This adds the next step in completing TLS client support for OCSP
stapling. The BasicOCSPResponse is parsed, a signing certificate is
found, and the signature is verified. The actual sequence of OCSP
responses (SignleResponse) is not yet processed in this commit.
Signed-off-by: Jouni Malinen <j@w1.fi>
The decrypted copy of a GTK from EAPOL-Key is cleared from memory only
after having sent out CTRL-EVENT-CONNECTED. As such, there was a race
condition on the test case reading the wpa_supplicant process memory
after the connection. This was unlikely to occur due to the one second
sleep, but even with that, it would be at least theorically possible to
hit this race under heavy load (e.g., when using large number of VMs to
run parallel testing). Avoid this by running a PING command to make sure
wpa_supplicant has returned to eloop before reading the process memory.
This should make it less likely to report false positives on GTK being
found in memory.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to see where in memory the key was found and what
there is in memory around that location.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds the next step for OCSP stapling. The received OCSPResponse is
parsed to get the BasicOCSPResponse. This commit does not yet process
the BasicOCSPResponse.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows the internal TLS client implementation to accept
CertificateStatus message from the server when trying to use OCSP
stapling. The actual OCSPResponse is not yet processed in this commit,
but the CertificateStatus message is accepted to allow the TLS handshake
to continue.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows the internal TLS implementation to request server
certificate status using OCSP stapling. This commit is only adding code
to add the request. The response is not yet used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This prints the received ServerHello extensions into the debug log and
allows handshake to continue even if such extensions are included.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows the internal TLS implementation to parse a private key and a
certificate from a PKCS #12 file protected with
pbeWithSHAAnd3-KeyTripleDES-CBC.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds support for decrypting private keys protected with the old
PKCS #12 mechanism using OID pbeWithSHAAnd3-KeyTripleDES-CBC.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds support for optional functionality to validate server
certificate chain in TLS-based EAP methods in an external program.
wpa_supplicant control interface is used to indicate when such
validation is needed and what the result of the external validation is.
This external validation can extend or replace the internal validation.
When ca_cert or ca_path parameter is set, the internal validation is
used. If these parameters are omitted, only the external validation is
used. It needs to be understood that leaving those parameters out will
disable most of the validation steps done with the TLS library and that
configuration is not really recommend.
By default, the external validation is not used. It can be enabled by
addingtls_ext_cert_check=1 into the network profile phase1 parameter.
When enabled, external validation is required through the CTRL-REQ/RSP
mechanism similarly to other EAP authentication parameters through the
control interface.
The request to perform external validation is indicated by the following
event:
CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid>
Before that event, the server certificate chain is provided with the
CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump>
parameter. depth=# indicates which certificate is in question (0 for the
server certificate, 1 for its issues, and so on).
The result of the external validation is provided with the following
command:
CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad>
It should be noted that this is currently enabled only for OpenSSL (and
BoringSSL/LibreSSL). Due to the constraints in the library API, the
validation result from external processing cannot be reported cleanly
with TLS alert. In other words, if the external validation reject the
server certificate chain, the pending TLS handshake is terminated
without sending more messages to the server.
Signed-off-by: Jouni Malinen <j@w1.fi>
init=CORE was previously used due to invalid db.txt data for 00. For
now, allow both it and the new init=USER after fixed db.txt.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not override the parsing error with the "PAC block not terminated
with END" message if the reason for the END line not yet being seen is
in failure to parse an earlier line.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible to hit a NULL pointer dereference if Session-Id
derivation failed due to a memory allocation failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
The EVP_MD_CTX and HMAC_CTX definitions are now hidden from applications
using OpenSSL. Fix compilation issues with OpenSSL 1.1.x-pre1 by using
the new API for allocating these structures.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This FTIE needs to be an exact copy of the one in (Re)Association
Response frame. Copy the stored element rather than building a new copy
that would not have the correct MIC value. This is needed to fix PTK
rekeying after FT protocol run.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The FTIE from (Re)Association Response frame was copied before
calculating the MIC. This resulted in incorrect value being used when
comparing the EAPOL-Key msg 2/4 value in case PTK rekeying was used
after FT protocol run. Fix this by storing the element after the MIC
field has been filled in.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_insert_pmkid() did not support cases where the original RSN IE
included any PMKIDs. That case can happen when PTK rekeying through
4-way handshake is used after FT protocol run. Such a 4-way handshake
used to fail with wpa_supplicant being unable to build the EAPOL-Key msg
2/4.
Fix this by extending wpa_insert_pmkid() to support removal of the old
PMKIDs, if needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case could fail if the cfg80211 scan cache brought in a BSS
entry from an earlier test case and a new scan did not get executed
prior to the ROAM command. Fix this by forcing the scan to go through
prior to roaming to AP2
This issue showed up with the following test case sequence:
connect_cmd_roam pmksa_cache_opportunistic_connect
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to interpret AP side debug log for a case where a
station specifies in unsupported management group cipher.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant control interface command "TEST_ASSOC_IE
<hexdump>" can now be used to override the WPA/RSN IE for Association
Request frame and following 4-way handshake to allow protocol testing of
AP side processing of WPA/RSN IE.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like it is possible for the GTK to be found from memory every
now and then. This makes these test cases fail. Write the memory
addresses in which the GTK was found to the log to make it somewhat
easier to try to figure out where the key can be left in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the BSSs object property change signal to be
generated during the OOM test case for Get(). If that happened, the
signal was not sent out, but the following Get(BSSs) operation succeeded
unexpectedly which resulted in a test failure. Make this less likely to
happen by waiting 50 ms between the scan and Get(BSSs) operation. This
should be sufficient to cover most cases since wpa_supplicant uses 5 ms
timeout for D-Bus property changed updates.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the AP's Beacon frame to be seen by dev[0] when
running a scan. This is not an error case. Make this test case more
robust by verifying with a sniffer whether a Probe Response frame was
sent to unexpected STA.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new methods are
1. VendorElemAdd "i" "ay" i=integer ay=array of bytes
2. VendorElemGet "i" i=integer (output array of bytes)
3. VendorElemRem "i" "ay" i=integer ay=array of bytes
These provide functionality similar to the control interface commands
VENDOR_ELEM_ADD, VENDOR_ELEM_GET, and VENDOR_ELEM_REMOVE.
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
[VendorElemGet to return array of bytes instead of string; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
In the definition of struct hostapd_bss_config, proxy_arp isn't affected
by the macro CONFIG_HS20. In addition, proxy_arp is not described in the
section of Hotspot 2.0 in the file hostapd.conf. The item proxy_arp
should be decided its action area by the macro CONFIG_PROXYARP which is
used to select whether the needed function gets included in the build.
Signed-off-by: Matt Woods <matt.woods@aliyun.com>
This verifies client private key use in encrypted PKCS #8 format with
PKCS #5 v1.5 format using pbeWithMD5AndDES-CBC and PKCS #5 v2.0 format
using PBES2 with des-ede3-cbc.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the internal TLS support for PKCS #5 v2.0 PBES2 private key
format with des-ede3-cbc encryption and PBKDF2 SHA-1.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that P2P_CANCEL gets rejected on fully re-invoked persistent
group. This did not work properly before the last couple of commits and
before this week, the P2P_CANCEL on a separate group interface in P2p
Client role could result in use of freed memory and process termination.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was already working for the case where a separate group interface
is used due to the recent commit
328f49acfe ('P2P: Complete group formation
on client data connection'). However, the case of no separate group
interface was used did not clear the interface state properly on data
connection. Fix this by setting the group formation information in
wpas_start_p2p_client().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit f05cee9714 ('P2P: Clear
p2p_in_invitation on cancel') added a wpas_p2p_cancel() case to call
wpas_p2p_group_formation_failed() if wpa_s->p2p_in_invitation is set.
This is done in a loop going through wpa_s->next pointers. However, the
call here can result in removing the interface and freeing wpa_s. The
following attempt to read wpa_s->next is from freed memory and that can
result in process termination when using a separate P2P group interface
and issuing P2P_CANCEL on a group that was started through re-invocation
of a persistent group.
The recent commit 328f49acfe ('P2P:
Complete group formation on client data connection') "fixed" this by
accident since wpa_s->p2p_in_invitation gets cleared in the sequence
that could hit this issue and this results in P2P_CANCEL getting
rejected. However, the real bug here is in the loop that continues after
possible wpa_s instance deletion. Fix that by breaking out of the loop.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for a cached scan entry in cfg80211 from an earlier test
case to show up while verifying that the disabled AP does not show up in
scan results. This could result in invalid test failures, e.g., when
running test cases "ap_require_ht ap_multi_bss_config" multiple times
(depends a bit on timing). Make this less likely to occur by explicitly
clearing the scan cache and by stopping wlan1 from trying to associate
before stopping ap_required_ht* test cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These were restored into BoringSSL in June 2015, but not all Android
branches include those changes. To fix the build, comment these call out
on Android for now if hs20-osu-client is built against BoringSSL. These
are used only for debugging purposes, so this is fine for Hotspot 2.0
functionality.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>