix tls_connection_prf() regression with CONFIG_TLS=internal
Commit af851914f8 ('Make
tls_connection_get_keyblock_size() internal to tls_*.c') broke
tls_connection_prf() with the internal TLS implementation when using
skip_keyblock=1. In practice, this broke EAP-FAST. Fix this by deriving
the correct number of PRF bytes before skipping the keyblock.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 23:40:54 +02:00
Jouni Malinen
1adf262144 TLS: Add support for extKeyUsage X.509v3 extension
If the server/client certificate includes the extKeyUsage extension,
verify that the listed key purposes include either the
anyExtendedKeyUsage wildcard or id-kp-serverAuth/id-kp-clientAuth,
respectively.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 21:53:23 +02:00
Jouni Malinen
07555778a7 Add TEST_FAIL() support for internal hash functions
md4_vector(), md5_vector(), sha1_vector(), and sha256_vector() already
supported TEST_FAIL() with the OpenSSL crypto implementation, but the
same test functionality is needed for the internal crypto implementation
as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 21:01:33 +02:00
Jouni Malinen
4104267e81 Fix memory leak on NFC DH generation error path
It was possible for some NFC DH generation error paths to leak memory
since the old private/public key was not freed if an allocation failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 20:53:20 +02:00
Jouni Malinen
c5864dca5d TLS client: Add certificate chain validation failure callbacks
This adds more support for event_cb() calls for various server
certificate chain validation failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 20:32:52 +02:00
Jouni Malinen
896a97d712 TLS client: Add support for disabling TLS versions
The internal TLS client implementation in wpa_supplicant can now be used
with the phase2 parameters tls_disable_tlsv1_0=1, tls_disable_tlsv1_1=1,
and tls_disable_tlsv1_2=1 to disable the specified TLS version(s).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 20:03:11 +02:00
Jouni Malinen
0cbc22b2eb TLS client: Use TLS_CONN_* flags
This makes it simpler to add support for new TLS_CONN_* flags without
having to add a new configuration function for each flag.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 19:48:17 +02:00
Jouni Malinen
20804fe844 TLS: Add support for tls_get_version()
This allows wpa_supplicant to return eap_tls_version STATUS information
when using the internal TLS client implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 19:41:37 +02:00
Jouni Malinen
f2a6ad01a9 TLS client: Add support for server certificate probing
The internal TLS client implementation can now be used with
ca_cert="probe://" to probe the server certificate chain. This is also
adding the related CTRL-EVENT-EAP-TLS-CERT-ERROR and
CTRL-EVENT-EAP-PEER-CERT events.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 18:59:27 +02:00
Jouni Malinen
b115eebe01 TLS: Add TLS v1.2 signature algorithm support for SHA384 and SHA512
This extends the internal TLS client implementation to support signature
algorithms SHA384 and SHA512 in addition to the previously supported
SHA256.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 18:21:08 +02:00
Jouni Malinen
c0acec3934 crypto: Add CRYPTO_HASH_ALG_SHA384 and CRYPTO_HASH_ALG_SHA512
This extends the crypto_hash_*() API to support SHA384 and SHA512 when
built with CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 18:21:08 +02:00
Jouni Malinen
0aed9156ef TLS client: Add signature_algorithms extension into ClientHello
Since we support only SHA256 (and not the default SHA1) with TLS v1.2,
the signature_algorithms extensions needs to be added into ClientHello.
This fixes interop issues with the current version of OpenSSL that uses
the default SHA1 hash if ClientHello does not specify allowed signature
algorithms.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 18:21:07 +02:00
Pali Rohár
9e8809a717 TLS client: Validate certificates with SHA384 and SHA512 hashes
This commit adds support for validating certificates with SHA384 and
SHA512 hashes. Those certificates are now very common so wpa_supplicant
needs support for them.

SHA384 and SHA512 hash functions are included in the previous commit.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 18:21:05 +02:00
Pali Rohár
6bb6a9ce29 Add SHA384 and SHA512 implementations from LibTomCrypt library
These will be used with the internal TLS implementation to extend hash
algorithm support for new certificates and TLS v1.2.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 18:19:32 +02:00
Pali Rohár
fdc1614264 TLS client: Add support for validating server certificate hash
This commit adds support for "hash://server/sha256/cert_hash_in_hex"
scheme in ca_cert property for the internal TLS implementation.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 11:45:59 +02:00
Pali Rohár
3665776e4e TLS client: Do not verify CA certificates when ca_cert is not specified
In documentation is written: "If ca_cert and ca_path are not included,
server certificate will not be verified". This is the case when
wpa_supplicant is compiled with OpenSSL library, but when using the
internal TLS implementation and some certificates in CA chain are in
unsupported format (e.g., use SHA384 or SHA512 hash functions) then
verification fails even if ca_cert property is not specified.

This commit changes behavior so that certificate verification in
internal TLS implementation is really skipped when ca_cert is not
specified.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 11:39:25 +02:00
Jouni Malinen
11c9ddb766 Add TEST_FAIL() condition to aes_128_cbc_encrypt/decrypt()
This enables more error path testing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-28 20:46:36 +02:00
Jouni Malinen
ea52a46e13 EAP-SIM peer: Fix memory leak on reauth error path
If init_for_reauth fails, the EAP-SIM peer state was not freed properly.
Use eap_sim_deinit() to make sure all allocations get freed. This could
be hit only if no random data could be derived for NONCE_MT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-28 20:46:36 +02:00
Jouni Malinen
1a33c94ccc EAP-SAKE: Fix a typo in attribute parser debug print
Parsing AT_MSK_LIFE ended up writing a debug log entry with incorrect
attribute name (AT_IV).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-28 12:25:42 +02:00
Rajkumar Manoharan
3c417499e7 hostapd: Add Transmit Power Envelope IE when VHT is enabled
Add Transmit Power Envelope element defined in IEEE P802.11-REVmc/D4.3,
8.4.2.161.

Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
2015-11-26 20:40:24 +02:00
Kanchanapally, Vidyullatha
4f30addb38 nl80211: Add support for aborting an ongoing scan
This adds the driver interface commands for issuing a request to abort
an ongoing scan operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 19:44:14 +02:00