Jouni Malinen [Sat, 27 Jun 2015 18:20:14 +0000 (21:20 +0300)]
SAE: Reject FFC commit-element with value p-1
The current P802.11 description of SAE uses "1 < element < p" as the
required range. However, this is not correct and does not match the
Dragonfly description of "1 < element < p-1". SAE definition will need
to change here. Update the implementation to reject p-1 based on the
correct rule here.
Jouni Malinen [Sat, 27 Jun 2015 14:10:19 +0000 (17:10 +0300)]
P2PS: Do not reply to ProbeReq on another channel when starting Listen
It was possible for the P2PS Probe Response frame to go out on the
channel on which a Probe Request frame was reported even when we are
just about to start Listen mode on another channel. This could result in
the peer device using incorrect channel for us. Fix this by skipping the
response in this special case while waiting for Listen mode to start.
This showed up as a hwsim test failure with test sequence "gas_fragment
p2ps_connect_display_method_nonautoaccept" in cases where the dev[0]
Listen channel was not same as the AP operating frequency in the GAS
test.
Jouni Malinen [Sat, 27 Jun 2015 09:41:40 +0000 (12:41 +0300)]
SAE: Reject commit-scalar value 1
IEEE Std 802.11-2012 description of SAE does not require this, i.e., it
describes the requirement as 0 < scalar < r for processing the Commit
message. However, this is not correct and will be changes to 1 < scalar
< r to match the Dragonfly description so that a trivial secret case
will be avoided explicitly.
This is not much of an issue for the locally generated commit-scalar
since it would be very unlikely to get the value of 1. For Commit
message processing, a peer with knowledge of the password could
potentially force the exchange to expose key material without this
check.
Dmitry Shmidt [Fri, 19 Jun 2015 17:33:50 +0000 (10:33 -0700)]
Send CTRL-EVENT-NETWORK-NOT-FOUND if no suitable network was found
This provides more information to upper layer programs on what happens
with connection attempts in cases where the enabled networks are not
found in scan results.
Kevin Cernekee [Sat, 20 Jun 2015 00:22:30 +0000 (17:22 -0700)]
Android: Fix nl80211 build if BOARD_*_PRIVATE_LIB is unspecified
wpa_supplicant has stub functions if the external p2p symbols are
unavailable, but the build still fails if the
wpa_driver_nl80211_driver_cmd symbol is missing. Fix this by leaving the
function pointer NULL. This is safe because wpa_drv_driver_cmd() performs
a NULL check.
Signed-off-by: Kevin Cernekee <cernekee@google.com>
Kevin Cernekee [Sat, 20 Jun 2015 00:22:29 +0000 (17:22 -0700)]
Android: Rename ANDROID_P2P_STUB to ANDROID_LIB_STUB
If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will
need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd
in order to successfully link. Let's make the name more generic so it is
more obvious what it is used for.
Suggested-by: Dmitry Shmidt <dimitrysh@google.com> Signed-off-by: Kevin Cernekee <cernekee@google.com>
Jouni Malinen [Fri, 26 Jun 2015 12:29:29 +0000 (15:29 +0300)]
OpenSSL: Handle EC_POINT_is_on_curve() error case
Even though this OpenSSL function is documented as returning "1 if point
if on the curve and 0 otherwise", it can apparently return -1 on some
error cases. Be prepared for that and check explicitly against 1 instead
of non-zero.
Jouni Malinen [Fri, 26 Jun 2015 08:44:22 +0000 (11:44 +0300)]
SAE: Use random "password" in extra hunting-and-pecking loops
If PWE is discovered before the minimum number of loops (k) is reached,
the extra iterations use a random "password" to further obfuscate the
cost of discovering PWE.
Jouni Malinen [Thu, 25 Jun 2015 08:35:39 +0000 (11:35 +0300)]
SAE: Add side-channel protection to PWE derivation with ECC
This replaces the earlier IEEE Std 802.11-2012 algorithm with the design
from P802.11-REVmc/D4.0. Things brings in a blinding technique for
determining whether the pwd-seed results in a suitable PWE value.
Jouni Malinen [Thu, 25 Jun 2015 19:17:28 +0000 (22:17 +0300)]
OpenSSL: Add support for Brainpool Elliptic Curves
This allows the IKE groups 27-30 (RFC 6932) to be used with OpenSSL
1.0.2 and newer. For now, these get enabled for SAE as configurable
groups (sae_groups parameter), but the new groups are not enabled by
default.
Jouni Malinen [Wed, 24 Jun 2015 17:47:08 +0000 (20:47 +0300)]
SAE: Increase security parameter k to 40 based on Dragonfly recommendation
draft-irtf-cfrg-dragonfly recommends implementation to set the security
parameter, k, to a value of at least 40. This will make PWE generation
take significantly more resources, but makes it more likely to hide
timing differences due to different number of loops needed to find a
suitable PWE.
Jouni Malinen [Thu, 25 Jun 2015 08:56:51 +0000 (11:56 +0300)]
tests: Try heavier SAE groups in sae_groups
This changes the sae_groups test case design to try with every group and
skip triggering test failure for the heavier ones that are likely to
fail in some VM setups under load. This provides more testing coverage
by not limiting the test based on lowest common setup.
Jouni Malinen [Tue, 23 Jun 2015 19:30:15 +0000 (22:30 +0300)]
SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are different
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.
OpenSSL 0.9.8 (and newer) includes SSL_CTX_get_app_data() and
SSL_CTX_set_app_data(), so there is no need to maintain this old
OPENSSL_SUPPORTS_CTX_APP_DATA backwards compatibility design.
Jouni Malinen [Tue, 23 Jun 2015 17:39:08 +0000 (20:39 +0300)]
libtommath: Fix mp_init_multi() stdarg use on error path
Previously, it would have been possible for va_end(args) to be called
twice in case mp_init() fails. While that may not cause issues on number
of platforms, that is not how va_start()/va_end() are supposed to be
used. Fix this by returning from the function without using va_end()
twice on the same va_list args.
Jouni Malinen [Tue, 23 Jun 2015 17:23:31 +0000 (20:23 +0300)]
wpa_gui: Initialize WpaGuiApp::w in the constructor
This gets rid of a static analyzer warning. The actual value for
WpaGuiApp::w will be set after the constructor has returned, so this
value was not really used uninitialized.
Jouni Malinen [Tue, 23 Jun 2015 16:11:35 +0000 (19:11 +0300)]
Use unsigned/signed printf format more consistently
These configuration parameters did not use matching printf format string
parameters (signed vs. unsigned). While these configuratin values are,
in practice, small unsigned integers, the implementation should use
matching types to write these.
Jouni Malinen [Tue, 23 Jun 2015 15:30:11 +0000 (18:30 +0300)]
P2P: Use offsetof() instead of local implementation
The construction used here to figure out the offset of variable length
IEs in Probe Request frames was a bit odd looking and resulted in a
warning from a static analyzer, so replace it with more standard use of
offsetof().
Jouni Malinen [Tue, 23 Jun 2015 15:25:35 +0000 (18:25 +0300)]
ERP server: Make erp_send_finish_reauth() easier for static analyzers
The flags argument is used to indicate a failure case (0x80) which
allows erp == NULL. This may be a bit too difficult combination for
static analyzers to understand, so add an explicit check for !erp as
another condition for returning from the function before the erp pointer
gets dereferenced without checking it.
Jouni Malinen [Tue, 23 Jun 2015 15:18:25 +0000 (18:18 +0300)]
Remove redundant NULL check in ieee802_1x_encapsulate_radius()
The eap argument to this function is never NULL and the earlier
ieee802_1x_learn_identity() call is dereferencing it anyway, so there is
no point in checking whether it is NULL later in the function.
Jouni Malinen [Tue, 23 Jun 2015 08:21:51 +0000 (11:21 +0300)]
AP: Add more 2.4 GHz channels for 20/40 MHz HT co-ex scan
This needs to find the PRI channel also in cases where the affected
channel is the SEC channel of a 40 MHz BSS, so need to include the
scanning coverage here to be 40 MHz from the center frequency. Without
this, it was possible to miss a neighboring 40 MHz BSS that was at the
other end of the 2.4 GHz band and had its PRI channel further away from
the local BSS.
Jouni Malinen [Sat, 20 Jun 2015 19:59:30 +0000 (22:59 +0300)]
HS 2.0: Add WLAN RADIUS attributes in OSEN case
Previously, the common WLAN-* RADIUS attributes were added only when WPA
or WPA2 was used. These can be of use for OSEN as well, so include them
in that case, too.
Jouni Malinen [Sat, 20 Jun 2015 19:50:45 +0000 (22:50 +0300)]
Remove unnecessary wpa_ie_len check from wpa_parse_wpa_ie_wpa()
There is no need to have a separate "fail silently" case for wpa_ie_len
== 0. That condition does not seem to be reachable and even if it were,
the following "ie len too short" case will result in the exact same
return value.
Jouni Malinen [Sat, 20 Jun 2015 15:25:15 +0000 (18:25 +0300)]
Remove WEP40/WEP104 cipher suite support for WPA/WPA2
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.
Jouni Malinen [Sat, 20 Jun 2015 14:36:58 +0000 (17:36 +0300)]
FT: Stop association attempt if Auth response processing fails (SME)
Call the FT processing function directly instead of going through
wpa_supplicant_event() to process FT Authentication frame in SME case.
This allows parsing error to be used to trigger immediate failure for
the connection instead of trying to proceed to reassociation step that
cannot succeed.
Jouni Malinen [Sat, 20 Jun 2015 12:35:52 +0000 (15:35 +0300)]
tests: Make dbus_old_wps_pbc more robust
Flush the cfg80211 scan cache explicitly to avoid false failure reports
if a BSS entry from an earlier test case remain. Such a failure could be
hit, e.g., with the following test case sequence:
wpas_mesh_mode_scan p2p_channel_random_social dbus_old_wps_pbc
In case of a network interface removal, check if the interface
was also the parent interface of the P2P Device dedicated interface.
If this is the case, then stop the P2P Device functionality, and
remove the P2P Device dedicated interface.
In case that the interface is added again and P2P Device
functionality can be enabled again, add a new P2P Device dedicated
interface and allow further P2P Device functionality.
In case that the P2P Device dedicated interface is re-created, the
original P2P Device configuration file is needed, so store it in
the global params (instead in the wpa_interface configuration).
Ilan Peer [Wed, 17 Jun 2015 13:18:19 +0000 (16:18 +0300)]
nl8021: Allow sending wowlan configuration on any interface
Sending a wowlan configuration command can be done on any wireless
interface (not only netdev), as it is a device configuration and not
interface configuration specific. Fix the code to allow it to be
sent on any interface.
Ilan Peer [Wed, 17 Jun 2015 13:18:17 +0000 (16:18 +0300)]
nl80211: Remove android_genl_ctrl_resolve()
Android libnl_2 implementation added support for "nl80211" name in
commit 'libnl_2: Extend genl_ctrl_resolve() to support "nl80211" name'
in July 2012 which got included in Android 4.2. It is fine to drop this
old Android ICS workaround from wpa_supplicant now.
Eliad Peller [Wed, 17 Jun 2015 13:18:16 +0000 (16:18 +0300)]
P2P: Consider ht/vht on P2P_GROUP_ADD command (with no params)
p2p_ctrl_group_add() takes care of various configuration options (such
as ht/vht) before calling wpas_p2p_group_add(), so use it (just like
when P2P_GROUP_ADD is called with additional params).
Eliad Peller [Wed, 17 Jun 2015 13:18:15 +0000 (16:18 +0300)]
ctrl_iface: Make p2p_ctrl_group_add() more robust
Parse each parameter individually and combine all the function calls.
This will allow further patch to call it with no parameters (currently
this might result in failure).
Eliad Peller [Wed, 17 Jun 2015 13:18:14 +0000 (16:18 +0300)]
P2P: Fix secondary channel selection for HT40
wpas_p2p_get_ht40_mode() used blacklist approach (bw != BW20) to find
the relevant op_class, but didn't take into account other non-BW40
cases, like BW80, that had been added to the bw enum after the initial
implementation. Fix this by looking for the specific BW40 bw cases.
Jouni Malinen [Fri, 19 Jun 2015 10:45:16 +0000 (13:45 +0300)]
tests: Increase HTTPConnection timeout in ap_wps_upnp_http_proto
It looks like the previous timeout of 0.1 seconds could be hit under
parallel VM load, so double this to 0.2 second to avoid hitting
unnecessary test failures.
dbus: Add RemoveClient method to remove a client from local GO
This is equivalent to the P2P_REMOVE_CLIENT command on control
interface. This can be used to remove the specified client [as object
path or string format interface address] from all groups (operating and
persistent) from the local GO.
Argument(s): peer[object path] OR iface[string format MAC address]
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com> Signed-off-by: Jijo Jacob <jijo.jacob@samsung.com>
Avraham Stern [Wed, 17 Jun 2015 13:24:57 +0000 (16:24 +0300)]
P2P: Fix PBC overlap detection
PBC overlap detection searches for another BSS with active PBC in the
BSS table. However, when a separate P2P interface is used, scan results
without P2P IE are not saved in the BSS table, so non-P2P BSS's with
active PBC will not be detected.
Fix this by iterating only the WPS AP array instead of the BSS table.
This is also more efficient since only WPS APs may have active PBC. This
also fixes hwsim test "grpform_pbc_overlap" when a dedicated P2P Device
is used.
Ilan Peer [Wed, 17 Jun 2015 13:24:55 +0000 (16:24 +0300)]
tests: Fix wifi_display_persistent_group with P2P Device
Use the global control interface to list the P2P Device persistent
networks. Get and parse the P2P-GROUP-STARTED events, so later the
interface names would be available for the connectivity test etc. Both
of these are required when a dedicated P2P Device interface is used.
Jouni Malinen [Thu, 18 Jun 2015 22:14:35 +0000 (01:14 +0300)]
tests: NFC static handover with invalid contents
This adds test coverage to p2p_procesS_nfc_connection_handover() error
paths. This is also a regression test case for a memory leak on two of
these error paths.
Ben Rosenfeld [Wed, 17 Jun 2015 13:16:35 +0000 (16:16 +0300)]
P2P: Fix memory leak in p2p_process_nfc_connection_handover()
p2p_process_nfc_connection_handover() allocates msg memory in the parser
and might return before memory is released if the received message is
not valid.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Jouni Malinen [Thu, 18 Jun 2015 21:49:01 +0000 (00:49 +0300)]
EAP-FAST peer: Stop immediately on key derivation failure
If key derivation fails, there is no point in trying to continue
authentication. In theory, this could happen if memory allocation during
TLS PRF fails.
Ben Rosenfeld [Wed, 17 Jun 2015 13:16:34 +0000 (16:16 +0300)]
OpenSSL: Fix memory leak on an openssl_tls_prf() error path
Free tmp_out before returning to prevent memory leak in case the second
memory allocation in openssl_tls_prf() fails. This is quite unlikely,
but at least theoretically possible memory leak with EAP-FAST.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Jouni Malinen [Thu, 18 Jun 2015 19:33:48 +0000 (22:33 +0300)]
tests: Make ap_wps_ap_scan_2 more robust
The test sequence "scan_and_bss_entry_removed ap_wps_ap_scan_2" resulted
in failure due to an old BSS entry remaining from the first test case to
the second and the WPS_PBC operation on a forced BSSID ending up picking
the incorrect BSS entry. Make this more robust by clearing the scan
results from cfg80211.
Jouni Malinen [Thu, 18 Jun 2015 18:59:05 +0000 (21:59 +0300)]
tests: Make ap_wps_pbc_overlap_2* less likely to cause issues
Both of these test cases were leaving out BSS entries with active PBC
mode at the end of the test. This could result in the next text case
failing, e.g., in "ap_wps_pbc_overlap_2ap grpform_ext_listen" and
"ap_wps_pbc_overlap_2sta grpform_ext_listen" sequences. Fix this by
flushing the scan results more carefully at the end of the PBC overlap
test cases.
projects / thirdparty / hostap.git / log
