P2P: Make unrecognized vendor elements available in P2P_PEER
This allows external programs to use vendor specific information from
P2P peers without wpa_supplicant having to be able to parse and
understand all such vendor specific elements.
Add generic mechanism for adding vendor elements into frames
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:
VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *
The following frames are supported in this commit (additional frames can
be added in the future):
0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response
One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.
PNO: Send Probe Request frames only for hidden SSIDs
Previously, offloaded scanning (PNO) on Android was including SSIDs from
all enabled networks regardless of the scan_ssid parameter which
resulted in different behavior for the offloaded case when comparing to
wpa_supplicant initiated scans.
Use the sched_scan match filter to allow broadcast SSID to be used for
scan_ssid=1 networks also with PNO to avoid running active scans for
SSIDs that have not been explicitly marked as requiring an SSID-specific
scan. This reduces exposure of configured network names on the device
when running offloaded scans while the host device is in sleep.
P2P: Add explicit check for ssid->p2p_client_list != NULL
This would not really be needed since these functions check the pointer
above. However, this seems to be too difficult for some static analyzer,
so add the extra check to avoid false reports.
Dmitry Shmidt [Mon, 30 Jun 2014 16:59:17 +0000 (09:59 -0700)]
HS 2.0R2: Add update_identifier field to network
This can be used to configure a Hotspot 2.0 Release 2 network externally
for a case where wpa_supplicant-based Interworking network selection is
not used and the update_identifier cannot be copied directly from a
cred.
Li Jianyun [Tue, 1 Jul 2014 15:22:56 +0000 (23:22 +0800)]
Allow SCAN command to specify scan_ssid=1 SSIDs
The new "scan_id=<comma separated list of network ids>" parameter can
now be used to specify a list of network ids that have scan_ssid=1 to
indicate active scanning of the SSID. This adds the listed SSIDs to the
scan command to allow manual scan requests to perform active scans for
hidden SSIDs. For example, "SCAN scan_id=1,7,11" would run a scan with
the SSID fetched from the configured network blocks 1, 7, and 11
(assuming those are set with scan_ssid=1). The SSIDs will be included
even from network blocks that are currently disabled.
The maximum number of SSIDs added to the request is limited by the
driver support. If more than supported values are specified, the command
will fail (returns "FAIL").
Use an explicit memset call to clear any configuration parameter and
dynamic data that contains private information like keys or identity.
This brings in an additional layer of protection by reducing the length
of time this type of private data is kept in memory.
Use an explicit memset call to clear any hostapd configuration parameter
that contains private information like keys or identity. This brings in
an additional layer of protection by reducing the length of time this
type of private data is kept in memory.
Use an explicit memset call to clear any hs20-osu-client configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.
Jouni Malinen [Sun, 29 Jun 2014 22:48:41 +0000 (01:48 +0300)]
EAP server: Clear keying material on deinit
Reduce the amount of time keying material (MSK, EMSK, temporary private
data) remains in memory in EAP methods. This provides additional
protection should there be any issues that could expose process memory
to external observers.
Jouni Malinen [Sun, 29 Jun 2014 18:16:30 +0000 (21:16 +0300)]
EAP peer: Clear keying material on deinit
Reduce the amount of time keying material (MSK, EMSK, temporary private
data) remains in memory in EAP methods. This provides additional
protection should there be any issues that could expose process memory
to external observers.
Use an explicit memset call to clear any wpa_supplicant configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.
Jouni Malinen [Sun, 29 Jun 2014 22:47:44 +0000 (01:47 +0300)]
EAP-AKA: Remove unnecessary dead increment
The pos pointer is not used after this now nor in future plans, so no
need to increment the value. This remove a static analyzer warning about
dead increment.
Jouni Malinen [Sun, 29 Jun 2014 22:46:42 +0000 (01:46 +0300)]
EAP-GPSK: Avoid dead increment by checking pos pointer
Instead of using the pre-calculated length of the buffer, determine the
length of used data based on the pos pointer. This avoids a static
analyzer warning about dead increment.
Jouni Malinen [Sun, 29 Jun 2014 22:08:49 +0000 (01:08 +0300)]
Interworking: Remove unnecessary dead increment
build_root_nai() will not be extended to write something after the
domain, so there is no need to update the pos pointer after the final
os_snprintf() call in the function. Remove this to make a static
analyzer happier.
Jouni Malinen [Sun, 29 Jun 2014 21:56:27 +0000 (00:56 +0300)]
Check for no key_mgmt/proto/auth_alg entries in config writer
This is not really necessary check, but it keeps a static analyzer
happier by avoiding dead increment. Doing it this way rather than
removing the increment is less likely to cause problems when new entries
are added here in the future (the "dead" increment would be very much
needed in those cases).
Jouni Malinen [Sun, 29 Jun 2014 21:50:40 +0000 (00:50 +0300)]
Remove unnecessary tracking of first entry
The pointer to the current position is enough to figure out whether the
proto string is the first one in the buffer. Removing the separate
tracking variable cleans up a static analyzer warning on dead
assignment.
Jouni Malinen [Sun, 29 Jun 2014 21:43:28 +0000 (00:43 +0300)]
WFD: Explicit limit for subelement length (CID 68127)
This adds an explicit limit for the maximum Wi-Fi Display subelement
length for ASCII hexdump. This would not really be needed since the
buffer is already limited by maximum frame length. Anyway, since this
can make static analyzers happier and the subelement used with this
function is short, we may as well include an explicit check.
Jouni Malinen [Sun, 29 Jun 2014 21:32:12 +0000 (00:32 +0300)]
HS 2.0: Verify assoc_req_ie buffer size for indication elements
While the buffer is expected to be large enough for all the IEs, it is
better to check for this explicitly when adding the HS 2.0 Indication
element. (CID 68601)
Jouni Malinen [Sun, 29 Jun 2014 17:28:25 +0000 (20:28 +0300)]
SAE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:27:45 +0000 (20:27 +0300)]
WEP shared key: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:26:25 +0000 (20:26 +0300)]
EAP-GTC: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:25:36 +0000 (20:25 +0300)]
EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:25:05 +0000 (20:25 +0300)]
EAP-TTLS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:24:41 +0000 (20:24 +0300)]
EAP-MD5: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:24:10 +0000 (20:24 +0300)]
EAP-PSK: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:22:44 +0000 (20:22 +0300)]
EAP-PEAP: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:22:17 +0000 (20:22 +0300)]
EAP-LEAP: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:21:59 +0000 (20:21 +0300)]
EAP-GPSK: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:21:31 +0000 (20:21 +0300)]
EAP-PAX: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:21:03 +0000 (20:21 +0300)]
EAP-FAST: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:20:28 +0000 (20:20 +0300)]
EAP-EKE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:19:59 +0000 (20:19 +0300)]
EAP-SAKE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:19:19 +0000 (20:19 +0300)]
EAP-SIM/AKA: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:18:40 +0000 (20:18 +0300)]
EAP-IKEv2: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:18:00 +0000 (20:18 +0300)]
TLS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:17:14 +0000 (20:17 +0300)]
Milenage: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:16:58 +0000 (20:16 +0300)]
AES-GCM: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:16:39 +0000 (20:16 +0300)]
AES-CCM: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:16:10 +0000 (20:16 +0300)]
EAPOL supplicant: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:15:37 +0000 (20:15 +0300)]
RSN authenticator: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:15:07 +0000 (20:15 +0300)]
RSN supplicant: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:14:17 +0000 (20:14 +0300)]
MACsec: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 17:13:01 +0000 (20:13 +0300)]
RADIUS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 16:38:17 +0000 (19:38 +0300)]
WPS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Jouni Malinen [Sun, 29 Jun 2014 16:33:19 +0000 (19:33 +0300)]
Add constant time memory comparison function os_memcmp_const
This function is meant for comparing passwords or hash values where
difference in execution time could provide external observer information
about the location of the difference in the memory buffers. The return
value does not behave like os_memcmp(), i.e., os_memcmp_const() cannot
be used to sort items into a defined order. Unlike os_memcmp(),
execution time of os_memcmp_const() does not depend on the contents of
the compared memory buffers, but only on the total compared length.
Jouni Malinen [Sun, 29 Jun 2014 15:52:09 +0000 (18:52 +0300)]
EAP-pwd: Add explicit total length limit
Instead of using implicit limit based on 16-bit unsigned integer having
a maximum value of 65535, limit the maximum length of a fragmented
EAP-pwd message explicitly to 15000 bytes. None of the supported groups
use longer messages, so it is fine to reject any longer message without
even trying to reassemble it. This will hopefully also help in reducing
false warnings from static analyzers (CID 68124).
Jouni Malinen [Sun, 29 Jun 2014 15:46:29 +0000 (18:46 +0300)]
EAP-SIM/AKA: Pass EAP type as argument to eap_sim_msg_finish()
This makes it easier for static analyzers to figure out which code paths
are possible within eap_sim_msg_finish() for EAP-SIM. This will
hopefully avoid some false warnings (CID 68110, CID 68113, CID 68114).
Jouni Malinen [Sun, 29 Jun 2014 15:32:12 +0000 (18:32 +0300)]
PeerKey: Clean up EAPOL-Key Key Data processing
This extends the earlier commit e6270129f6ac06c319480c409ee7013a1ad33127
('Clean up EAPOL-Key Key Data processing') design to be used with
PeerKey EAPOL-key processing as well. This avoids false warnings from
static analyzer (CID 62860, CID 62861, CID 62862).
Jouni Malinen [Sun, 29 Jun 2014 15:20:13 +0000 (18:20 +0300)]
dbus: Clean up array-array-type property getter
The previously used design was a bit too complex for static analyzers
(e.g., CID 68131, CID 68133) to understand which resulted in false
warnings about uninitialized memory. Avoid this by explicitly
initializing the pointer array to NULL and also skipping any invalid
NULL entry in the helper function.
Arik Nemtsov [Wed, 25 Jun 2014 14:41:53 +0000 (17:41 +0300)]
TDLS: Update peer STA as soon as full peer info is available
Update the peer STA with full info sending TDLS Setup Response/Confirm
frames instead of after the full setup exchange. This makes it easier
for some drivers to properly negotiate QoS and HT information on the
direct link.
Michal Kazior [Fri, 27 Jun 2014 12:19:28 +0000 (14:19 +0200)]
hostapd: Make chan_switch command per-interface not per-BSS
Currently hostapd data structures aren't ready for multi-channel BSSes,
so make the command work now at least with single-channel multi-BSS
channel switching.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Dmitry Shmidt [Mon, 23 Jun 2014 19:13:20 +0000 (12:13 -0700)]
eapol_test: Fix -R option to not replace -s option value
Commit e9852462d58750e2ec4be498e82db0e0a2dfaf7f ('eapol_test: Add PC/SC
reader and PIN command line arguments') did not add break to the switch
statement for the new -R command line option.
Fix a bug where changing the mode of the interface to IBSS
fails because the interface is sitting on a channel where IBSS is
disallowed because of a previous association.
Signed-off-by: Christopher Wiley <wiley@chromium.org>
Jouni Malinen [Sat, 21 Jun 2014 21:15:53 +0000 (00:15 +0300)]
P2P: Allow passphrase length to be configured
Previously, eight character random passphrase was generated
automatically for P2P GO. The new p2p_passphrase_len parameter can be
used to increase this length to generate a stronger passphrase for cases
where practicality of manual configuration of legacy devices is not a
concern.
Jouni Malinen [Sat, 21 Jun 2014 09:18:56 +0000 (12:18 +0300)]
EAP-SIM': Fix AT_KDF parser to avoid infinite loop
Hitting maximum number of AT_KDF attributes could result in an infinite
loop due to the attribute parser not incrementing the current position
properly when skipping the extra KDF.
Jouni Malinen [Thu, 19 Jun 2014 17:56:32 +0000 (20:56 +0300)]
Rate limit SA Query procedure initiation on unprotected disconnect
There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.
Jouni Malinen [Wed, 18 Jun 2014 14:14:59 +0000 (17:14 +0300)]
EAP-GPSK: Clean up CSuite_List length validation (CID 62854)
Use a local variable and size_t in length comparison to make this easier
for static analyzers to understand. In addition, set the return list and
list_len values at the end of the function, i.e., only in success case.
These do not change the actual behavior of the only caller for this
function, but clarifies what the helper function is doing.
Jouni Malinen [Wed, 18 Jun 2014 13:42:15 +0000 (16:42 +0300)]
EAP-FAST: Clean up TLV length validation (CID 62853)
Use size_t instead of int for storing and comparing the TLV length
against the remaining buffer length to make this easier for static
analyzers to understand.
Jouni Malinen [Tue, 17 Jun 2014 21:45:48 +0000 (00:45 +0300)]
VHT: Remove useless validation code from Operating Mode Notification
This was added by commit 8a45811638d3d5c913175c4b8fc17a9bff0178e1
('hostapd: Add Operating Mode Notification support'), but the validation
steps cannot be true either for the channel width (which is a two-bit
subfield that cannot encode more than the list four values) or Rx NSS
(which cannot encode a value larger 7). Furthermore, the VHT_CHANWIDTH_*
defines do not match the definition of the Channel Width subfield
values.
Since this check cannot ever match, it is better to remove it to make
the code easier to understand and to avoid getting complaints about dead
code from static analyzers.