Mikael Kanstrup [Fri, 17 Oct 2014 11:16:35 +0000 (13:16 +0200)]
P2P: Include passive channels in invitation response
Patch 51e9f22809b0f412c9c10baa34ddc46cf5df4f33 added the option
p2p_add_cli_chan to allow P2P GC to connect on passive channels
assuming the GO should know whether allowed to send on these channels.
This patch adds missing cli_channels to invitation response messages
to allow re-connecting to a persistent group as GC on passive
channels.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Jouni Malinen [Sat, 18 Oct 2014 13:20:51 +0000 (16:20 +0300)]
P2P: Fix group interface removal through interface ctrl_iface
It was possible to issue the P2P_GROUP_REMOVE command through the
per-interface control interface. This resulted in freed memory getting
accessed when trying to send the control interface response to the
operation that ended up deleting the group interface. Fix this by
postponing the removal operation until the caller has returned.
Jouni Malinen [Sat, 18 Oct 2014 10:02:02 +0000 (13:02 +0300)]
SAE: Add support for PMKSA caching on the station side
This makes wpa_supplicant SME create PMKSA cache entries from SAE
authentication and try to use PMKSA caching if an entry is found for the
AP. If the AP rejects the attempt, fall back to SAE authentication is
used.
Jouni Malinen [Sat, 18 Oct 2014 07:20:24 +0000 (10:20 +0300)]
Add Acct-Multi-Session-Id into RADIUS Accounting messages
This allows multiple sessions using the same PMKSA cache entry to be
combined more easily at the server side. Acct-Session-Id is still a
unique identifier for each association, while Acct-Multi-Session-Id will
maintain its value for all associations that use the same PMKSA.
Jouni Malinen [Sat, 18 Oct 2014 07:35:33 +0000 (10:35 +0300)]
Remove duplicated Acct-Session-Id from Accounting-Request
Commit 8b2486115479582b2ab164a4508f22ed23a9a4cb ('Add Acct-Session-Id
into Access-Request messages') added Acct-Session-Id building into the
helper function shared between authentication and accounting messages.
However, it forgot to remove the same code from the generation of
accounting messages and as such, ended up with Accounting-Request
messages containing two copies of this attribute. Fix this by removing
the addition of this attribute from the accounting specific function.
Justin Shen [Mon, 13 Oct 2014 07:40:08 +0000 (15:40 +0800)]
WPS: Extend startWhen to 2 if peer AP supports WPS 2.0
Increase EAPOL startWhen to 2 for the case where the AP/GO has
advertised it supports WPS 2.0. This is done to make it less likely for
the EAPOL-Start frame to be sent out since that is only required for WPS
1.0. Not sending it can remove one unnecessary round trip from the EAP
exchange when the AP is going to start with EAP-Request/Identity
immediately based on the Association Request frame.
Jouni Malinen [Sun, 12 Oct 2014 18:49:36 +0000 (21:49 +0300)]
tests: Add Python-version of parallel-vm.sh
This is a more advanced version of the simple parallel-vm.sh script.
Status of each VM is printed out during the test and results are
provided in more convenient format in the end.
Jouni Malinen [Sun, 12 Oct 2014 16:07:17 +0000 (19:07 +0300)]
netlink: Fix RTM_SETLINK padding at the end of the message
While the kernel seems to have accepted the message to set linkmode and
operstate without the final attribute getting padded to 32-bit length,
it is better to get this cleaned up to match expected format. The double
NLMSG_ALIGN() followed by RTA_LENGTH() did not make much sense here.
hostapd_cli: Add CLI commands enable, reload, and disable
Commands are already present in ctrl_iface.c (and parsed in
hostapd_ctrl_iface_receive() function) but not in hostapd_cli.c. This
patch updates hostapd_cli.c with matching functions.
P2P: Remove unreachable code in wpas_p2p_stop_find()
Commit 152cff6ba6d6ac206b93a2202eab57f0a36c26cb ('P2P: Remove
WPA_DRIVER_FLAGS_P2P_MGMT option') removed the only non-zero return from
wpas_p2p_stop_find_oper(), but did not remove the useless return value
or the return check in wpas_p2p_stop_find(). Clean these up by removing
unreachable code and useless return value.
Jouni Malinen [Sun, 12 Oct 2014 14:03:25 +0000 (17:03 +0300)]
Include ieee802_11_common.c in wpa_supplicant build unconditionally
This is needed for number of items and it was possible to make a build
configuration that did not include ieee802_11_common.c while still
trying to use functions from there. While it would be possible to add
NEED_80211_COMMON=y to all the cases where this file is needed, the
extra complexity from this is not really justifiable anymore, so include
the file unconditionally.
Jouni Malinen [Sun, 12 Oct 2014 13:56:23 +0000 (16:56 +0300)]
Fix build without IEEE8021X_EAPOL
The MACsec addition placed one of the calls outside the #ifdef
IEEE802X_EAPOL block while the variable needed for this was defined only
within the block.
Toby Gray [Fri, 10 Oct 2014 16:35:27 +0000 (17:35 +0100)]
Make wpa_ctrl_get_remote_ifname declaration conditional.
The definition of wpa_ctrl_get_remote_ifname is conditional on
CONFIG_CTRL_IFACE_UDP. This change makes the header declaration of
this function also conditional on the same define.
Toby Gray [Fri, 10 Oct 2014 16:34:18 +0000 (17:34 +0100)]
Fix warning about unused parameter if CONFIG_DEBUG_FILE is not defined.
This change adds a cast to void to indicate that the path parameter is
unused when CONFIG_DEBUG_FILE is not defined. This fixes a compiler
warning about unused parameters.
Jouni Malinen [Sun, 12 Oct 2014 13:45:33 +0000 (16:45 +0300)]
P2P: Add new=0/1 flag to P2P-DEVICE-FOUND events
This information can be used to determine whether the event is generated
for a new peer that was added or due to an update in the information for
an existing peer.
Jouni Malinen [Sun, 12 Oct 2014 08:53:51 +0000 (11:53 +0300)]
wpa_supplicant: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.
Jouni Malinen [Sun, 12 Oct 2014 08:52:05 +0000 (11:52 +0300)]
hostapd: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled when hostapd is used as an EAP
server with OpenSSL as the TLS library.
Jouni Malinen [Sun, 12 Oct 2014 08:45:21 +0000 (11:45 +0300)]
OpenSSL: Add a mechanism to configure cipher suites
This extends the TLS wrapper code to allow OpenSSL cipherlist string to
be configured. In addition, the default value is now set to
DEFAULT:!EXP:!LOW to ensure cipher suites with low and export encryption
algoriths (40-64 bit keys) do not get enabled in default configuration
regardless of how OpenSSL build was configured.
Jouni Malinen [Sat, 11 Oct 2014 16:22:30 +0000 (19:22 +0300)]
EAP-IKEv2: Fix the payload parser
The payload lengths were not properly verified and the first check on
there being enough buffer for the header was practically ignored. The
second check for the full payload would catch length issues, but this is
only after the potential read beyond the buffer. (CID 72687)
Jouni Malinen [Sat, 11 Oct 2014 16:04:00 +0000 (19:04 +0300)]
TLS client: Make DH parameter parsing easier for static analyzers
The dh_p_len, dh_g_len, and dh_ys_len parameters were validated against
the received message structure, but that did not seem to be done in a
way that some static analyzers would understand this (CID 72699).
Jouni Malinen [Sat, 11 Oct 2014 15:40:32 +0000 (18:40 +0300)]
WFD: Use cleaner bounds checking for sub-element length field
Mark the variable as unsigned and make the length check use "len > end -
pos" version to makes this easier to understand for static analyzers
(CID 74155).
Jouni Malinen [Sat, 11 Oct 2014 15:34:25 +0000 (18:34 +0300)]
P2P NFC: Make code easier for static analyzers
len + pos > end comparison here did verify that the length field had a
valid value, but that did not seem to enough to avoid TAINTED_SCALAR
warning. Re-order that validation step to be equivalent "len > end -
pos" to remove these false positives (CID 68116).
Jouni Malinen [Sat, 11 Oct 2014 15:11:14 +0000 (18:11 +0300)]
EAP-FAST server: Remove unused assignment
Commit e8c08c9a363340c45baf8e13c758c99078bc0d8b ('EAP-FAST server: Fix
potential read-after-buffer (by one byte)') changed the while loop
design in a way that does not require the pos variable to be updated
anymore. Remove that unneeded code to clean up static analyzer warnings
about unused assignments.
Jouni Malinen [Sat, 11 Oct 2014 15:03:38 +0000 (18:03 +0300)]
IAPP: Avoid warnings on unused write
The hlen and len variables are identical here, but only the hlen was
used in the end. Change this to use the len variable to avoid
unnecessary static analyzer warnings about unused writes.
Jouni Malinen [Sat, 11 Oct 2014 14:46:04 +0000 (17:46 +0300)]
test: Remove driver_test.c
The driver_test.c driver wrapper (-Dtest in wpa_supplicant and
driver=test in hostapd) was previously used for testing without real
Wi-Fi hardware. mac80211_hwsim-based tests have practically replaced all
these needs and there has been no improvements or use for driver_test.c
in a long while. Because of this, there has not really been any effort
to maintain this older test tool and no justification to change this
either. Remove the obsoleted test mechanism to clean up the repository.
Jouni Malinen [Sat, 11 Oct 2014 14:29:50 +0000 (17:29 +0300)]
Simplify memory allocation/freeing for static analyzers
It looks like the use of sm->wpa == WPA_VERSION_WPA2 in two locations
within the function was a bit too much for clang static analyzer to
understand. Use a separate variable for storing the allocated memory so
that it can be freed unconditionally. The kde variable can point to
either stack memory or temporary allocation, but that is now const
pointer to make the design clearer.
Jouni Malinen [Sat, 11 Oct 2014 14:18:02 +0000 (17:18 +0300)]
Add a workaround to clanc static analyzer warning
dl_list_del() followed by dl_list_add() seemed to confuse clang static
analyzer somehow, so explicitly check for the prev pointer to be
non-NULL to avoid an incorrect warning.
Jouni Malinen [Sat, 11 Oct 2014 10:43:27 +0000 (13:43 +0300)]
WPS UPnP: Make dl_list_first() use easier for static analyzer
The preceding dl_list_len() check guarantees that dl_list_first()
returns an entry and not NULL. However, that seems to be a bit too
difficult path to follow for static analyzers, so add an explicit check
for the dl_list_first() return value to be non-NULL to avoid warnings.
Jouni Malinen [Sat, 11 Oct 2014 09:38:35 +0000 (12:38 +0300)]
Set WoWLAN triggers only if driver capabilities are known
Previously, wpas_set_wowlan_triggers() could have been called in
uninitialized wpa_driver_capa data if the driver interface did not
support reporting of capabilities. While this would not really happen
with a driver wrapper that implements set_wowlan() and as such, would
not cause any difference in practice, it is better to clean this up to
make the code path easier to understand for static analyzers.
Jouni Malinen [Thu, 9 Oct 2014 13:52:38 +0000 (16:52 +0300)]
nl80211: Provide subtype and reason code for AP SME drivers
This allows drivers that implement AP SME internally to generate a
Deauthentication or Disassociation frame with the specified reason code.
This was already done with drivers that use hostapd/wpa_supplicant for
AP SME.
Jouni Malinen [Fri, 10 Oct 2014 15:03:38 +0000 (18:03 +0300)]
tests: P2P group formation with WSC_Done missing
This verifies that GO is able to complete group formation even if the
P2P Client does not send WSC_Done message (or that message is dropped
for any reason) in case the P2P Client completes 4-way handshake
successfully.
Jouni Malinen [Fri, 10 Oct 2014 15:01:15 +0000 (18:01 +0300)]
Add external EAPOL transmission option for testing purposes
The new ext_eapol_frame_io parameter can be used to configure hostapd
and wpa_supplicant to use control interface for receiving and
transmitting EAPOL frames. This makes it easier to implement automated
test cases for protocol testing. This functionality is included only in
CONFIG_TESTING_OPTIONS=y builds.
Sunil Dutt [Wed, 1 Oct 2014 12:36:53 +0000 (18:06 +0530)]
P2P: Handle improper WPS termination on GO during group formation
A P2P Client may be able to connect to the GO even if the WPS
provisioning step has not terminated cleanly (e.g., P2P Client does not
send WSC_Done). Such group formation attempt missed the event
notification about started group on the GO and also did not set the
internal state corresponding to the successful group formation.
This commit addresses the missing part by completing GO side group
formation on a successful first data connection if WPS does not complete
cleanly. Also, this commit reorders the STA authorization indications to
ensure that the group formation success notification is given prior to
the first STA connection to handle such scenarios.
Jouni Malinen [Fri, 10 Oct 2014 12:53:22 +0000 (15:53 +0300)]
P2P: Clear p2p_go_group_formation_completed on GO start
Previously, this variable did not necessarily get cleared between group
formations and could result in some of the workaround operations from
not being executed after the first group formation when using the same
interface for all P2P groups. Fix this by clearing the variable whenever
starting the GO to make sure it is used consistently for each group
formation.
Jouni Malinen [Thu, 9 Oct 2014 22:33:58 +0000 (01:33 +0300)]
Complete sme-connect radio work when clearing connection state
It was possible for local deauthentication request to leave sme-connect
radio work running even when there was no ongoing effort to complete the
connection anymore. Clean this up by marking sme-connect radio work
item, if any, done when clearing connection state after such
disconnection during connection.
Jouni Malinen [Thu, 9 Oct 2014 22:31:57 +0000 (01:31 +0300)]
P2P: Report group removal reason PSK_FAILURE in timeout case
It was possible for group formation timeout to be the trigger for
detecting the second PSK/4-way handshake failure. If that happened, the
special reason=PSK_FAILURE was not used in the P2P-GROUP-REMOVED event
even though P2P-PERSISTENT-PSK-FAIL did get reported. Fix this special
case by replacing the reason code with PSK_FAILURE if the PSK failure
timeout gets registed as part of the disconnection processing in the
formation timeout handler.
Jouni Malinen [Thu, 9 Oct 2014 21:29:46 +0000 (00:29 +0300)]
tests: Make ap_hs20_session_info more robust
It looks like mac80211 scan-while-associated can now take over 10
seconds with the current wireless-regdb rules for world roaming due to
number of additional DFS channel having been enabled for passive
scanning. This resulted in ap_hs20_session_info failing due to the wait
for the scan result event timing out. That is not really a real failure,
so increase the timeout to avoid reporting this incorrectly.
Jouni Malinen [Mon, 6 Oct 2014 15:51:22 +0000 (18:51 +0300)]
browser-wpadebug: Use more robust mechanism for starting browser
Use os_exec() to run the external browser to avoid undesired command
line processing for control interface event strings. Previously, it
could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use.
Jouni Malinen [Mon, 6 Oct 2014 15:50:47 +0000 (18:50 +0300)]
browser-android: Use more robust mechanism for starting browser
Use os_exec() to run the external browser to avoid undesired command
line processing for control interface event strings. Previously, it
could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use.
Jouni Malinen [Mon, 6 Oct 2014 15:50:00 +0000 (18:50 +0300)]
browser-system: Use more robust mechanism for starting browser
Use os_exec() to run the external browser to avoid undesired command
line processing for control interface event strings. Previously, it
could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use.
Jouni Malinen [Mon, 6 Oct 2014 15:49:01 +0000 (18:49 +0300)]
hostapd_cli: Use os_exec() for action script execution
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
Jouni Malinen [Mon, 6 Oct 2014 14:25:52 +0000 (17:25 +0300)]
wpa_cli: Use os_exec() for action script execution
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
Jouni Malinen [Thu, 9 Oct 2014 11:25:55 +0000 (14:25 +0300)]
DFS: Allow 80+80 MHz be configured for VHT
This allows cases where neither 80 MHz segment requires DFS to be
configured. DFS CAC operation itself does not yet support 80+80, though,
so if either segment requires DFS, the AP cannot be brought up.
Jouni Malinen [Wed, 8 Oct 2014 22:59:52 +0000 (01:59 +0300)]
tests: Fix DFS radar-during-CAC test case
This uses mac80211_hwsim dfs_simulate_radar to get the real kernel side
CAC operation executed and aborted due to radar detection. This allows
another channel to be selected properly through another CAC run.
Jouni Malinen [Wed, 8 Oct 2014 15:18:39 +0000 (18:18 +0300)]
tests: VHT with 160 MHz channel width
Since this requires a recent CRDA version and updated wireless-regdb, do
not report failures yet (i.e., indicate that the test case was skipped
if AP startup fails).
Jouni Malinen [Tue, 7 Oct 2014 11:53:09 +0000 (14:53 +0300)]
test-aes: Allow NIST key wrap test vectors to be verified
This allows the aes_wrap() and aes_unwrap() implementation to be
verified against KW_{AE,AD}_{128,192,256}.txt test vectors from
http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
Jouni Malinen [Tue, 7 Oct 2014 11:45:22 +0000 (14:45 +0300)]
AES: Extend key wrap implementation to support longer data
This extends the "XOR t" operation in aes_wrap() and aes_unwrap() to
handle up to four octets of the n*h+i value instead of just the least
significant octet. This allows the plaintext be longer than 336 octets
which was the previous limit.
Jouni Malinen [Tue, 7 Oct 2014 10:48:45 +0000 (13:48 +0300)]
AES: Extend key wrap design to support longer AES keys
This adds kek_len argument to aes_wrap() and aes_unwrap() functions and
allows AES to be initialized with 192 and 256 bit KEK in addition to
the previously supported 128 bit KEK.
The test vectors in test-aes.c are extended to cover all the test
vectors from RFC 3394.
Jouni Malinen [Tue, 7 Oct 2014 08:44:56 +0000 (11:44 +0300)]
OpenSSL: Clean up one part from the BoringSSL patch
The (int) typecast I used with sk_GENERAL_NAME_num() to complete the
BoringSSL compilation was not really the cleanest way of doing this.
Update that to use stack_index_t variable to avoid this just like the
other sk_*_num() calls.
Adam Langley [Fri, 19 Sep 2014 01:40:03 +0000 (18:40 -0700)]
Support building with BoringSSL
BoringSSL is Google's cleanup of OpenSSL and an attempt to unify
Chromium, Android and internal codebases around a single OpenSSL.
As part of moving Android to BoringSSL, the wpa_supplicant maintainers
in Android requested that I upstream the change. I've worked to reduce
the size of the patch a lot but I'm afraid that it still contains a
number of #ifdefs.
Toby Gray [Mon, 6 Oct 2014 11:24:33 +0000 (12:24 +0100)]
Fix out of bounds memory access when removing vendor elements
Commit 86bd36f0d5b3d359075c356d68977b4d2e7c9f71 ("Add generic
mechanism for adding vendor elements into frames") has a minor bug
where it miscalculates the length of memory to move using
os_memmove. If multiple vendor elements are specified then this can
lead to out of bounds memory accesses.
This patch fixes this by calculating the correct length of remaining
data to shift down in the information element.
Jouni Malinen [Sat, 4 Oct 2014 19:11:00 +0000 (22:11 +0300)]
Fix authenticator OKC fetch from PMKSA cache to avoid infinite loop
If the first entry in the PMKSA cache did not match the station's MAC
address, an infinite loop could be reached in pmksa_cache_get_okc() when
trying to find a PMKSA cache entry for opportunistic key caching cases.
This would only happen if OKC is enabled (okc=1 included in the
configuration file).
Jouni Malinen [Sat, 4 Oct 2014 16:38:55 +0000 (19:38 +0300)]
tests: PMKSA cache entry timeout based on Session-Timeout
This verifies that hostapd uses Session-Timeout value from Access-Accept
as the lifetime for the PMKSA cache entries and expires entries both
while the station is disconnected and during an association.