Jouni Malinen [Thu, 25 Jun 2015 19:17:28 +0000 (22:17 +0300)]
OpenSSL: Add support for Brainpool Elliptic Curves
This allows the IKE groups 27-30 (RFC 6932) to be used with OpenSSL
1.0.2 and newer. For now, these get enabled for SAE as configurable
groups (sae_groups parameter), but the new groups are not enabled by
default.
Jouni Malinen [Wed, 24 Jun 2015 17:47:08 +0000 (20:47 +0300)]
SAE: Increase security parameter k to 40 based on Dragonfly recommendation
draft-irtf-cfrg-dragonfly recommends implementation to set the security
parameter, k, to a value of at least 40. This will make PWE generation
take significantly more resources, but makes it more likely to hide
timing differences due to different number of loops needed to find a
suitable PWE.
Jouni Malinen [Thu, 25 Jun 2015 08:56:51 +0000 (11:56 +0300)]
tests: Try heavier SAE groups in sae_groups
This changes the sae_groups test case design to try with every group and
skip triggering test failure for the heavier ones that are likely to
fail in some VM setups under load. This provides more testing coverage
by not limiting the test based on lowest common setup.
Jouni Malinen [Tue, 23 Jun 2015 19:30:15 +0000 (22:30 +0300)]
SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are different
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.
OpenSSL 0.9.8 (and newer) includes SSL_CTX_get_app_data() and
SSL_CTX_set_app_data(), so there is no need to maintain this old
OPENSSL_SUPPORTS_CTX_APP_DATA backwards compatibility design.
Jouni Malinen [Tue, 23 Jun 2015 17:39:08 +0000 (20:39 +0300)]
libtommath: Fix mp_init_multi() stdarg use on error path
Previously, it would have been possible for va_end(args) to be called
twice in case mp_init() fails. While that may not cause issues on number
of platforms, that is not how va_start()/va_end() are supposed to be
used. Fix this by returning from the function without using va_end()
twice on the same va_list args.
Jouni Malinen [Tue, 23 Jun 2015 17:23:31 +0000 (20:23 +0300)]
wpa_gui: Initialize WpaGuiApp::w in the constructor
This gets rid of a static analyzer warning. The actual value for
WpaGuiApp::w will be set after the constructor has returned, so this
value was not really used uninitialized.
Jouni Malinen [Tue, 23 Jun 2015 16:11:35 +0000 (19:11 +0300)]
Use unsigned/signed printf format more consistently
These configuration parameters did not use matching printf format string
parameters (signed vs. unsigned). While these configuratin values are,
in practice, small unsigned integers, the implementation should use
matching types to write these.
Jouni Malinen [Tue, 23 Jun 2015 15:30:11 +0000 (18:30 +0300)]
P2P: Use offsetof() instead of local implementation
The construction used here to figure out the offset of variable length
IEs in Probe Request frames was a bit odd looking and resulted in a
warning from a static analyzer, so replace it with more standard use of
offsetof().
Jouni Malinen [Tue, 23 Jun 2015 15:25:35 +0000 (18:25 +0300)]
ERP server: Make erp_send_finish_reauth() easier for static analyzers
The flags argument is used to indicate a failure case (0x80) which
allows erp == NULL. This may be a bit too difficult combination for
static analyzers to understand, so add an explicit check for !erp as
another condition for returning from the function before the erp pointer
gets dereferenced without checking it.
Jouni Malinen [Tue, 23 Jun 2015 15:18:25 +0000 (18:18 +0300)]
Remove redundant NULL check in ieee802_1x_encapsulate_radius()
The eap argument to this function is never NULL and the earlier
ieee802_1x_learn_identity() call is dereferencing it anyway, so there is
no point in checking whether it is NULL later in the function.
Jouni Malinen [Tue, 23 Jun 2015 08:21:51 +0000 (11:21 +0300)]
AP: Add more 2.4 GHz channels for 20/40 MHz HT co-ex scan
This needs to find the PRI channel also in cases where the affected
channel is the SEC channel of a 40 MHz BSS, so need to include the
scanning coverage here to be 40 MHz from the center frequency. Without
this, it was possible to miss a neighboring 40 MHz BSS that was at the
other end of the 2.4 GHz band and had its PRI channel further away from
the local BSS.
Jouni Malinen [Sat, 20 Jun 2015 19:59:30 +0000 (22:59 +0300)]
HS 2.0: Add WLAN RADIUS attributes in OSEN case
Previously, the common WLAN-* RADIUS attributes were added only when WPA
or WPA2 was used. These can be of use for OSEN as well, so include them
in that case, too.
Jouni Malinen [Sat, 20 Jun 2015 19:50:45 +0000 (22:50 +0300)]
Remove unnecessary wpa_ie_len check from wpa_parse_wpa_ie_wpa()
There is no need to have a separate "fail silently" case for wpa_ie_len
== 0. That condition does not seem to be reachable and even if it were,
the following "ie len too short" case will result in the exact same
return value.
Jouni Malinen [Sat, 20 Jun 2015 15:25:15 +0000 (18:25 +0300)]
Remove WEP40/WEP104 cipher suite support for WPA/WPA2
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.
Jouni Malinen [Sat, 20 Jun 2015 14:36:58 +0000 (17:36 +0300)]
FT: Stop association attempt if Auth response processing fails (SME)
Call the FT processing function directly instead of going through
wpa_supplicant_event() to process FT Authentication frame in SME case.
This allows parsing error to be used to trigger immediate failure for
the connection instead of trying to proceed to reassociation step that
cannot succeed.
Jouni Malinen [Sat, 20 Jun 2015 12:35:52 +0000 (15:35 +0300)]
tests: Make dbus_old_wps_pbc more robust
Flush the cfg80211 scan cache explicitly to avoid false failure reports
if a BSS entry from an earlier test case remain. Such a failure could be
hit, e.g., with the following test case sequence:
wpas_mesh_mode_scan p2p_channel_random_social dbus_old_wps_pbc
In case of a network interface removal, check if the interface
was also the parent interface of the P2P Device dedicated interface.
If this is the case, then stop the P2P Device functionality, and
remove the P2P Device dedicated interface.
In case that the interface is added again and P2P Device
functionality can be enabled again, add a new P2P Device dedicated
interface and allow further P2P Device functionality.
In case that the P2P Device dedicated interface is re-created, the
original P2P Device configuration file is needed, so store it in
the global params (instead in the wpa_interface configuration).
Ilan Peer [Wed, 17 Jun 2015 13:18:19 +0000 (16:18 +0300)]
nl8021: Allow sending wowlan configuration on any interface
Sending a wowlan configuration command can be done on any wireless
interface (not only netdev), as it is a device configuration and not
interface configuration specific. Fix the code to allow it to be
sent on any interface.
Ilan Peer [Wed, 17 Jun 2015 13:18:17 +0000 (16:18 +0300)]
nl80211: Remove android_genl_ctrl_resolve()
Android libnl_2 implementation added support for "nl80211" name in
commit 'libnl_2: Extend genl_ctrl_resolve() to support "nl80211" name'
in July 2012 which got included in Android 4.2. It is fine to drop this
old Android ICS workaround from wpa_supplicant now.
Eliad Peller [Wed, 17 Jun 2015 13:18:16 +0000 (16:18 +0300)]
P2P: Consider ht/vht on P2P_GROUP_ADD command (with no params)
p2p_ctrl_group_add() takes care of various configuration options (such
as ht/vht) before calling wpas_p2p_group_add(), so use it (just like
when P2P_GROUP_ADD is called with additional params).
Eliad Peller [Wed, 17 Jun 2015 13:18:15 +0000 (16:18 +0300)]
ctrl_iface: Make p2p_ctrl_group_add() more robust
Parse each parameter individually and combine all the function calls.
This will allow further patch to call it with no parameters (currently
this might result in failure).
Eliad Peller [Wed, 17 Jun 2015 13:18:14 +0000 (16:18 +0300)]
P2P: Fix secondary channel selection for HT40
wpas_p2p_get_ht40_mode() used blacklist approach (bw != BW20) to find
the relevant op_class, but didn't take into account other non-BW40
cases, like BW80, that had been added to the bw enum after the initial
implementation. Fix this by looking for the specific BW40 bw cases.
Jouni Malinen [Fri, 19 Jun 2015 10:45:16 +0000 (13:45 +0300)]
tests: Increase HTTPConnection timeout in ap_wps_upnp_http_proto
It looks like the previous timeout of 0.1 seconds could be hit under
parallel VM load, so double this to 0.2 second to avoid hitting
unnecessary test failures.
dbus: Add RemoveClient method to remove a client from local GO
This is equivalent to the P2P_REMOVE_CLIENT command on control
interface. This can be used to remove the specified client [as object
path or string format interface address] from all groups (operating and
persistent) from the local GO.
Argument(s): peer[object path] OR iface[string format MAC address]
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com> Signed-off-by: Jijo Jacob <jijo.jacob@samsung.com>
Avraham Stern [Wed, 17 Jun 2015 13:24:57 +0000 (16:24 +0300)]
P2P: Fix PBC overlap detection
PBC overlap detection searches for another BSS with active PBC in the
BSS table. However, when a separate P2P interface is used, scan results
without P2P IE are not saved in the BSS table, so non-P2P BSS's with
active PBC will not be detected.
Fix this by iterating only the WPS AP array instead of the BSS table.
This is also more efficient since only WPS APs may have active PBC. This
also fixes hwsim test "grpform_pbc_overlap" when a dedicated P2P Device
is used.
Ilan Peer [Wed, 17 Jun 2015 13:24:55 +0000 (16:24 +0300)]
tests: Fix wifi_display_persistent_group with P2P Device
Use the global control interface to list the P2P Device persistent
networks. Get and parse the P2P-GROUP-STARTED events, so later the
interface names would be available for the connectivity test etc. Both
of these are required when a dedicated P2P Device interface is used.
Jouni Malinen [Thu, 18 Jun 2015 22:14:35 +0000 (01:14 +0300)]
tests: NFC static handover with invalid contents
This adds test coverage to p2p_procesS_nfc_connection_handover() error
paths. This is also a regression test case for a memory leak on two of
these error paths.
Ben Rosenfeld [Wed, 17 Jun 2015 13:16:35 +0000 (16:16 +0300)]
P2P: Fix memory leak in p2p_process_nfc_connection_handover()
p2p_process_nfc_connection_handover() allocates msg memory in the parser
and might return before memory is released if the received message is
not valid.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Jouni Malinen [Thu, 18 Jun 2015 21:49:01 +0000 (00:49 +0300)]
EAP-FAST peer: Stop immediately on key derivation failure
If key derivation fails, there is no point in trying to continue
authentication. In theory, this could happen if memory allocation during
TLS PRF fails.
Ben Rosenfeld [Wed, 17 Jun 2015 13:16:34 +0000 (16:16 +0300)]
OpenSSL: Fix memory leak on an openssl_tls_prf() error path
Free tmp_out before returning to prevent memory leak in case the second
memory allocation in openssl_tls_prf() fails. This is quite unlikely,
but at least theoretically possible memory leak with EAP-FAST.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Jouni Malinen [Thu, 18 Jun 2015 19:33:48 +0000 (22:33 +0300)]
tests: Make ap_wps_ap_scan_2 more robust
The test sequence "scan_and_bss_entry_removed ap_wps_ap_scan_2" resulted
in failure due to an old BSS entry remaining from the first test case to
the second and the WPS_PBC operation on a forced BSSID ending up picking
the incorrect BSS entry. Make this more robust by clearing the scan
results from cfg80211.
Jouni Malinen [Thu, 18 Jun 2015 18:59:05 +0000 (21:59 +0300)]
tests: Make ap_wps_pbc_overlap_2* less likely to cause issues
Both of these test cases were leaving out BSS entries with active PBC
mode at the end of the test. This could result in the next text case
failing, e.g., in "ap_wps_pbc_overlap_2ap grpform_ext_listen" and
"ap_wps_pbc_overlap_2sta grpform_ext_listen" sequences. Fix this by
flushing the scan results more carefully at the end of the PBC overlap
test cases.
Jouni Malinen [Thu, 18 Jun 2015 14:24:52 +0000 (17:24 +0300)]
P2PS: Fix Probe Response frame building in error cases
org.wi-fi.wfds service is not a replacement for non-WFA service matches.
Do not try to replace the results with that if there is not sufficient
room for the response. Instead, reply with all the matching services
that fit into the message. org.wi-fi.wfds is the first entry in the list
(if matching request/service is present), so it won't get overridden by
other services.
Jouni Malinen [Thu, 18 Jun 2015 14:23:09 +0000 (17:23 +0300)]
P2PS: Fix org.wi-fi.wfds matching when building the response
The service hash for org.wi-fi.wfds is supposed to match only if the
device has a WFA defined org.wi-fi.wfds.* service. Verify that before
adding org.wi-fi.wfds to the response.
Jouni Malinen [Thu, 18 Jun 2015 14:18:54 +0000 (17:18 +0300)]
P2PS: Remove unnecessary service hash filtering from p2p_reply_probe()
Probe Response building is already doing service matching and there is
no need to do this in both places, so simplify the p2p_reply_probe()
implementation.
Jouni Malinen [Thu, 18 Jun 2015 14:15:45 +0000 (17:15 +0300)]
P2PS: Do not ignore other hashes if org.wi-fi.wfds hash is included
When doing initial processing of Probe Request frame service hashes, the
previous implementation dropped all other hash values if a hash for
org.wi-fi.wfds was included. This is not correct, since that is not a
full wildcard of all services (it only matches WFA defined
org.wi-fi.wfds.* services).
Jouni Malinen [Thu, 18 Jun 2015 14:11:27 +0000 (17:11 +0300)]
P2PS: Fix service hash matching for org.wi-fi.wfds
This "wildcard" match is for WFA specified org.wi-fi.wfds.* services,
not for all services. Verify that there is a really matching service
being advertised instead of assuming this "wildcard" matches if any
services are advertised.
Jouni Malinen [Thu, 18 Jun 2015 14:07:47 +0000 (17:07 +0300)]
P2PS: Fix p2p_find handling to allow "wildcard" with other hash values
The org.wi-fi.wfds "wildcard" is not a full wildcard of all service
names and as such, it must not remove other service name hash values
from the Probe Request frames.
Jouni Malinen [Thu, 18 Jun 2015 14:04:16 +0000 (17:04 +0300)]
P2PS: Verify service name length in P2P_FIND command
p2ps_gen_hash() has a limit on service names based on the temporary
buffer from stack. Verify that the service name from the local P2P_FIND
command is short enough to fix into that buffer.
Jouni Malinen [Thu, 18 Jun 2015 14:01:02 +0000 (17:01 +0300)]
P2PS: Fix P2P_FIND seek parameter parsing
Only the first seek=<service name> parameter was accepted from the
P2P_FIND command. Fix this to go through all seek parameters to
construct the list of service hash values to seek.
Max Stepanov [Wed, 10 Jun 2015 08:43:48 +0000 (11:43 +0300)]
P2PS: Add a wildcard with other advertised service info
Quoting P2PS specification: "If multiple Service Hash values are
included in the Probe Request frame, then the ASP shall find a match for
each Service Hash, and it shall send a Probe Response frame with the
information listed in this section for all matched Service Hashes." This
commit changes handling of wildcard hash matching by adding a
wildcard 'org.wi-fi.wfds' info together with the other hash matches.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Max Stepanov [Wed, 10 Jun 2015 08:43:47 +0000 (11:43 +0300)]
P2PS: Re-factor p2p_buf_add_service_instance function
Add auxiliary functions to write a single advertised service info record
into a wpabuf and to find P2PS wildcard hash in a received hash
attribute. Re-factor p2p_buf_add_service_instance() function to allow
adding new wildcard types in future commits.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Jouni Malinen [Thu, 18 Jun 2015 10:48:21 +0000 (13:48 +0300)]
wpa_cli: Fix process termination in wpa_cli action mode case
Commit 4be9f27595f313773612d2fe534c013dfedfe679 ('wpa_cli: Use eloop
during connection attempts in interactive mode') did not take into
account the needs for signal processing in action mode. eloop_run() was
not called in this case and the internal select() loop would block eloop
processing anyway and prevent clean shutdown. Fix this by using eloop
for action mode operations.
Jouni Malinen [Wed, 17 Jun 2015 13:30:34 +0000 (16:30 +0300)]
Clear allocated debug message buffers explicitly
When hostapd or wpa_supplicant is run in debug more with key material
prints allowed (-K on the command line), it is possible for passwords
and keying material to show up in debug prints. Since some of the debug
cases end up allocating a temporary buffer from the heap for processing
purposes, a copy of such password may remain in heap. Clear these
temporary buffers explicitly to avoid causing issues for hwsim test
cases that verify contents of memory against unexpected keys.
Jouni Malinen [Wed, 17 Jun 2015 13:29:33 +0000 (16:29 +0300)]
Clear control interface command explicitly from stack
The control interface commands may include passwords or other private
key material, so clear it explicitly from memory as soon as the
temporary buffer is not needed anymore.
Jouni Malinen [Mon, 15 Jun 2015 20:34:11 +0000 (23:34 +0300)]
P2P: Fix group interface addition failure properly for concurrent case
It was possible for a P2P group formation failure to result in a
concurrent station mode operation getting disconnected in the specific
error case where group interface addition fails after a successful GO
Negotiation. Fix this by skipping the wpas_p2p_group_delete() call in
this specific case since the group interface does not exists anymore at
the point wpas_group_formation_completed() gets called.
projects / thirdparty / hostap.git / log
