Commit Graph

5137 Commits

Author SHA1 Message Date
Jouni Malinen
20804fe844 TLS: Add support for tls_get_version()
This allows wpa_supplicant to return eap_tls_version STATUS information
when using the internal TLS client implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 19:41:37 +02:00
Jouni Malinen
f2a6ad01a9 TLS client: Add support for server certificate probing
The internal TLS client implementation can now be used with
ca_cert="probe://" to probe the server certificate chain. This is also
adding the related CTRL-EVENT-EAP-TLS-CERT-ERROR and
CTRL-EVENT-EAP-PEER-CERT events.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 18:59:27 +02:00
Jouni Malinen
b115eebe01 TLS: Add TLS v1.2 signature algorithm support for SHA384 and SHA512
This extends the internal TLS client implementation to support signature
algorithms SHA384 and SHA512 in addition to the previously supported
SHA256.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 18:21:08 +02:00
Jouni Malinen
c0acec3934 crypto: Add CRYPTO_HASH_ALG_SHA384 and CRYPTO_HASH_ALG_SHA512
This extends the crypto_hash_*() API to support SHA384 and SHA512 when
built with CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 18:21:08 +02:00
Jouni Malinen
0aed9156ef TLS client: Add signature_algorithms extension into ClientHello
Since we support only SHA256 (and not the default SHA1) with TLS v1.2,
the signature_algorithms extensions needs to be added into ClientHello.
This fixes interop issues with the current version of OpenSSL that uses
the default SHA1 hash if ClientHello does not specify allowed signature
algorithms.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 18:21:07 +02:00
Pali Rohár
9e8809a717 TLS client: Validate certificates with SHA384 and SHA512 hashes
This commit adds support for validating certificates with SHA384 and
SHA512 hashes. Those certificates are now very common so wpa_supplicant
needs support for them.

SHA384 and SHA512 hash functions are included in the previous commit.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 18:21:05 +02:00
Pali Rohár
6bb6a9ce29 Add SHA384 and SHA512 implementations from LibTomCrypt library
These will be used with the internal TLS implementation to extend hash
algorithm support for new certificates and TLS v1.2.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 18:19:32 +02:00
Pali Rohár
fdc1614264 TLS client: Add support for validating server certificate hash
This commit adds support for "hash://server/sha256/cert_hash_in_hex"
scheme in ca_cert property for the internal TLS implementation.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 11:45:59 +02:00
Pali Rohár
3665776e4e TLS client: Do not verify CA certificates when ca_cert is not specified
In documentation is written: "If ca_cert and ca_path are not included,
server certificate will not be verified". This is the case when
wpa_supplicant is compiled with OpenSSL library, but when using the
internal TLS implementation and some certificates in CA chain are in
unsupported format (e.g., use SHA384 or SHA512 hash functions) then
verification fails even if ca_cert property is not specified.

This commit changes behavior so that certificate verification in
internal TLS implementation is really skipped when ca_cert is not
specified.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 11:39:25 +02:00
Jouni Malinen
11c9ddb766 Add TEST_FAIL() condition to aes_128_cbc_encrypt/decrypt()
This enables more error path testing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-28 20:46:36 +02:00
Jouni Malinen
ea52a46e13 EAP-SIM peer: Fix memory leak on reauth error path
If init_for_reauth fails, the EAP-SIM peer state was not freed properly.
Use eap_sim_deinit() to make sure all allocations get freed. This could
be hit only if no random data could be derived for NONCE_MT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-28 20:46:36 +02:00
Jouni Malinen
1a33c94ccc EAP-SAKE: Fix a typo in attribute parser debug print
Parsing AT_MSK_LIFE ended up writing a debug log entry with incorrect
attribute name (AT_IV).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-28 12:25:42 +02:00
Rajkumar Manoharan
3c417499e7 hostapd: Add Transmit Power Envelope IE when VHT is enabled
Add Transmit Power Envelope element defined in IEEE P802.11-REVmc/D4.3,
8.4.2.161.

Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
2015-11-26 20:40:24 +02:00
Kanchanapally, Vidyullatha
4f30addb38 nl80211: Add support for aborting an ongoing scan
This adds the driver interface commands for issuing a request to abort
an ongoing scan operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 19:44:14 +02:00
Jouni Malinen
5ef0b84355 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2015-11-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-26 19:42:56 +02:00
Jouni Malinen
1d6955e668 nl80211: Fix SIGNAL_POLL in IBSS and mesh
NL80211_CMD_GET_STATION does not work with the IBSS/mesh BSSID, so clear
the signal strength instead of returning failure when SIGNAL_POLL is
used in an IBSS/mesh.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 17:57:07 +02:00
Ahmad Kholaif
c27f4c9006 P2P: Add support for VHT 80+80 MHz and 160 MHz
The new max_oper_chwidth and freq2 arguments to P2P_CONNECT, P2P_INVITE,
and P2P_GROUP_ADD control interface commands can be used to request
larger VHT operating channel bandwidth to be used than the previously
used maximum 80 MHz.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-25 19:01:20 +02:00
Ahmad Kholaif
bee5d8e067 nl80211: Add VHT 160 MHz channel flags
This extends the previous design that covered only the VHT 80 MHz cases
for VHT channel flags. New functions are introduced to allow 160 MHz
bandwidth cases to determine the center channel and check availability
of a 160 MHz channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-25 19:01:14 +02:00
Ahmad Kholaif
5e1da9c8fd P2P: Define operating classes for VHT 80+80 and 160
This adds definitions for the global operating classes 129 and 130 for
VHT 80+80 MHz and 160 MHz use cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-25 19:01:10 +02:00
Anton Nayshtut
b47d05aa45 FST: Make FST peer connection check more permissive in hostapd
Modify the FST peer connection check so it won't skip peers without MB
IEs making it more permissive for peers that didn't provide MB IEs
during association request. This can be helpful, e.g., in cases where a
STA's interface connected before it was added to the FST group. This
allows the AP to receive FST Action frames and initiate session with a
STA via STA's interface that doesn't expose MB IEs.

The adjusted FST protocol is still safe, as it protects itself in many
other ways (checking band info and it's accordance to the interfaces,
Setup IDs, connection states of the interfaces involved, etc.)
effectively avoiding all types of invalid situations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-25 17:30:59 +02:00
Jouni Malinen
1fff13a9cb tests: Move EAP-SIM PRF module test into the hwsim framework
The old wpa_supplicant/Makefile target test-eap_sim_common did not work
anymore and anyway, this test is better placed in the newer hwsim
framework to make sure the test case gets executed automatically.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-24 00:00:21 +02:00
Jouni Malinen
9e68742ef1 Fix CONFIG_NO_WPA=y build
Number of places were calling functions that are not included in
CONFIG_NO_WPA=y build anymore. Comment out such calls. In addition, pull
in SHA1 and MD5 for config_internal.c, if needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-23 23:34:52 +02:00
Anton Nayshtut
f231b3d816 FST: Fix STA MB IEs creation
FST STA should always expose its MB IEs regardless of its connection
state and whether the connected AP is currently FST-enabled or not.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-23 20:36:12 +02:00
Somdas Bandyopadhyay
83702b6088 Android: Give user the option for selecting browser for HS 2.0 OSU
When built with browser-android.c, hs20-osu-client used to always launch
the native/stock Android browser for OSU user interaction. This browser
is not present in all devices. It is better to give the option to the
user to select his/her browser.

Here the user will be shown a pop up to select the browser that he/she
wants.

Signed-off-by: Somdas Bandyopadhyay <somdas.bandyopadhyay@intel.com>
2015-11-22 21:06:17 +02:00
Avraham Stern
d8a3b66d7f driver: Make setting up AP optional when creating AP interface
When an AP interface it created, it is also setup and subscribes
for management frames etc. However, when the interface is added by
wpa_supplicant, setting up for AP operations is redundant because
it will be done by wpa_supplicant on wpa_drv_init() when setting
the interface mode to AP.

In addition, it may cause wpa_supplicant to fail initializing the
interface as it will try to subscribe for management frames on this
interface but the interface is already registered.

Change this, so when adding an AP interface, make setting up the AP
optional, and use it only when the interface is added by hostapd but not
when it is added by wpa_supplicant.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-22 17:42:59 +02:00
Marek Behún
36e820605f Check for LIBRESSL_VERSION_NUMBER in tls_openssl.c
LibreSSL does not yet support the new API, so do not use it
when LIBRESSL_VERSION_NUMBER macro is defined.

Signed-off-by: Marek Behun <kabel@blackhole.sk>
2015-11-22 12:00:53 +02:00
Alexander Bondar
6bdc43c4db AP: Avoid 20/40 MHz co-ex scan if PRI/SEC switch is not allowed
When an AP is started on the 5.2 GHz band with 40 MHz bandwidth, a
scan is issued in order to handle 20/40 MHz coexistence. However,
the scan is issued even if iface->conf->no_pri_sec_switch is set,
which is redundant.

Fix this by checking iface->conf->no_pri_sec_switch before starting
the scan.

Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
2015-11-21 18:42:53 +02:00
Ayala Beker
757785dab2 nl80211: Clear ignore_next_local_deauth flag
The de-authentication flow in wpa_driver_nl80211_deauthenticate() can
result in a locally generated de-authentication event. To avoid getting
this extra event ignore_next_local_deauth flag is set, and should be
cleared when the next local deauth event is received. However, it is not
cleared when the event shows up after the wpa_supplicant has started a
connection with a new AP, and as a result it might ignore future
deauth event from the driver.

Fix this by clearing the flag if the event is locally generated.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2015-11-21 18:00:33 +02:00
Sara Sharon
cb2a926df8 nl80211: Clear ignore_next_local_deauth and ignore_deauth_event
The authentication flow in wpa_driver_nl80211_authenticate() can
result  in a locally generated de-authentication, in which both
next_local_deauth and ignore_next_local_deauth are set.

However, in mlme_event_deauth_disassoc(), when ignore_deauth_event is
set, the flag is cleared, but the flow immediately returns leaving
ignore_next_local_deauth set, which can result in ignoring future deauth
event from the driver, leaving the wpa_supplicant in an inconsistent
state.

Fix this by clearing both flags in case that next_local_deauth is set.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
2015-11-21 18:00:33 +02:00
Ravi Joshi
f32227ed9e Add QCA vendor attribute and event to indicate subnet change status
This allows offloaded roaming to inform user space of the change in IP
subnet post roaming. The device may have roamed to a network which is in
a different subnet which will result in IP connectivity loss. Indicating
the change in subnet enables the user space to refresh the IP address or
to perform IP subnet validation if unknown status is indicated.

The driver indication is reported with a new event from wpa_supplicant
in the following format:
CTRL-EVENT-SUBNET-STATUS-UPDATE status=<0/1/2>
where
0 = unknown
1 = IP subnet unchanged (can continue to use the old IP address)
2 = IP subnet changed (need to get a new IP address)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-20 11:03:06 +02:00
Jouni Malinen
25eb7fcbb4 Fix EAPOL reauth after FT protocol or offloaded PMKSA cache use
The EAP peer state machine moved from IDLE to FAILURE state when the
EAPOL Authenticator triggered reauthentication with an
EAP-Request/Identity in a case where the associated started with FT
protocol or offloaded PMKSA cache use (4-way handshake using a
previously acquired PMK). This happened due to the altSuccess=TRUE
setting being left behind and not cleared when processing the restart of
authentication. Fix this by clearing altAccept and eapSuccess when going
through SUPP_PAE RESTART state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-19 21:16:18 +02:00
Jouni Malinen
f68d491b0a FT auth: Fix EAPOL reauthentication after FT protocol run
The EAPOL AUTH_PAE state machine was left in incomplete state at the
completion of FT protocol. Set portValid = TRUE to allow the state
machine to proceed from AUTHENTICATING to AUTHENTICATED state, so that a
new EAPOL reauthentication can be triggered.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-19 21:16:06 +02:00
Peng Xu
9a8d9f7c62 Assign QCA vendor command and attribute for Tx power reduction in dB
Assign nl80211 vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_DECR_DB and corresponding
attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-19 11:34:31 +02:00
Jouni Malinen
747ba1067d nl80211: Do not return incomplete hw capability info
If a memory allocation fails while parsing driver capabilities, drop all
mode/channel/rate information instead of returning possibly partial
information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-17 19:50:34 +02:00
Anton Nayshtut
0603bcb7fe hostapd: Process MAC ACLs on a station association event (SME in driver)
Now hostapd will use station MAC-based permissions according to the
macaddr_acl policy also for drivers which use AP SME offload, but do not
support NL80211_CMD_SET_MAC_ACL for offloading MAC ACL processing. It
should be noted that in this type of case the association goes through
and the station gets disconnected immediately after that.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-17 12:38:32 +02:00
Amarnath Hullur Subramanyam
89a11ad38f RSN: Remove check for proactive_key_caching while setting PMK offload
wpa_sm_key_mgmt_set_pmk() was checking for proactive_key_caching to be
enabled before setting the PMK to the driver. This check is not required
and would mandate configuration setting of okc or proactive_key_caching
for cases which were not necessary.

Signed-off-by: Amarnath Hullur Subramanyam <amarnath@qca.qualcomm.com>
2015-11-16 19:05:01 +02:00
Ravi Joshi
d381963385 Extend QCA roam event with subnet change indication
The new attribute can be used with
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH to indicate whether the IP
subnet was detected to have changed when processing offloaded roam/key
management.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-16 19:00:35 +02:00
Ben Greear
68ac584a49 nl80211: Add debug message for passive scanning
This is more obvious than looking for the lack of 'Scan SSID' messages.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-11-15 19:20:35 +02:00
Purushottam Kushwaha
a3dff7dc0c P2P: Fix a typo in debug message
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
2015-11-15 18:55:23 +02:00
Jouni Malinen
95577884ca EAP-pwd peer: Fix error path for unexpected Confirm message
If the Confirm message is received from the server before the Identity
exchange has been completed, the group has not yet been determined and
data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange()
did not take this corner case into account and could end up
dereferencing a NULL pointer and terminating the process if invalid
message sequence is received. (CVE-2015-5316)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-10 18:40:54 +02:00
Jouni Malinen
bef802ece0 EAP-pwd server: Fix last fragment length validation
All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5314)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-10 18:40:54 +02:00
Jouni Malinen
8057821706 EAP-pwd peer: Fix last fragment length validation
All but the last fragment had their length checked against the remaining
room in the reassembly buffer. This allowed a suitably constructed last
fragment frame to try to add extra data that would go beyond the buffer.
The length validation code in wpabuf_put_data() prevents an actual
buffer write overflow from occurring, but this results in process
termination. (CVE-2015-5315)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-10 18:40:54 +02:00
Somdas Bandyopadhyay
fcdb35928c Use "STATUS-NO_EVENTS" instead of "STATUS" in get_wpa_status function
Using "STATUS" command triggers CTRL-EVENT-STATE-CHANGE and
CTRL-EVENT-CONNECTED (if connected to some AP) events. These events
cause problems in Android WifiStateMachine in Marshmallow. Due to these
events WifiStateMachine sometimes disconnects the OSU SSID connection,
while hs20-osu-client waits for IP address.

Signed-off-by: Somdas Bandyopadhyay <somdas.bandyopadhyay@intel.com>
2015-11-01 21:05:10 +02:00
Max Stepanov
73ed03f333 wpa_supplicant: Add GTK RSC relaxation workaround
Some APs may send RSC octets in EAPOL-Key message 3 of 4-Way Handshake
or in EAPOL-Key message 1 of Group Key Handshake in the opposite byte
order (or by some other corrupted way). Thus, after a successful
EAPOL-Key exchange the TSC values of received multicast packets, such as
DHCP, don't match the RSC one and as a result these packets are dropped
on replay attack TSC verification. An example of such AP is Sapido
RB-1732.

Work around this by setting RSC octets to 0 on GTK installation if the
AP RSC value is identified as a potentially having the byte order issue.
This may open a short window during which older (but valid)
group-addressed frames could be replayed. However, the local receive
counter will be updated on the first received group-addressed frame and
the workaround is enabled only if the common invalid cases are detected,
so this workaround is acceptable as not decreasing security
significantly. The wpa_rsc_relaxation global configuration property
allows the GTK RSC workaround to be disabled if it's not needed.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-11-01 21:00:22 +02:00
Jouni Malinen
d129b02247 EAP-pwd: Add support for Brainpool Elliptic Curves
This allows the IKE groups 27-30 (RFC 6932) to be used with OpenSSL
1.0.2 and newer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-01 11:29:06 +02:00
Jouni Malinen
17b7032891 EAP peer: Clear ignore flag in INITIALIZE state
While this is not part of RFC 4137, the way m.check(eapReqData) is
implemented in wpa_supplicant allows an EAP method to not update the
ignore value even though each such call is really supposed to get a new
response. It seems to be possible to hit a sequence where a previous EAP
authentication attempt terminates with sm->ignore set from the last
m.check() call and the following EAP authentication attempt could fail
to go through the expected code path if it does not clear the ignore
flag. This is likely only hit in some error cases, though. The hwsim
test cases could trigger this with the following sequence:
eap_proto_ikev2 ap_wps_m1_oom

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-31 21:56:59 +02:00
Jouni Malinen
2e38079531 TLS: Fix memory leak with multiple TLS server instances
When using CONFIG_TLS=internal and starting hostapd with multiple
configuration files that each initialize TLS server, the server
certificate and related data was not freed for all the interfaces on
exit path. Fix this by freeing the credential data that is stored
separately for each call to tls_init().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-31 18:15:22 +02:00
Frederic Leroy
7b0f5500b0 eap_sim_db: Implement eap_sim_db_expire_pending()
Expire pending DB request for EAP-SIM/AKA/AKA'. Timeout defaults to 1
second and is user configurable in hostapd.conf (eap_sim_db_timeout).

Signed-off-by: Frederic Leroy <frederic.leroy@b-com.com>
2015-10-31 16:28:16 +02:00
Jouni Malinen
45c3e72952 Add frequency to operating class determination for 5 GHz 100..140
This extends ieee80211_freq_to_channel_ext() with knowledge of the
operating classes for the 5 GHz channels 100..140.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-30 11:45:50 +02:00
Avichal Agarwal
c93b7e1888 RSN: Check result of EAPOL-Key frame send request
Provide information on whether EAPOL-Key frame was sent successfully to
kernel for transmittion. wpa_eapol_key_send() will return
>= 0 on success and < 0 on failure. After receiving EAPOL-Key msg 3/4,
wpa_supplicant sends EAPOL-Key msg 4/4 and shows CTRL-EVENT-CONNECTED
only after verifying that the msg 4/4 was sent to kernel for
transmission successfully.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
2015-10-28 22:42:16 +02:00
Srinivasa Duvvuri
053693d266 hostapd: Add feature to start all interfaces at the same time in sync
When multiple interfaces across mutiple radios are started using a
single instance of hostapd, they all come up at different times
depending upon how long the ACS and HT scan take on each radio. This
will result in stations (that already have the AP profile) associating
with the first interfaces that comes up. For example in a dual band
radio case (2G and 5G) with ACS enabled, 2G always comes up first
because the ACS scan takes less time on 2G and this results in all
stations associating with the 2G interface first.

This feature brings up all the interfaces at the same time. The list of
interfaces specified via hostapd.conf files on the command line are all
marked as sync interfaces. All the interfaces are synchronized in
hostapd_setup_interface_complete().

This feature is turned on with '-S' commmand line option.

Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
2015-10-28 19:47:17 +02:00
Jouni Malinen
9578413455 Reserve QCA vendor specific nl80211 commands 110..114
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-27 00:10:29 +02:00
Peng Xu
5d4c508969 Assign QCA commands and attributes for Tx power scaling and OTA testing
Assign nl80211vendor commands QCA_NL80211_VENDOR_SUBCMD_OTA_TEST and
QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE as well as corresponding
attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-27 00:07:15 +02:00
Hu Wang
5d1d69a10f P2P: Filter control chars in group client device name similarly to peer
P2P device discovery can add peer entries based on a message directly
from a peer and from a Probe Response frame from a GO for all the P2P
Clients in the group. The former case for filtering out control
characters from the device name while the latter was not. Make this
consistent and filter both cases in the same way to avoid confusing
external programs using the device name of a P2P peer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-26 23:43:45 +02:00
Sunil Dutt
f67d1a0099 TDLS: Do not send error case of TPK M3 if TX fails
There is no point in sending TPK M3 (TDLS Setup Confirm) with a failure
status if the first transmission attempt fails. Instead, just return a
failure by disabling the link rather than retransmitting the TPK M3
frame with an error status.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-26 22:54:39 +02:00
Jouni Malinen
8f3ea3175f tests: Fix build without CONFIG_ERP=y
hmac_sha256_kdf() got pulled in only if CONFIG_ERP=y is set. Fix
test_sha256() by making the test case conditional on the function being
present.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-26 00:42:14 +02:00
Jouni Malinen
d8fd633ebb Do not write ERROR level log entries if debug file is not used
wpa_debug_reopen_file() used to write an error message at MSG_ERROR
level if it was called with last_path == NULL (the last debug log file
path not known). This is not a fatal error, but a normal case if
wpa_debug_open_file() has not been used. Remove the error message and
return success in such case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 20:45:02 +02:00
Mohammed Shafi Shajakhan
67deaa582d l2_packet: Add build option to disable Linux packet socket workaround
Linux packet socket workaround(*) has an impact in performance when the
workaround socket needs to be kept open to receive EAPOL frames. While
this is normally avoided with a kernel that has the issue addressed by
closing the workaround packet socket when detecting a frame through the
main socket, it is possible for that mechanism to not be sufficient,
e.g., when an open network connection (no EAPOL frames) is used.

Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the
workaround. This build option is disabled by default and can be enabled
explicitly on distributions which have an older kernel or a fix for the
kernel regression.

Also remove the unused variable num_rx.

(*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596
('bridge: respect RFC2863 operational state') from 2012 introduced a
regression for using wpa_supplicant with EAPOL frames and a station
interface in a bridge.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
2015-10-25 19:56:53 +02:00
Jouni Malinen
ceb19ff7a6 privsep: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 19:37:16 +02:00
Jouni Malinen
45a283e6d0 wext: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 19:37:16 +02:00
Jouni Malinen
336869f05a nl80211: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:35:00 +02:00
Jouni Malinen
78c8ee488f ndis: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:35:00 +02:00
Jouni Malinen
d717126aa2 hostap: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:35:00 +02:00
Jouni Malinen
d034f498ce atheros: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:35:00 +02:00
Jouni Malinen
40762fcede PCSC: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:35:00 +02:00
Jouni Malinen
80c620dbd7 SAE: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
f88bcad015 GAS server: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
1e72ba2e61 RSN auth: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
a5a2f252cb AP: Avoid undefined behavior in pointer arithmetic in IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
de7fe64df5 RADIUS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
d2eb91e08f TLS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
2461724c05 RSN: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
3991cb7b3c EAP-IKEv2 peer: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
0421d47e34 EAP-IKEv2 server: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
72bb05a033 EAP-FAST peer: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
ed5e3a5888 EAP-FAST server: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
b6f961ab25 Avoid undefined behavior in pointer arithmetic in IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
7b5880fcf4 FT: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
d6ee858c3b P2P: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
625745c297 WPS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-18 11:37:47 +03:00
Jouni Malinen
cc4f3d6ea7 tests: Add TEST_FAIL() condition to omac1_aes_vector()
This enables more error path testing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-17 20:40:36 +03:00
Jouni Malinen
0504d2da12 EAP-GPSK: Check HMAC-SHA256 result in GKDF and MIC
hmac_sha256() and hmac_sha256_vector() return a result code now, so use
that return value to terminate HMAC-SHA256-based GKDF/MIC similarly to
what was already done with the CMAC-based GKDF/MIC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-17 20:40:01 +03:00
Jouni Malinen
1166b20c95 Add Framed-IP-Address to Accounting-Request if STA address is known
The recently added ProxyARP support (proxy_arp=1) in hostapd allows a
STA IPv4 address to be learned from DHCP or ARP messages. If that
information is available, add it to Account-Request messages in
Framed-IP-Address attribute.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-17 19:53:29 +03:00
Jouni Malinen
9b7a1bd7ed Option to reduce Probe Response frame responses during max STA
The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can
be used to request hostapd not to reply to broadcast Probe Request
frames from unassociated STA if there is no room for additional stations
(max_num_sta). This can be used to discourage a STA from trying to
associate with this AP if the association would be rejected due to
maximum STA limit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-17 19:30:49 +03:00
Jouni Malinen
ca33a5e895 Add "git describe" based version string postfix
If hostapd or wpa_supplicant is built from a git repository, add a
VERSION_STR postfix from the current git branch state. This is from "git
describe --dirty=+". VERSION_STR will thus look something like
"2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a
modified repository.

This behavior is enabled automatically if a build within git repository
is detected (based on ../.git existing). This can be disabled with
CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-16 22:20:55 +03:00
Pradeep Reddy POTTETI
2bd5bdcd4b TDLS: On a TPK timeout, tear down the link before renewal by the initiator
On TPK lifetime expiration, tear down the direct link before renewing
the link in the case of TDLS initiator processing. The expired key
cannot be used anymore, so it is better to explicitly tear down the old
link first.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-16 11:35:19 +03:00
Jouni Malinen
2b12b3602a P2P: Do not reply to GO Negotiation Request if peer is waiting for us
This improves robustness of GO Negotiation in special cases where GO
Negotiation Request frames from the peer may end up getting delivered
multiple times, e.g., due to interference and retransmitted frames not
getting properly filtered out in duplicate detection (which is something
that number of drivers do not implement for pre-associated state).

If we have already replied with GO Negotiation Response frame with
Status 1 (not yet ready), do not reply to another GO Negotiation Request
frame from the peer if we have already received authorization from the
user (P2P_CONNECT command) for group formation and have sent out our GO
Negotiation Request frame. This avoids a possible sequence where two
independent GO Negotiation instances could go through in parallel if the
MAC address based rule on avoiding duplicate negotiations is not able to
prevent the case. This can allow GO Negotiation to complete successfully
whereas the previous behavior would have likely resulted in a failure
with neither device sending a GO Negotiation Confirm frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-15 21:21:28 +03:00
Rui Paulo
22e8df3a98 Portability fixes for FreeBSD - os_fdatasync()
Use fsync() when fdatasync() and F_FULLSYNC isn't available.

Signed-off-by: Rui Paulo <rpaulo@freebsd.org>
2015-10-15 16:14:30 +03:00
Andrei Otcheretianski
e8dc205f17 nl80211: Disable 11b rates for P2P (additional cases)
Some drivers (like mac80211) do not accept changing the TX bitrate mask
before the network interface is up. Thus, calling
nl80211_disable_11b_rates() before the interface is up fails, and the
P2P network interface continues to use invalid bitrates.

To fix this call nl80211_disable_11b_rates() immediately after the
interface is brought up (and also after rfkill is unblocked).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-14 23:57:53 +03:00
Josh Lehan
1d61a8efee Escape DEL char (ASCII 127 decimal) in SSIDs
While testing, I noticed that printf_encode() makes control characters
human-readable, with one exemption, the DEL character (ASCII 127).
Assuming this exemption was unintentional, make it appear as an escaped
\x7f instead of a literal DEL character in the output.

Signed-off-by: Josh Lehan <krellan@krellan.net>
2015-10-14 19:28:57 +03:00
Ashok Kumar Ponnaiah
d6afe03660 atheros: Fix hapd_deinit() handler with generic IEs set
atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-14 18:43:26 +03:00
Jouni Malinen
712525b01e nl80211: Increase buffer size for reporting scan frequencies
It is possible for a driver to support sufficient number of channels to
hit the previous limit of 200 characters for the "nl80211: Scan included
frequencies:" debug message. Increase the maximum buffer length to 300
characters to allow more complete list of scanned frequencies to be
written into the debug log. This limit is more in line with the
MAX_REPORT_FREQS (50) limit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-14 18:43:26 +03:00
Jouni Malinen
207976f053 Fix Suite B 192-bit AKM to use proper PMK length
In addition to the PTK length increasing, the length of the PMK was
increased (from 256 to 384 bits) for the 00-0f-ac:12 AKM. This part was
missing from the initial implementation and a fixed length (256-bit) PMK
was used for all AKMs.

Fix this by adding more complete support for variable length PMK and use
384 bits from MSK instead of 256 bits when using this AKM. This is not
backwards compatible with the earlier implementations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-14 18:43:26 +03:00
Jouni Malinen
ae7d9fbd3d Remove unreachable PMKSA cache entry addition on Access-Accept
The previous implementation used an obsolete sm->eapol_key_crypt pointer
which was not set anywhere (i.e., was always NULL). In addition, the
condition of sm->eap_if->eapKeyAvailable was not valid here since this
is the case of MSK from an external authentication server and not the
internal EAP server. Consequently, the wpa_auth_pmksa_add() call here
was never used.

The PMKSA cache was still added, but it happened at the completion of
the 4-way handshake rather than at the completion of EAP authentication.
That later location looks better, so delete the unreachable code in
Access-Accept handling. In addition, remove the now complete unused
struct eapol_state_machine eapol_key_* variables.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-14 18:43:26 +03:00
Jouni Malinen
1b822f52e6 hostapd: Fix WPA, IEEE 802.1X, and WPS deinit in cases where init fails
With driver wrappers that implement set_privacy(), set_generic_elem(),
set_ieee8021x(), or set_ap_wps_ie(), it was possible to hit a NULL
pointer dereference in error cases where interface setup failed and
the network configuration used WPA/WPA2, IEEE 802.1X, or WPS.

Fix this by skipping the driver operations in case the driver interface
is not initialized.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-14 18:42:07 +03:00
Jouni Malinen
8fd1d6236d OpenSSL: Add TEST_FAIL() checks to allow error path testing
This makes it easier to test various error paths related to key
derivation and authentication steps.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-12 01:04:22 +03:00
Max Stepanov
da0e8db239 P2PS: Do not add unnecessary attributes to PD Response
Don't add unnecessary P2PS attributes to PD Response depending on the
type of exchange.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-10-11 21:42:03 +03:00
Max Stepanov
14a188559c P2PS: Do not add unnecessary follow-on PD Request attributes
Don't add unnecessary P2PS follow-on PD Request attributes when
the request status is not P2P_SC_SUCCESS_DEFERRED.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-10-11 21:42:03 +03:00
Max Stepanov
ecf56c7270 P2PS: Fix PD Request parameter handling
In P2PS PD Request processing in some error case scenarios, such as
verification of the WPS config method, the flow aborts before saving
mandatory P2PS PD Request attributes. This in turn causes the control
interface notification events to be sent with invalid parameters.

Fix this by changing the order of verification and processing steps of
the PD Request message handling.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-10-11 21:42:03 +03:00
Ilan Peer
8bb8e6edb8 P2PS: Indicate the chosen operating frequency
On successful P2P PD, report the chosen frequency in case the local
device is going to be the P2P GO, so in can later be used to instantiate
the new P2P GO, etc.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 21:42:03 +03:00
Ilan Peer
685b209828 P2PS: Process channels in PD Response
In case the P2PS PD Response includes the P2P Channel List attribute,
update the peer device supported channels and verify that the local
device has common channels with the peer (only a sanity check).

If the Operating Channel attribute is included in the response, check
that it is included in the intersection and store it as the peer's
operating frequency (so it could later be used in the join flow, etc.).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 21:42:03 +03:00
Ilan Peer
23eef57018 P2PS: Process channels in PD Request
In case the P2PS PD Request includes the P2P Channel List attribute,
update the peer device supported channels and check if we have common
channels with the peer that can be used for the connection establishment
based on the connection capabilities:

1. In case of P2PS PD Request with no common channels, defer
   the flow unless auto accept equals true and the connection
   capabilities equals NEW (in which case the channels would be
   negotiated in the GO Negotiation).

2. In case of Follow up P2PS PD Request with no common channels,
   reject the request unless the connection capability is NEW.

In addition, in case of a successful P2PS PD, save the device
operating frequency (so it can be later used for join flow, etc.).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 21:42:03 +03:00
Ilan Peer
ebd32943cb P2PS: Add channel policy to PD Request
Add operating channel selection and channel list processing similar to
that done when building GO Negotiation Request, i.e., consider the
currently used channels, configured channels, etc.

P2PS introduces a flow where a responder needs to provide channel data
without being previously aware of the current constraints, i.e., the
channels currently in use by other interfaces. To handle this, extend
the get_group_capability() callback to also handle channel selection
aspects of group capabilities.

In case there is an active P2P GO that is going to be used for the P2PS
PD, force its current operating frequency in the PD attributes.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 21:42:03 +03:00
Ilan Peer
4acd5ac67b P2P: Cleanup handling of unknown peer in PD Request processing
If a Provision Discovery Request is received for an unknown peer, a new
device entry is being added, but the flow continues without updating the
local p2p_device pointer, requiring to check the pointer value before
every access.

1. Change this, so once a device is added, the flow updates the local
   p2p_device pointer and avoids the checks later in the flow.
2. If the device is not known even after adding it, skip the processing,
   send the PD Response, and return.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 12:38:07 +03:00
Ilan Peer
572f1ead19 P2PS: Fix possible NULL pointer dereference in PD exchange
It is possible that p2p_build_prov_disc_resp() is called with a NULL
device entry, which might be dereferenced when calling
p2p->cfg->get_persistent_group() for the P2PS with persistent group
case. Fix this by checking the device pointer before accessing it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 12:29:19 +03:00
Jouni Malinen
cbb154973d OpenSSL: Make msg_callback debug prints easier to read
Write a text version of the content type and handshake type in debug log
to make it easier to follow TLS exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-11 11:35:35 +03:00
Jouni Malinen
faf8f29379 OpenSSL: Recognize special write_p == 2 in msg_callback
OpenSSL could use this to identify crypto tracing values if built with
OPENSSL_SSL_TRACE_CRYPTO.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-11 11:14:00 +03:00
Jouni Malinen
6f5b284b32 tests: Module test for hmac_sha256_kdf() maximum output length
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 18:57:14 +03:00
Jouni Malinen
5a55c9b411 Fix MSCHAP UTF-8 to UCS-2 conversion check for three-byte encoding
The utf8_string_len comparison was off by one and ended up accepting a
truncated three-byte encoded UTF-8 character at the end of the string if
the octet was missing. Since the password string gets null terminated in
the configuration, this did not result in reading beyond the buffer, but
anyway, it is better to explicitly reject the string rather than try to
use an incorrectly encoded UTF-8 string as the password.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 18:38:37 +03:00
Jouni Malinen
cc2994024d HTTP (curl): Fix compilation with BoringSSL
Define the sk_*_{num,value}() macros in BoringSSL style if BoringSSL is
used instead of OpenSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-10 00:06:14 +03:00
Jouni Malinen
bdee6ca0e0 BoringSSL: Implement support for OCSP stapling
BoringSSL has removed the OpenSSL OCSP implementation (OCSP_*()
functions) and instead, provides only a minimal mechanism for include
the status request extension and fetching the response from the server.
As such, the previous OpenSSL-based implementation for OCSP stapling is
not usable with BoringSSL.

Add a new implementation that uses BoringSSL to request and fetch the
OCSP stapling response and then parse and validate this with the new
implementation within wpa_supplicant. While this may not have identical
behavior with the OpenSSL-based implementation, this should be a good
starting point for being able to use OCSP stapling with BoringSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-09 23:48:30 +03:00
Ilan Peer
e4f90a6a27 P2PS: Add validation for P2PS PD Request
Validate that all the required attributes appear in a P2PS PD Request,
and in addition, in the case of follow-on PD Request, check that the
given values match those of the original PD Request.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:22 +03:00
Ilan Peer
20324d47f9 P2PS: Reduce indentation in p2p_process_prov_disc_req()
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:21 +03:00
Max Stepanov
f94e4c20e4 P2PS: Send follow-on PD response only if status is 12
When a follow-on PD request is received, peer should not send a
follow-on PD response except the case when the PD request status value
is 12 (Success: accepted by user). Previously, the wpa_supplicant
implementation behaved differently sending the follow-on PD Response on
any follow-on PD Request.

Fix the issue by adding the following changes:

1. Don't send PD Response if the follow-on PD Request status is
   different than 12 (seeker side).
2. Don't wait for the follow-on PD Response if the follow-on PD
   Request was sent with the status different than 12 (advertiser
   side).
3. If the follow-on PD Request was sent with the status different
   than 12 use the follow-on PD Request ACK as PD completion event
   (advertiser side).
4. Notify ASP about the PD completion by sending P2PS-PROV-DONE with
   the PD Request status (advertiser side).

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-10-07 17:07:21 +03:00
Andrei Otcheretianski
a3de16768b P2P: Cancel extended listen on p2p_flush()
It is expected that p2p_flush() should stop any ongoing p2p operation.
However, this was not the case with extended listen which was not
cancelled on p2p_flush() flows. Fix this, by cancelling the extended
listen in p2p_flush().

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
695dbbea88 Interworking: Add support for configuring arbitrary ANQP-elements
The new hostapd configuration parameter anqp_elem can now be used to
configure arbitrary ANQP-elements for the GAS/ANQP server. In addition
to supporting new elements, this can be used to override previously
supported elements if some special values are needed (mainly for testing
purposes).

The parameter uses following format:
anqp_elem=<InfoID>:<hexdump of payload>

For example, AP Geospatial Location ANQP-element with unknown location:
anqp_elem=265:0000
and AP Civic Location ANQP-element with unknown location:
anqp_elem=266:000000

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
3f21b311b2 Interworking: Define new ANQP-element Info IDs
This adds the full set on ANQP-elements based on IEEE P802.11REVmc/D4.2.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Adam Langley
aeeb0bca71 Android: Fix keystore-backed keys with BoringSSL
The switch to BoringSSL broke keystore-backed keys because
wpa_supplicant was using the dynamic ENGINE loading to load
the keystore module.
The ENGINE-like functionality in BoringSSL is much simpler
and this change should enable it.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-10-06 23:10:17 +03:00
Jouni Malinen
dd9a42efbc Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2015-05-06.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-06 23:10:17 +03:00
Dmitry Ivanov
9b285081ff Wait longer for inactive client probe (empty data frame)
Some devices cannot respond to inactive client probe (empty data frame)
within one second. For example, iPhone may take up to 3 secs. This
becomes a significant problem when ap_max_inactivity is set to lower
value such as 10 secs. iPhone can lose Wi-Fi connection after ~1 min
of user inactivity.

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
2015-10-06 23:09:55 +03:00
Helmut Schaa
e5d34da25a hostapd: Force RADIUS socket renewal on RADIUS auth failures
On RADIUS auth/acct failures hostapd will try a new server if one is
available. Reuse the failover logic to force a socket renewal if only
one RADIUS server is configured.

This fixes problems when a route for the RADIUS server gets added after
the socket was "connected". The RADIUS socket is still sending the
RADIUS requests out using the previous route.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2015-10-06 01:27:29 +03:00
Bob Copeland
681753f23c mesh: Generate proper AID for peer
IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on
the local node for each peer. Previously, we were using the peer link ID
(generated by the peer) which may not be unique among all peers. Correct
this by reusing the AP AID generation code.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-10-06 01:27:29 +03:00
Michael Braun
41d621075e Remove WEP support from VLAN
Commit d66dcb0d0b ('WEP: Remove VLAN
support from hostapd') already removed VLAN support for WEP encryption,
so vlan_setup_encryption_dyn() is no longer needed.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-06 01:27:27 +03:00
Michael Braun
7cebc8e210 Fix init of group state machine for static VLANs
This ensures that group key is set as long as the interface exists.

Additionally, ifconfig_up is needed as wpa_group will enter
FATAL_FAILURE if the interface is still down. Also vlan_remove_dynamic()
is moved after wpa_auth_sta_deinit() so vlan_remove_dynamic() can check
it was the last user of the wpa_group.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-06 01:25:36 +03:00
Johannes Berg
2b6e121676 hostapd: Add testing option to use only ECSA
Some APs don't include a CSA IE when an ECSA IE is generated,
and mac80211 used to fail following their channel switch. Add
a testing option to hostapd to allow reproducing the behavior.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-10-03 21:37:17 +03:00
Andrei Otcheretianski
fa53d74c9e Handle VHT operating classes correctly
Fix and extend the ieee80211_freq_to_channel_ext() function to deal
correctly with VHT operating classes (128, 129, 130).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 21:35:08 +03:00
Luciano Coelho
7d82170aba Set channel and operating class in hostapd_fill_csa_settings()
The CSA channel and operating class values need to be set for all types
of channel switch (i.e., either if it's triggered by the control
interfaces or due to the GO-follows-STA flow). To do so, move the code
that sets them from the GO-follows-STA flow to the more generic
hostapd_fill_csa_settings() function.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
2015-10-03 21:26:23 +03:00
Luciano Coelho
d308a44fcc Use ieee80211_freq_to_chan() when getting segment indices
The hostapd_hw_get_channel() function can't be used to convert center
frequencies to channel numbers, because the hw mode lists don't have all
the center frequencies. The hw mode lists have the main channel
frequencies and flags to indicate the channel topography.

For instance, channel 5805 with VHT80- has the channel center frequency
segment 0 at 5775. This segment is only indicated indirectly in the hw
mode list by the HOSTAPD_CHAN_VHT_50_30 flag. The hw mode list doesn't
have any elements with frequency 5775 to allow the conversion to a
channel number. Thus, we need to use ieee80211_freq_to_chan() instead.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
2015-10-03 21:19:09 +03:00
Andrei Otcheretianski
95e551c5f7 Provide an offset to CSA counters in Probe Response frames
Pass to the driver a list of CSA counter offsets when sending Probe
Response frames during a CSA period. This allows the kernel to correctly
update the CSA/eCSA elements.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 21:08:22 +03:00
Andrei Otcheretianski
2d3943ce5b nl80211: Specify CSA offsets in send_mlme() driver op
Some management frames contain CSA counters which should be updated by
kernel. Change driver op send_mlme() allowing to send a frame,
specifying an array of offsets to the CSA counters which should be
updated. For example, CSA offsets parameters should be specified when
sending Probe Response frames during CSA period.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 21:07:35 +03:00
Andrei Otcheretianski
c0d94d6118 Advertise Supported Operating Classes elements in Beacon/Probe Response
Advertise current operating class in Beacon and Probe Response frames.
This Supported Operating Classes element is required by the standard
when extended channel switch is supported. However, since this element
doesn't reflect correctly the sub-band spectrum breakdown and can't be
effectively used by clients, publish only the minimal required part
which is the current operating class.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 21:01:49 +03:00
Andrei Otcheretianski
38d9048fa8 Fix CSA related IEs order
Fix the order of CSA, eCSA, Secondary Channel Offset, and Wide Bandwidth
Channel Switch Wrapper elements in Beacon and Probe Response frames.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 21:01:47 +03:00
Andrei Otcheretianski
967791fe60 Move HT CSA related IE function
Move Secondary Channel element function to ieee802_11_ht.c.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 20:31:30 +03:00
Andrei Otcheretianski
98b0508121 P2P: Implement P2P_GO_FREQ_MOVE_SCM_ECSA policy
Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers
SCM if all the clients advertise eCSA support and the candidate
frequency is one of the group common frequencies.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 20:30:40 +03:00
Ilan Peer
4e0ab656d2 Move hostapd_csa_in_progress() to hostapd.c
Move hostapd_csa_in_progress() to hostapd.{h,c} so it can be used
for contexts other than DFS.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-03 20:19:06 +03:00
Andrei Otcheretianski
6315bfdba2 Add support for eCSA
Extended channel switch provides an ability to switch between operating
classes and is required for P2P Devices by the P2P specification when
switching in 5 GHz.

When the operating class is provided for channel switch, the AP/P2P GO
will use eCSA IE in addition to the regular CSA IE both on 2.4 GHz and 5
GHz bands.

Transitions between different hw_modes are not supported.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 20:00:50 +03:00
Andrei Otcheretianski
366179d218 nl80211: Suppport multiple CSA counters
Channel switch may be performed using both CSA and eCSA IEs together.
This may happen, for example with a P2P GO on band A with legacy
clients. Extend driver API to support up to 2 CSA counters.

This patch also includes the required implementation for nl80211.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 19:56:08 +03:00
Andrei Otcheretianski
982896ffef Support VHT channel width change for CSA
When building Beacon and Probe Response frames for the target channel,
consider bandwidth parameter for VHT channels. In addition, add support
for updating vht_oper_centr_freq_seg0_idx and
vht_oper_centr_freq_seg1_idx.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 19:50:22 +03:00
Andrei Otcheretianski
244d4d8bff Add Wide Bandwidth Channel Switch element
When switching to a VHT channel with width greater than 20 MHz, add Wide
Bandwidth Channel Switch element. This element is added in Beacon and
Probe Response frames inside Channel Switch Wrapper element.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 19:40:46 +03:00
Andrei Otcheretianski
9438e9c785 Use previously computed channel in cs_freq_params for Beacon frames
When CSA is started, hostapd_change_config_freq() computes the channel
from the provided frequency. Use this stored channel to add CSA IE in
Beacon frames, instead of recomputing the channel each time.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 19:02:49 +03:00
Jouni Malinen
fcb81ba7d6 WPS: Mark web_connection_parse_get() argument filename const
All the other web_connection_parse_*() functions were already doing
this, so make the GET handler consistent as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-03 16:26:10 +03:00
Jouni Malinen
ad00d64e7d Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
Commit 7d711541dc ('Clear TK part of PTK
after driver key configuration') started clearing TK from memory
immediately after having configured it to the driver when processing
EAPOL-Key message 3/4. While this covered the most common case, it did
not take into account the possibility of the authenticator having to
retry EAPOL-Key message 3/4 in case the first EAPOL-Key message 4/4
response is lost. That case ended up trying to reinstall the same TK to
the driver, but the key was not available anymore.

Fix the EAPOL-Key message 3/4 retry case by configuring TK to the driver
only once. There was no need to try to set the same key after each
EAPOL-Key message 3/4 since TK could not change. If actual PTK rekeying
is used, the new TK will be configured once when processing the new
EAPOL-Key message 3/4 for the first time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 18:54:54 +03:00
Jouni Malinen
b658547dd5 nl80211: Add build option for QCA vendor extensions
This allows the binary sizes to be reduced if no support for nl80211
vendor extensions are needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 12:45:27 +03:00
Kanchanapally, Vidyullatha
8e5097456a nl80211: Extract driver offchannel simultaneous capability
Make the driver offchannel simultaneous capability available to
wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 01:41:46 +03:00
Kanchanapally, Vidyullatha
94fb165c3a Add QCA vendor definitions for simultaneous offchannel
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 01:41:46 +03:00
Kanchanapally, Vidyullatha
adcd7c4b0b nl80211: Support vendor scan together with normal scan
Allow wpa_supplicant to use vendor scan (if supported by the driver)
together with the normal nl80211 scan and handling external scan events.
Since this results in possibility of concurrent scan operations, some of
the operations related to scan results need to check more carefully when
an event is relevant for a specific interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 01:41:46 +03:00
Kanchanapally, Vidyullatha
f22a080cdc nl80211: Driver interaction for QCA vendor scan
This commit contains the necessary changes for supporting the QCA vendor
scan implementation, i.e., sending the vendor scan command to underlying
driver and handling the vendor scan events from the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 01:41:46 +03:00
Kanchanapally, Vidyullatha
b48567195d Add QCA vendor definitions for vendor scan support
Introduce definitions for QCA vendor specific subcommands
and attributes to support vendor scan request.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 01:41:46 +03:00
Jouni Malinen
d02180c679 The master branch is now used for v2.6 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-27 22:12:07 +03:00
Jouni Malinen
1f344cd7b4 Change version information for the 2.5 release
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-27 22:02:05 +03:00
Jouni Malinen
2976715217 Do not clear RSN parameters before full configuration
This fixes an issue where hostapd SET command is used to configure RSN
parameters and the wpa parameter is sent after the other parameters.
Previously, the default case here ended up clearing rsn_pairwise and
wpa_pairwise values and once wpa=2 was finally set, the cipher
configuration had already been lost.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-27 15:55:11 +03:00
Ilan Peer
c6d7965d25 P2P: Fix the calculation of group common freqs
Previously, the calculation allowed for the same frequency to appear
several times in the result.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-09-25 21:05:42 +03:00
Alan T. DeKok
939471b9eb Linker changes for building eapol_test on OS X
Signed-off-by: Alan DeKok <aland@freeradius.org>
2015-09-25 19:32:14 +03:00
Alan T. DeKok
b0c70f37b7 Portability fixes for OS X
Fix os_get_reltime() and os_fdatasync() for OS X.

Signed-off-by: Alan DeKok <aland@freeradius.org>
2015-09-25 19:30:09 +03:00
Amarnath Hullur Subramanyam
10cac5b1a2 Android: Set ctrl_iface client socket group (AID_WIFI) separately
Split chown() call in wpa_ctrl_open() and wpa_ctrl_open2() to allow the
group id to be set even if the process does not have privileges to
change the owner. This is needed for modules that need to communicate
with wpa_supplicant since without the group change, wpa_supplicant may
not have privileges to send the response to a control interface command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-24 13:15:57 +03:00
Ashok Raj Nagarajan
28ffd21c07 Do not copy STA VHT capabilities if VHT is not enabled for AP
Previously, station's VHT information elements were copied and passed
regardless of the AP's VHT configuration. As a result, AP with VHT
disabled in configuration could have ended up transmitting packets in
VHT rates though AP is not advertising VHT support. Fix this by copying
the station's VHT capabilities only when AP supports VHT (both hardware
and configuration).

Signed-off-by: Ashok Raj Nagarajan <arnagara@qti.qualcomm.com>
2015-09-23 12:09:35 +03:00
Jouni Malinen
7cb9bb4d9b WPA: Do not print GTK in debug log unless requested
The GTK value received in RSN (WPA2) group rekeying did not use the
wpa_hexdump_key() version of debug printing that is conditional on -K
being included on the command line.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-09 17:39:57 +03:00
Jouni Malinen
4b9a395e29 WPS: Reduce struct wps_parse_attr size
Use shorter variables for storing the attribute lengths and group these
variables together to allow compiler to pack them more efficiently. This
reduces the struct size from 960 bytes to 760 bytes in 64-bit builds.
This reduces stack use in number of functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-07 23:02:19 +03:00
Jouni Malinen
b664ef1c0d WPS: Reduce wps_ap_priority_compar() stack use
There is no need to maintain two concurrent instances of struct
wps_parse_attr in this function. Share a single structure for parsing
both IEs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-07 22:52:45 +03:00
Chen, Yi
24fd20438f WPS: Fix num_probereq_cb clearing on DISABLE to avoid segfault
Reset hapd->num_probereq_cb to 0 on an interface deinit to avoid
unexpected behavior if the same interface is enabled again without fully
freeing the data structures. hostapd_register_probereq_cb() increments
hapd->num_probereq_cb by one and leaves all old values unchanged. In
this deinit+init case, that would result in the first entry in the list
having an uninitialized pointer and the next Probe Request frame
processing would likely cause the process to terminate on segmentation
fault.

This issue could be hit when hostapd was used with WPS enabled (non-zero
wps_state configuration parameter) and control interface command DISABLE
and ENABLE were used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-07 20:51:58 +03:00
Jouni Malinen
f0f82bd82f WPS ER: Clean up WPS session on PutMessage error cases
This is needed to allow new operation to be started after an error
without having to wait for the AP entry to time out.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-07 17:45:53 +03:00
Jouni Malinen
1067f49520 WPS: Allow config_methods to be cleared with an empty string
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 21:49:38 +03:00
Masashi Honma
8a51dcbc2f mesh: Rename IE field to clarify its use
This is used only for RSNE.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-09-05 21:15:53 +03:00
Jouni Malinen
faf427645a TDLS: Use proper IE parsing routine for non-EAPOL-Key cases
wpa_supplicant_parse_ies() was never supposed to be used as a generic IE
parser, i.e., it is for the specific purpose of parsing EAPOL-Key Key
Data IEs and KDEs. TDLS used this function for parsing generic AP IEs
and while that works, it resulted in confusing "WPA: Unrecognized
EAPOL-Key Key Data IE" debug messages. Clean this up by using
ieee802_11_parse_elems() for the cases where generic IEs are being
parsed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 20:51:11 +03:00
Jouni Malinen
b308a304d4 Add station tracking based on other management frame subtypes
This extends the previous tracking design to add a station entry based
on other management frames than Probe Request frames. For example, this
covers a case where the station is using passive scanning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 19:38:06 +03:00
Jouni Malinen
c1d43d0bac WPS: Merge identical error paths in ssdp_listener_open()
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 19:28:45 +03:00
Jouni Malinen
0e2412d086 Add option to reject authentication on 2.4 GHz from dualband STA
The new no_auth_if_seen_on=<ifname> parameter can now be used to
configure hostapd to reject authentication from a station that was seen
on another radio.

This can be used with enabled track_sta_max_num configuration on another
interface controlled by the same hostapd process to reject
authentication attempts from a station that has been detected to be
capable of operating on another band, e.g., to try to reduce likelihood
of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4
GHz and 5 GHz BSS concurrently.

Note: Enabling this can cause connectivity issues and increase latency for
connecting with the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 19:11:02 +03:00
Jouni Malinen
ec4387f9c9 Indicate CTRL-EVENT-AUTH-REJECT event on authentication rejection
This allows control interface monitors to get more detailed information
in cases where wpa_supplicant-based SME receives an Authentication frame
with non-zero status code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 19:11:02 +03:00
Jouni Malinen
964f64e2ee Add option to ignore Probe Request frames on 2.4 GHz from dualband STA
The new no_probe_resp_if_seen_on=<ifname> parameter can now be used to
configure hostapd to not reply to group-addressed Probe Request from a
station that was seen on another radio.

This can be used with enabled track_sta_max_num configuration on another
interface controlled by the same hostapd process to restrict Probe
Request frame handling from replying to group-addressed Probe Request
frames from a station that has been detected to be capable of operating
on another band, e.g., to try to reduce likelihood of the station
selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz
BSS concurrently.

Note: Enabling this can cause connectivity issues and increase latency
for discovering the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 17:53:15 +03:00
Jouni Malinen
a65a9b8d67 hostapd: Add mechanism to track unconnected stations
hostapd can now be configured to track unconnected stations based on
Probe Request frames seen from them. This can be used, e.g., to detect
dualband capable station before they have associated. Such information
could then be used to provide guidance on which colocated BSS to use in
case of a dualband AP that operates concurrently on multiple bands under
the control of a single hostapd process.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 17:11:11 +03:00
Jouni Malinen
6ebe816be0 wpa_priv: Add authentication command and event
These are needed to work with nl80211 driver interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 13:21:17 +03:00
Jouni Malinen
06f52b12f9 wpa_priv: Add support for EVENT_SCAN_STARTED
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 12:39:11 +03:00
Jouni Malinen
c968f2d56c wpa_priv: Clear extended_capa pointers
For now, there is no support for passing extended_capa pointers through
the driver_privsep.c interface from wpa_priv. Avoid leaving bogus
pointers by explicitly clearing these on both wpa_priv and
wpa_supplicant sides.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 12:32:58 +03:00
Vasanthakumar Thiagarajan
8065377199 Do not advertise DSSS/CCK support in 40 MHz for 5 GHz band
DSSS/CCK rate support in 40 MHz has to be set to 0 for 5 GHz band since
this mechanism is designed only for the 2.4 GHz band. Clear
HT_CAP_INFO_DSSS_CCK40MHZ in ht_capab when the configured mode is
neither 11b nor 11g.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
2015-09-05 01:14:01 +03:00
Manikandan Mohan
4ae7120919 Allow wpa_cli/hostapd_cli client socket directory to be specified
This adds a new helper function wpa_ctrl_open2() that can be used
instead of wpa_ctrl_open() to override the default client socket
directory. Add optional -s<directory path> argument to hostapd_cli and
wpa_cli to allow the client socket directory to be specified.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 11:17:43 +03:00
Jouni Malinen
89a72e1c7f WPS: Remove trailing CR from subscription callback URLs
This cleans up the debug log a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-31 17:25:20 +03:00
Jouni Malinen
3bde828098 WPS: Print subscription UUID in debug log in more places
This makes it easier to debug subscription issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-31 17:25:20 +03:00
Jouni Malinen
ccbd0518f6 WPS: Clean up next_advertisement() error path
No need to have a common failure handler if it is used from only a
single location and that lcoation does not even need the memory freeing
step.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-31 17:25:20 +03:00
Jouni Malinen
b8e20236c1 WPS: Merge event_send_start() error paths
There is no need to keep these separate.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-31 17:25:20 +03:00
Jouni Malinen
92325e7090 WPS: Merge SetSelectedRegistrar parsing error returns
There is no need to maintain two error paths for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-31 17:25:20 +03:00
Jouni Malinen
5882c011d6 EAP-WSC peer: Reject connection on unexpected failure
Previously, the EAP-WSC peer state machine ended up just ignoring an
error and waiting for a new message from the AP. This is not going to
recover the exchange, so simply force the connection to terminate
immediately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-30 18:37:44 +03:00
Jouni Malinen
91d5a8e365 WPS: Use a shared error path in http_client_addr()
This simplifies error processing by removing duplicated cleanup steps.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-29 13:42:32 +03:00
Jouni Malinen
63fc84acd7 WPS: Clean up http_client_tx_ready()
Calculate the send() buffer length only once to make this a bit more
readable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-29 13:42:32 +03:00
Jouni Malinen
24a5e528ce WPS: Remove duplicated isgraph() loop in HTTP header parsing
The hbp pointer is moved to the next space already earlier in this code
path, so the while loop here did not really do anything.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-28 23:59:28 +03:00
Jouni Malinen
f79a19746a WPS: Merge common error paths in HTTP server
There is no need to maintain three separate "goto fail" cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-28 20:33:22 +03:00
Jouni Malinen
bb119228b0 Remove unnecessary enum typedef from wpa_auth_sm_event()
This is more consistent with the expected coding style.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-28 16:34:38 +03:00
Jouni Malinen
43f49c3788 EAPOL auth: Avoid recursive wpa_sm_step() on WPA_DEAUTH case
It was possible for wpa_auth_sm_event(WPA_DEAUTH) to be called from
wpa_sm_step() iteration in the case the EAPOL authenticator state
machine ended up requesting the station to be disconnected. This
resulted in unnecessary recursive call to wpa_sm_step(). Avoid this by
using the already running call to process the state change.

It was possible to hit this sequence in the hwsim test case
ap_wpa2_eap_eke_server_oom.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-28 16:32:14 +03:00
Jouni Malinen
dee2020243 EAPOL auth: clear keyRun in AUTH_PAE INITIALIZE
Clearing keyRun here is not specified in IEEE Std 802.1X-2004, but it
looks like this would be logical thing to do here since the EAPOL-Key
exchange is not possible in this state. It is possible to get here on
disconnection event without advancing to the AUTHENTICATING state to
clear keyRun before the IEEE 802.11 RSN authenticator state machine runs
and that may advance from AUTHENTICATION2 to INITPMK if keyRun = TRUE
has been left from the last association. This can be avoided by clearing
keyRun here.

It was possible to hit this corner case in the hwsim test case
ap_wpa2_eap_eke_server_oom in the case getKey operation was forced to
fail memory allocation. The following association resulted in the
station getting disconnected when entering INITPMK without going through
EAP authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-28 16:30:06 +03:00
Jouni Malinen
f429ec443f nl80211: Use nla_put_nested() to set NL80211_ATTR_MAC_ADDRS
This allows an empty nested list (i.e., no MAC addresses) to be included
in the NL80211_CMD_SET_MAC_ACL message unlike with
nla_nest_start()/nla_nest_end() where the current libnl implementation
removes the "empty" attribute and causes cfg80211 to reject the command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-28 12:49:17 +03:00
Purushottam Kushwaha
658665551c P2PS: Remove redundant check in for loop
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2015-08-28 00:22:49 +03:00
Jouni Malinen
d9c807cab1 Fix key derivation for Suite B 192-bit AKM to use SHA384
While the EAPOL-Key MIC derivation was already changed from SHA256 to
SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly.
Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK
from PMK when using the Suite B 192-bit AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-27 20:42:14 +03:00
Mitchell Wills
a218e1ded4 Make sure configuration is saved to storage device
Config file is written to a temp file and then it is renamed to the
original config file. However, it is possible that the rename operation
will be commited to storage while file data will be still in cache
causing original config file to be empty or partially written in case of
a system reboot without a clean shutdown. Make this less likely to occur
by forcing the data to be written to the storage device before renaming
the file.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-08-27 18:06:05 +03:00
Jouni Malinen
2ce741fe0f WPS: Fix HTTP body length check
Commit 7da4f4b499 ('WPS: Check maximum
HTTP body length earlier in the process') added too strict check for
body length allocation. The comparison of new_alloc_nbytes against
h->max_bytes did not take into account that HTTPREAD_BODYBUF_DELTA was
added to previous allocation even if that ended up going beyond
h->max_bytes. This ended up rejecting some valid HTTP operations, e.g.,
when checking AP response to WPS ER setting selected registrar.

Fix this by taking HTTPREAD_BODYBUF_DELTA into account.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-25 00:17:00 +03:00
Jouni Malinen
20f331b707 OpenSSL: Write PKCS#12 extra cert errors into debug log
Commit de2a7b796d ('OpenSSL: Use
connection certificate chain with PKCS#12 extra certs') added a new
mechanism for doing this with OpenSSL 1.0.2 and newer. However, it did
not poinr out anything in debug log if SSL_add1_chain_cert() failed. Add
such a debug print and also silence static analyzer warning on res being
stored without being read (since the error case is ignored at least for
now).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 19:36:34 +03:00
Jouni Malinen
acf36f319f OpenSSL: Enable support for server side TLS session resumption
This allows TLS-based EAP server methods to use session resumption.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 18:01:40 +03:00
Jouni Malinen
7f417feaa1 EAP-TLS server: Add support for session resumption
This allows TLS session resumption to be used to enable abbreviated
handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 18:01:40 +03:00
Jouni Malinen
b6f2ae3b5b EAP-TTLS server: Add support for session resumption
This allows TLS session resumption to be used to enable abbreviated
handshake and skipping of Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 18:01:40 +03:00
Jouni Malinen
8bb5b875d1 EAP-PEAP server: Add support for session resumption
This allows TLS session resumption to be used to enable abbreviated
handshake and skipping of Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 18:01:40 +03:00
Jouni Malinen
e23e35e39a EAP server: Set per-EAP method session context
This can be used to limit TLS session resumption within a TLS library
implementation to apply only for the cases where the same EAP method is
used. While the EAP server method matching will be enforced separately
by EAP server method implementations, this additional steps can optimize
cases by falling back to full authentication instead of having to reject
attempts after having completed session resumption successfully.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:30 +03:00
Jouni Malinen
b3b8085ae8 TLS: Add functions for managing cached session state
The new tls_connection_set_success_data(),
tls_connection_set_success_data_resumed(),
tls_connection_get_success_data(), and tls_connection_remove_session()
functions can be used to mark cached sessions valid and to remove
invalid cached sessions. This commit is only adding empty functions. The
actual functionality will be implemented in followup commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:30 +03:00
Jouni Malinen
681e199dfb EAP server: Add tls_session_lifetime configuration
This new hostapd configuration parameter can be used to enable TLS
session resumption. This commit adds the configuration parameter through
the configuration system and RADIUS/EAPOL/EAP server components. The
actual changes to enable session caching will be addressed in followup
commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:30 +03:00
Jouni Malinen
3f1b792fbe EAP server: Disable TLS session ticket with EAP-TLS/TTLS/PEAP
The EAP server is not yet capable of using TLS session ticket to resume
a session. Explicitly disable use of TLS session ticket with
EAP-TLS/TTLS/PEAP to avoid wasting resources on generating a session
ticket that cannot be used for anything.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:30 +03:00
Jouni Malinen
93bc654996 OpenSSL: Allow server connection parameters to be configured
This extends OpenSSL version of tls_connection_set_verify() to support
the new flags argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:29 +03:00
Jouni Malinen
bfbebd2665 TLS: Add new arguments to tls_connection_set_verify()
The new flags and session_ctx arguments will be used in followup
commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:29 +03:00
Jouni Malinen
bd9b8b2b68 OpenSSL: Add wrapper struct for tls_init() result
This new struct tls_data is needed to store per-tls_init() information
in the followup commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:25 +03:00
Jouni Malinen
87c59a1e5a tests: Allow AES-WRAP-192 test cases to be commented out with BoringSSL
BoringSSL does not support 192-bit AES, so these parts of the
wpa_supplicant module tests would fail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 20:21:44 +03:00
Jouni Malinen
355a5c8ec5 OpenSSL: Reject OCSP-required configuration if no OCSP support
This is needed at least with BoringSSL to avoid accepting OCSP-required
configuration with a TLS library that does not support OCSP stapling.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 02:24:06 +03:00
Jouni Malinen
c07e7b43e9 BoringSSL: Fix PKCS12_parse() segfault when used without password
Unlike OpenSSL PKCS12_parse(), the BoringSSL version seems to require
the password pointer to be non-NULL even if no password is present. Map
passwrd == NULL to passwd = "" to avoid a NULL pointer dereference
within BoringSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 02:06:02 +03:00
Jouni Malinen
a89beee589 OpenSSL: Handshake completion and resumption state into debug log
This new debug log entry makes it more convenient to check how TLS
handshake was completed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:05 +03:00
Jouni Malinen
a7803b0caf BoringSSL: Fix session resumption
BoringSSL commit 533ef7304d9b48aad38805f1997031a0a034d7fe ('Remove
SSL_clear calls in handshake functions.') triggered a regression for
EAP-TLS/TTLS/PEAP session resumption in wpa_supplicant due to the
removed SSL_clear() call in ssl3_connect() going away and wpa_supplicant
not calling SSL_clear() after SSL_shutdown(). Fix this by adding the
SSL_clear() call into wpa_supplicant after SSL_shutdown() when preparing
the ssl instance for another connection.

While OpenSSL is still call SSL_clear() in ssl3_connect(), it looks to
be safe to add this call to wpa_supplicant unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:05 +03:00
Jouni Malinen
0f56057c64 BoringSSL: Make SSL_set_ssl_method() conditional on EAP-FAST
This function does not seem to be available in BoringSSL. Since it is
needed for EAP-FAST (which is not currently working with BoringSSL),
address this by commenting out the EAP-FAST specific step from builds
that do not include EAP-FAST support.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:05 +03:00
Jouni Malinen
226cdea6ca BoringSSL: Comment out SSL_build_cert_chain() call
It looks like BoringSSL does include that function even though it claims
support for OPENSSL_VERSION_NUMBER where this is available (1.0.2). For
now, comment out that call to fix build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:04 +03:00
Jouni Malinen
812f28b79c BoringSSL: Allow internal AES key wrap to be used with "OpenSSL" build
It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key()
API. This broke wpa_supplicant/hostapd build since those functions from
OpenSSL were used to replace the internal AES key wrap implementation.
Add a new build configuration option
(CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal
implementation to be used with CONFIG_OPENSSL=y build to allow build
against the latest BoringSSL version.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:02 +03:00
Jouni Malinen
9c3380d776 Remove duplicated sta_authorized_cb call
Commit 6959145b86 ('FST: Integration into
hostapd') introduced this duplicated call due to an incorrect merge
conflict resolution in ap_sta_set_authorized(). An earlier commit
61fc90483f ('P2P: Handle improper WPS
termination on GO during group formation') had moved this call to an
earlier location in the function and there is no point in re-introducing
another copy of the call at the end of the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-17 00:18:32 +03:00
Jouni Malinen
e1938ba934 WPS: Fix multi-interface WPS operations in hostapd
Couple of the for-each-interface loops used incorrect return value when
skipping over non-WPS interfaces. This could result in skipping some WPS
interfaces in the loop and returning error. Setting AP PIN did not check
for WPS being enabled at all and trigger a NULL pointer dereference if
non-WPS interface was enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-16 23:14:44 +03:00
Jouni Malinen
56906d06c7 WPS ER: Fix SSDP CACHE-CONTROL line parser
Incorrect number of bytes was skipped from the beginning of the line
which resulted in the loop skipping spaces doing nothing. However, the
following operation was simply looking for the max-age parameter with
os_strstr(), so this did not have any effect on functionality. Fix the
number of bytes to skip and remove the unneeded loop to skip spaces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-15 22:24:15 +03:00
Kanchanapally, Vidyullatha
ac8757cc35 Android: Use more flexible userid when launching browser popup
It was possible for the Hotspot 2.0 case of OSU user interaction to fail
with wpadebug browser due to permission denial in the "start" command
("java.lang.SecurityException: Permission Denial: startActivity asks to
run as user -2 but is calling from user 0; this requires
android.permission.INTERACT_ACROSS_USERS_FULL"). Avoid this by using
more flexible USER_CURRENT_OR_SELF (-3) value with the --user argument.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-13 21:14:01 +03:00
Srinivas Dasari
75055a538b nl80211: Use beacon TSF if it is newer than Probe Response TSF
cfg80211 sends TSF information with the attribute NL80211_BSS_BEACON_TSF
if the scan results include information from Beacon frame. Probe
Response frame information is included in NL80211_BSS_TSF. If the device
receives only Beacon frames, NL80211_BSS_TSF might not carry updated
TSF, which results an older TSF being used in wpa_supplicant. Fetch both
possible TSF values (if available) and choose the latest TSF for the BSS
entry.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-13 20:58:05 +03:00
Jouni Malinen
708ec753bc tests: ap_scan=2 AP mode operation and scan failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-11 21:48:55 +03:00
Ahmad Kholaif
fbcddaed9a P2P: Support driver preferred freq list for invitation case
When using P2P invitation to re-invoke a persistent P2P group without
specifying the operating channel, query the driver for the preferred
frequency list, and use it to select the operating channel of the group.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-11 19:04:45 +03:00
Jouni Malinen
de2a7b796d OpenSSL: Use connection certificate chain with PKCS#12 extra certs
When using OpenSSL 1.0.2 or newer, this replaces the older
SSL_CTX_add_extra_chain_cert() design with SSL_add1_chain_cert() to keep
the extra chain certificates out from SSL_CTX and specific to each
connection. In addition, build and rearrange extra certificates with
SSL_build_cert_chain() to avoid incorrect certificates and incorrect
order of certificates in the TLS handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-11 01:27:03 +03:00
Jouni Malinen
0d2c0e6776 OpenSSL: Fix PKCS#12 extra certificate handling
Previously, the possible extra certificate(s) from a PKCS#12 file was
added once for each authentication attempt. This resulted in OpenSSL
concatenating the certificates multiple time (add one copy for each try
during the wpa_supplicant process lifetime). Fix this by clearing the
extra chain certificates before adding new ones when using OpenSSL 1.0.1
or newer that include the needed function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-11 01:27:00 +03:00
Amit Khatri
6995536fa4 Fix a typo in enum wpa_states comment
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
2015-08-08 23:48:33 +03:00
Jouni Malinen
3bc25adbbc Fix PMKID addition to RSN element when RSN Capabilities are not present
This code path could not be hit with the RSNE generated by hostapd or
wpa_supplicant, but it is now possible to reach when using
own_ie_override test functionality. The RSNE and IE buffer length were
not updated correct in case wpa_insert_pmkid() had to add the RSN
Capabilities field.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-08 19:21:38 +03:00
Jouni Malinen
bc02843e75 hostapd: Add testing option to override own WPA/RSN IE(s)
This allows the new own_ie_override=<hexdump> configuration parameter to
be used to replace the normally generated WPA/RSN IE(s) for testing
purposes in CONFIG_TESTING_OPTIONS=y builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-08 18:18:03 +03:00
Jouni Malinen
44fa5e747b FT: Remove optional fields from RSNE when using PMF
The PMKIDCount, PMKID List, and Group Management Cipher Suite fields are
optional to include in the RSNE in cases where these would not have
values that are different from the default values. In practice,
PMKIDCount is always 0 in Beacon and Probe Response frames, so the only
field of these that could have a non-default value is Group Management
Cipher Suite. When BIP is used, that field is not needed either due to
BIP being the default cipher when PMF is enabled.

Remove these fields from RSNE when BIP is used to save six octets in
Beacon and Probe Response frames. In addition to reduced frame length,
this is a workaround for interoperability issues with iOS 8.4 in cases
where FT and PMF are enabled. iOS seems to be rejecting EAPOL-Key msg
3/4 during FT initial mobility domain association if the RSNE includes
the PMKIDCount field.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-06 20:47:26 +03:00
Jouni Malinen
7e97d813ee WPS: Reject AP settings with invalid network key (PSK/passphrase)
This is similar to the earlier commit
b363121a20 ('WPS: Reject invalid
credential more cleanly'), but for the AP cases where AP settings are
being replaced. Previously, the new settings were taken into use even if
the invalid PSK/passphrase had to be removed. Now, the settings are
rejected with such an invalid configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-06 20:47:25 +03:00
Jouni Malinen
2a098e3668 P2PS: Clean up intended interface address passing to p2ps_prov_complete
Use NULL to indicate if the address is not available instead of fixed
00:00:00:00:00:00. wpas_p2ps_prov_complete() already had code for
converting NULL to that all zeros address for event messages.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-06 20:45:15 +03:00
Max Stepanov
93f22b4583 P2PS: Fix PD PIN event notifications
Change P2PS P2P-PROV-SHOW-PIN/P2P-PROV-ENTER-PIN event notifications
on PD Request/Response handling to meet required P2PS behavior.

The new implemented scheme:
1. For a legacy P2P provision discovery the event behavior remains
   without changes
2. P2PS PD, advertiser method: DISPLAY, autoaccept: TRUE:
   Advertiser: SHOW-PIN on PD request replied with a status SUCCESS
   Seeker: ENTER-PIN on PD response received with a status SUCCESS
3. P2PS PD, advertiser method: DISPLAY, autoaccept: FALSE:
   Advertiser: SHOW-PIN on PD request replied with a status
     INFO_CURRENTLY_UNAVAILABLE
   Seeker: ENTER-PIN on Follow-on PD request with a status
     SUCCESS_DEFERRED
4. P2PS PD, advertiser method: KEYPAD, autoaccept: TRUE/FALSE:
   Advertiser: ENTER-PIN on PD request replied with a status
     INFO_CURRENTLY_UNAVAILABLE
   Seeker: SHOW-PIN on PD response received with a status
     INFO_CURRENTLY_UNAVAILABLE

This change in behavior breaks the existing test cases
p2ps_connect_keypad_method_nonautoaccept and
p2ps_connect_display_method_nonautoaccept. Those will be fixed in a
followup commit.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-08-06 13:56:01 +03:00
Ilan Peer
5e1f480500 P2P: Add a function to compute the group common freqs
Add a function to compute the group common frequencies, and
use it to update the group_common_frequencies as part of the
channel switch flows.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 00:18:51 +03:00
Andrei Otcheretianski
793ea13e2b Share freq-to-channel conversion function
Add ieee80211_freq_to_channel_ext() conversion function into
ieee802_11_common.c. This function converts freq to channel and
additionally computes operating class, based on provided HT and VHT
parameters.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-08-03 23:55:46 +03:00
Jouni Malinen
ab62f96f55 Move debug level string conversion functions to wpa_debug.c
This makes it possible to use these helper functions from hostapd as
well as the current use in wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-03 17:44:55 +03:00
Jouni Malinen
84bcb4e7a9 FST: Mark fst_ies buffer const
This buffer is owned by the FST module, so mark it const in the
set_ies() callback to make it clearer which component is responsible for
modifying and freeing this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-03 17:40:30 +03:00
Anton Nayshtut
5e09f24a34 FST: Fix MB IE clearing on detach
This fixes an issue where freed MB IEs buffer memory could potentially
have been accessed after an interface is detached from FST group.
Without this fix, if an interface is detached from FST group, it can use
MB IEs buffer previously set by fst_iface_set_ies(), although the buffer
was released by fst_iface_delete().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-03 17:40:29 +03:00
Masashi Honma
ecd40fef74 mesh: Fix mesh SAE auth on low spec devices
The mesh SAE auth often fails with master branch. By bisect I found
commit eb5fee0bf5 ('SAE: Add side-channel
protection to PWE derivation with ECC') causes this issue. This does not
mean the commit has a bug. This is just a CPU resource issue.

After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel
Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So
auth_sae_retransmit_timer() is always called and it can causes
continuous frame exchanges. Before the commit, it was 23(msec).

On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod
is defined as 40(msec). But it looks short because generally mesh
functionality will be used on low spec devices. Indeed Raspberry Pi B+
(ARM ARM1176JZF-S 700MHz) requires 287(msec) for new
sae_derive_pwe_ecc().

So this patch makes the default to 1000(msec) and makes it configurable.

This issue does not occur on infrastructure SAE because the
dot11RSNASAERetransPeriod is not used on it.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-08-02 21:37:10 +03:00
Jouni Malinen
7cb53ded11 Add build option to remove all internal RC4 uses
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.

This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
4fc53159b9 OpenSSL: Fix FIPS mode enabling in dynamic interface case
FIPS_mode_set(1) cannot be called multiple times which could happen in
some dynamic interface cases. Avoid this by enabling FIPS mode only
once. There is no code in wpa_supplicant to disable FIPS mode, so once
it is enabled, it will remain enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
e234c7c010 OpenSSL: Remove md4_vector() from CONFIG_FIPS=y builds
MD4 is not allowed in such builds, so comment out md4_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD¤ operations at runtime. This makes it easier
to detect and fix accidental cases where MD4 could still be used in some
older protocols.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
4549607b04 EAP-pwd peer: Comment out MS password hash if CONFIG_FIPS=y
The needed hash functions are not available in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
cd94f0d159 tests: Skip ms_funcs module tests in CONFIG_FIPS=y builds
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
1046db8b53 Rename tls_connection_get_keys() to tls_connection_get_random()
Commit 94f1fe6f63 ('Remove master key
extraction from tls_connection_get_keys()') left only fetching of
server/client random, but did not rename the function and structure to
minimize code changes. The only name is quite confusing, so rename this
through the repository to match the new purpose.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
d0eb8a0b4e OpenSSL: Allow server/client random to be fetched in FIPS mode
tls_connection_get_keys() used to return TLS master secret, but that
part was removed in commit 94f1fe6f63
('Remove master key extraction from tls_connection_get_keys()'). Since
then, there is no real need for preventing this function from being used
in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
f413eb03d9 random: Fix random_get_bytes() with CONFIG_FIPS=y
The bytes pointer was not reset back to the beginning of the buffer when
mixing in additional entropy from the crypto module. This resulted in
writing beyond the return buffer and not getting the required mixing of
the extra entropy for the actual return buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:11 +03:00
Jouni Malinen
3b86d77bae P2P: Silence bogus compiler warnings
It looks like the compiler version used in Android 5.0 warns about
potentially uninitialized oper_freq variable in these debug messages.
That is not really valid since this code path can be reached only if
found != 0 and in such a case, oper_freq is set. Anyway, it seems better
to avoid compiler warnings, so add an unnecessary initialization for
oper_freq for now.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:11 +03:00
Jouni Malinen
4a26972dfc OpenSSL: Remove md5_vector() from CONFIG_FIPS=y builds
MD5 is not allowed in such builds, so comment out md5_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD5 operations at runtime. This makes it easier
to detect and fix accidental cases where MD5 could still be used in some
older protocols.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:08:06 +03:00
Jouni Malinen
835c89a16b EAP-TTLS: Disable CHAP, MSCHAP, and MSCHAPV2 in CONFIG_FIPS=y builds
FIPS builds do not include support for MD4/MD5, so disable
EAP-TTLS/CHAP, MSCHAP, and MSCHAPV2 when CONFIG_FIPS=y is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:07:44 +03:00
Jouni Malinen
125bbef0e7 EAP peer: Replace MD5 with SHA1 in duplicate message workaround
MD5 is not available in CONFIG_FIPS=y builds, so use SHA1 for the EAP
peer workaround that tries to detect more robustly whether a duplicate
message was sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:57:04 +03:00
Jouni Malinen
97e986cd74 tests: Skip MD5 module tests in CONFIG_FIPS=y builds
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:57:04 +03:00
Jouni Malinen
276a3c44dd OpenSSL: Implement aes_wrap/aes_unwrap through EVP for CONFIG_FIPS=y
The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are
unfortunately not available in FIPS mode. Trying to use them results in
"aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API
call to cipher AES forbidden in FIPS mode!" and process termination.
Work around this by reverting commit
f19c907822 ('OpenSSL: Implement aes_wrap()
and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this
ends up using the internal AES key wrap/unwrap implementation through
the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y
is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues
to be used to minimize code size.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:56:59 +03:00
Jouni Malinen
266cf4a0bc OpenSSL: Comment out openssl_get_keyblock_size() if CONFIG_FIPS=y
This function is not used in CONFIG_FIPS=y builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 15:52:35 +03:00