Jouni Malinen [Sat, 10 Oct 2015 15:38:37 +0000 (18:38 +0300)]
Fix MSCHAP UTF-8 to UCS-2 conversion check for three-byte encoding
The utf8_string_len comparison was off by one and ended up accepting a
truncated three-byte encoded UTF-8 character at the end of the string if
the octet was missing. Since the password string gets null terminated in
the configuration, this did not result in reading beyond the buffer, but
anyway, it is better to explicitly reject the string rather than try to
use an incorrectly encoded UTF-8 string as the password.
Jouni Malinen [Sat, 10 Oct 2015 14:27:42 +0000 (17:27 +0300)]
tests: Additional OCSP coverage
Verify OCSP stapling response that is signed by the CA rather than a
separate OCSP responder. In addition, verify that invalid signer
certificate (missing OCSP delegation) gets rejected.
Jouni Malinen [Fri, 9 Oct 2015 21:07:32 +0000 (00:07 +0300)]
hs20-osu-client: Disable EST with BoringSSL to fix build
BoringSSL has dropped OpenSSL functionality that was used in the EST
implementation. For now, disable EST with BoringSSL to allow
hs20-osu-client to be built.
Jouni Malinen [Thu, 8 Oct 2015 13:03:06 +0000 (16:03 +0300)]
BoringSSL: Implement support for OCSP stapling
BoringSSL has removed the OpenSSL OCSP implementation (OCSP_*()
functions) and instead, provides only a minimal mechanism for include
the status request extension and fetching the response from the server.
As such, the previous OpenSSL-based implementation for OCSP stapling is
not usable with BoringSSL.
Add a new implementation that uses BoringSSL to request and fetch the
OCSP stapling response and then parse and validate this with the new
implementation within wpa_supplicant. While this may not have identical
behavior with the OpenSSL-based implementation, this should be a good
starting point for being able to use OCSP stapling with BoringSSL.
Jouni Malinen [Thu, 8 Oct 2015 09:10:24 +0000 (12:10 +0300)]
Increase the maximum hostapd.conf line length to 4096 bytes
It was already possible to use longer values through the control
interface SET command, but the configuration file parser was still
limited to 512 byte lines. Increase this to 4096 bytes since some of the
configuration parameters (e.g., anqp_elem) can be longer.
Ilan Peer [Thu, 24 Sep 2015 17:38:00 +0000 (20:38 +0300)]
P2PS: Add validation for P2PS PD Request
Validate that all the required attributes appear in a P2PS PD Request,
and in addition, in the case of follow-on PD Request, check that the
given values match those of the original PD Request.
Ilan Peer [Thu, 24 Sep 2015 17:37:58 +0000 (20:37 +0300)]
P2PS: Change connection capability handling
Change the connection capability handling so that in case there are no
active roles, the peer has an active GO, and the advertisement supports
operation as a client, the returned connection capability is set to
client.
Ilan Peer [Thu, 24 Sep 2015 17:37:57 +0000 (20:37 +0300)]
P2PS: Re-factor p2ps_group_capability()
The code was iterating all the interfaces, and for each interface
iterated all the network blocks to count active P2P GO and P2P Client
interfaces.
Change the code to reuse wpas_p2p_get_go_group() to get a P2P GO
interface and add wpas_p2p_get_cli_group() and use it to find a
P2P Client interface, and use these objects when evaluating the
group capability.
Ilan Peer [Thu, 24 Sep 2015 17:37:56 +0000 (20:37 +0300)]
P2PS: Re-factor wpas_p2p_get_go_group() and wpas_p2p_group_go_ssid()
Re-factor wpas_p2p_get_go_group() to:
1. Skip the dedicated P2P Device management interface if it is used.
2. Instead of iterating all the interface configured networks,
only access the current_ssid pointer to check if the current
interface is acting as a persistent P2P GO.
To avoid code duplication, also re-factor wpas_p2p_group_go_ssid()
to call wpas_p2p_get_go_group().
Max Stepanov [Thu, 24 Sep 2015 17:37:54 +0000 (20:37 +0300)]
P2PS: Send follow-on PD response only if status is 12
When a follow-on PD request is received, peer should not send a
follow-on PD response except the case when the PD request status value
is 12 (Success: accepted by user). Previously, the wpa_supplicant
implementation behaved differently sending the follow-on PD Response on
any follow-on PD Request.
Fix the issue by adding the following changes:
1. Don't send PD Response if the follow-on PD Request status is
different than 12 (seeker side).
2. Don't wait for the follow-on PD Response if the follow-on PD
Request was sent with the status different than 12 (advertiser
side).
3. If the follow-on PD Request was sent with the status different
than 12 use the follow-on PD Request ACK as PD completion event
(advertiser side).
4. Notify ASP about the PD completion by sending P2PS-PROV-DONE with
the PD Request status (advertiser side).
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
tests: Put seeker into extended listen when deferred PD is expected
Not doing so may result in a deferred PD flow failure (currently the
hwsim tests succeeded because seeker never stopped find, spending enough
time listening, so the follow-on PD would succeed).
Fix this by calling p2p_ext_listen when the seeker receives a deferred
PD failure event. Cancel extended listening when PD is done and also
stop find when seek is done.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
It is expected that p2p_flush() should stop any ongoing p2p operation.
However, this was not the case with extended listen which was not
cancelled on p2p_flush() flows. Fix this, by cancelling the extended
listen in p2p_flush().
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Wed, 7 Oct 2015 13:14:09 +0000 (16:14 +0300)]
Interworking: Add support for configuring arbitrary ANQP-elements
The new hostapd configuration parameter anqp_elem can now be used to
configure arbitrary ANQP-elements for the GAS/ANQP server. In addition
to supporting new elements, this can be used to override previously
supported elements if some special values are needed (mainly for testing
purposes).
The parameter uses following format:
anqp_elem=<InfoID>:<hexdump of payload>
For example, AP Geospatial Location ANQP-element with unknown location:
anqp_elem=265:0000
and AP Civic Location ANQP-element with unknown location:
anqp_elem=266:000000
Jouni Malinen [Wed, 7 Oct 2015 13:10:38 +0000 (16:10 +0300)]
Interworking: Support unknown ANQP-elements in BSS table
This allows wpa_supplicant to expose internally unknown ANQP-elements in
the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to
fetch the AP Geospatial Location ANQP-element and if the AP has this
information, the "BSS <BSSID>" command will include the response as
"anqp[265]=<hexdump>".
Adam Langley [Tue, 6 Oct 2015 18:05:53 +0000 (11:05 -0700)]
Android: Fix keystore-backed keys with BoringSSL
The switch to BoringSSL broke keystore-backed keys because
wpa_supplicant was using the dynamic ENGINE loading to load
the keystore module.
The ENGINE-like functionality in BoringSSL is much simpler
and this change should enable it.
Dmitry Ivanov [Tue, 6 Oct 2015 13:26:58 +0000 (16:26 +0300)]
Wait longer for inactive client probe (empty data frame)
Some devices cannot respond to inactive client probe (empty data frame)
within one second. For example, iPhone may take up to 3 secs. This
becomes a significant problem when ap_max_inactivity is set to lower
value such as 10 secs. iPhone can lose Wi-Fi connection after ~1 min
of user inactivity.
Helmut Schaa [Wed, 16 Sep 2015 12:04:56 +0000 (14:04 +0200)]
hostapd: Force RADIUS socket renewal on RADIUS auth failures
On RADIUS auth/acct failures hostapd will try a new server if one is
available. Reuse the failover logic to force a socket renewal if only
one RADIUS server is configured.
This fixes problems when a route for the RADIUS server gets added after
the socket was "connected". The RADIUS socket is still sending the
RADIUS requests out using the previous route.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Bob Copeland [Mon, 5 Oct 2015 12:16:40 +0000 (08:16 -0400)]
mesh: Generate proper AID for peer
IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on
the local node for each peer. Previously, we were using the peer link ID
(generated by the peer) which may not be unique among all peers. Correct
this by reusing the AP AID generation code.
Michael Braun [Mon, 5 Oct 2015 14:14:27 +0000 (16:14 +0200)]
Remove WEP support from VLAN
Commit d66dcb0d0b584afdbaba00adcfe661741703094d ('WEP: Remove VLAN
support from hostapd') already removed VLAN support for WEP encryption,
so vlan_setup_encryption_dyn() is no longer needed.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Mon, 5 Oct 2015 14:14:26 +0000 (16:14 +0200)]
Fix init of group state machine for static VLANs
This ensures that group key is set as long as the interface exists.
Additionally, ifconfig_up is needed as wpa_group will enter
FATAL_FAILURE if the interface is still down. Also vlan_remove_dynamic()
is moved after wpa_auth_sta_deinit() so vlan_remove_dynamic() can check
it was the last user of the wpa_group.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Sun, 4 Oct 2015 17:45:20 +0000 (20:45 +0300)]
tests: Read monitor messages more frequently
These test cases left at least one of the attached monitor sockets
blocking for excessive time: ap_wpa2_eap_aka_ext,
ap_hs20_req_conn_capab_and_roaming_partner_preference,
ap_hs20_min_bandwidth_and_roaming_partner_preference, ap_wpa_ie_parsing.
Jouni Malinen [Sun, 4 Oct 2015 15:27:54 +0000 (18:27 +0300)]
tests: Speed up hostapd_oom_loop tests
At some point, these hostapd_oom_* test cases started to fail with
wpa_msg() allocation failure for the AP-ENABLED event. This resulted in
unnecessary long test execution (waiting 30 seconds for an event that
was dropped). Speed this up by using a shorter timeout.
Jouni Malinen [Sun, 4 Oct 2015 08:58:24 +0000 (11:58 +0300)]
Add forgotten list entry removal for control interface deinit
dl_list_del() must be called before freeing the list entries. Neither of
these cases caused problems because the full list data structure was
freed, but still, it is better to do this properly.
Jouni Malinen [Sun, 4 Oct 2015 08:53:26 +0000 (11:53 +0300)]
Throttle control interface event message bursts
Some operations like a new scan result processing can result in large
number of wpa_supplicant control interface messages being generated.
Especially with multiple control interface monitors, this could result
in hitting the output queue length maximum and event messages getting
dropped. In worst case, that could even result in hitting ten
consecutive sendto() errors which could result in an attached monitor
socket getting detached.
Avoid this type of issues by throttling monitor event transmission based
on the output queue length. If more than half of the maximum send buffer
is used, postpone sending of following event messages until the pending
output queue has dropped below the limit.
Jouni Malinen [Sat, 3 Oct 2015 22:42:42 +0000 (01:42 +0300)]
tests: Make it less likely to overflow wlan5 control iface socket
Number of test cases did not read all control interface socket events
from the dynamically added wlan5 interface. This could result in hitting
maximum socket TX queue length and failures in the following test cases.
Jouni Malinen [Sat, 3 Oct 2015 21:35:12 +0000 (00:35 +0300)]
tests: Fix connect_cmd_roam with old scan results
connect_cmd_roam did not force a new scan to find the second AP. This
could result in failures due to the ROAM command getting rejected, e.g.,
in the following test case sequence: wext_pmksa_cache connect_cmd_roam.
Johannes Berg [Tue, 8 Sep 2015 09:46:32 +0000 (12:46 +0300)]
hostapd: Add testing option to use only ECSA
Some APs don't include a CSA IE when an ECSA IE is generated,
and mac80211 used to fail following their channel switch. Add
a testing option to hostapd to allow reproducing the behavior.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Set channel and operating class in hostapd_fill_csa_settings()
The CSA channel and operating class values need to be set for all types
of channel switch (i.e., either if it's triggered by the control
interfaces or due to the GO-follows-STA flow). To do so, move the code
that sets them from the GO-follows-STA flow to the more generic
hostapd_fill_csa_settings() function.
Use ieee80211_freq_to_chan() when getting segment indices
The hostapd_hw_get_channel() function can't be used to convert center
frequencies to channel numbers, because the hw mode lists don't have all
the center frequencies. The hw mode lists have the main channel
frequencies and flags to indicate the channel topography.
For instance, channel 5805 with VHT80- has the channel center frequency
segment 0 at 5775. This segment is only indicated indirectly in the hw
mode list by the HOSTAPD_CHAN_VHT_50_30 flag. The hw mode list doesn't
have any elements with frequency 5775 to allow the conversion to a
channel number. Thus, we need to use ieee80211_freq_to_chan() instead.
Provide an offset to CSA counters in Probe Response frames
Pass to the driver a list of CSA counter offsets when sending Probe
Response frames during a CSA period. This allows the kernel to correctly
update the CSA/eCSA elements.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
nl80211: Specify CSA offsets in send_mlme() driver op
Some management frames contain CSA counters which should be updated by
kernel. Change driver op send_mlme() allowing to send a frame,
specifying an array of offsets to the CSA counters which should be
updated. For example, CSA offsets parameters should be specified when
sending Probe Response frames during CSA period.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Advertise Supported Operating Classes elements in Beacon/Probe Response
Advertise current operating class in Beacon and Probe Response frames.
This Supported Operating Classes element is required by the standard
when extended channel switch is supported. However, since this element
doesn't reflect correctly the sub-band spectrum breakdown and can't be
effectively used by clients, publish only the minimal required part
which is the current operating class.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Tue, 8 Sep 2015 09:46:24 +0000 (12:46 +0300)]
Handle channel switch notification for other interface types
Channel switch notification was handled only for AP/GO interfaces. As
the notification can be sent on other interface types as well, extend
the handling to handle other interface types.
Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers
SCM if all the clients advertise eCSA support and the candidate
frequency is one of the group common frequencies.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
P2P: Trigger channel selection correctly during CSA
Do not consider moving GOs to a new channel if one of them is in the
middle of CSA. In addition, call wpas_p2p_update_channel_list() after
EVENT_CH_SWITCH is handled.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Tue, 8 Sep 2015 09:46:17 +0000 (12:46 +0300)]
P2P: Relax wpas_p2p_init_go_params() for P2P GO CSA
wpas_p2p_move_go_csa() uses wpas_p2p_init_p2p_params() to select the
frequency to move to. However, it is possible that all the channels are
already used, so the selection of a new frequency would fail, although
the frequency used by the P2P GO should not be considered as used if it
is the only one using it.
To overcome this, allow the frequency selection to continue even if all
the frequencies are in use, but the frequency used by the P2P GO is not
used by any station interface.
Use channel switch mechanism to move a P2P GO to a new channel,
when required. In order to be able to reconfigure the GO channel,
split wpa_supplicant_conf_ap() function, so the frequency
configuration part can be reused to find additional CSA settings.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Extended channel switch provides an ability to switch between operating
classes and is required for P2P Devices by the P2P specification when
switching in 5 GHz.
When the operating class is provided for channel switch, the AP/P2P GO
will use eCSA IE in addition to the regular CSA IE both on 2.4 GHz and 5
GHz bands.
Transitions between different hw_modes are not supported.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Channel switch may be performed using both CSA and eCSA IEs together.
This may happen, for example with a P2P GO on band A with legacy
clients. Extend driver API to support up to 2 CSA counters.
This patch also includes the required implementation for nl80211.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When building Beacon and Probe Response frames for the target channel,
consider bandwidth parameter for VHT channels. In addition, add support
for updating vht_oper_centr_freq_seg0_idx and
vht_oper_centr_freq_seg1_idx.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When switching to a VHT channel with width greater than 20 MHz, add Wide
Bandwidth Channel Switch element. This element is added in Beacon and
Probe Response frames inside Channel Switch Wrapper element.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use previously computed channel in cs_freq_params for Beacon frames
When CSA is started, hostapd_change_config_freq() computes the channel
from the provided frequency. Use this stored channel to add CSA IE in
Beacon frames, instead of recomputing the channel each time.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Fri, 2 Oct 2015 16:16:04 +0000 (19:16 +0300)]
tests: Fix OCSP response for ap_wpa2_eap_ttls_ocsp_revoked
Due to a serial number mismatch, the correct "revoked" status was not
used; instead "unknown" was used. While the test case would not fail for
this, incorrect code path was checked.
The readline library depends on ncurses, so it should be set before
ncurses on the linker command line to be able to be statically linked
successfully.
Signed-off-by: David du Colombier <0intro@gmail.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Jouni Malinen [Thu, 1 Oct 2015 15:51:04 +0000 (18:51 +0300)]
Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
Commit 7d711541dced759b34313477d5d163e65c5b0131 ('Clear TK part of PTK
after driver key configuration') started clearing TK from memory
immediately after having configured it to the driver when processing
EAPOL-Key message 3/4. While this covered the most common case, it did
not take into account the possibility of the authenticator having to
retry EAPOL-Key message 3/4 in case the first EAPOL-Key message 4/4
response is lost. That case ended up trying to reinstall the same TK to
the driver, but the key was not available anymore.
Fix the EAPOL-Key message 3/4 retry case by configuring TK to the driver
only once. There was no need to try to set the same key after each
EAPOL-Key message 3/4 since TK could not change. If actual PTK rekeying
is used, the new TK will be configured once when processing the new
EAPOL-Key message 3/4 for the first time.
This commit contains the necessary changes to parallelize
distinct radio work operations which are different in type and
the band used, only when the underlying driver is capable of
supporting such simultaneous offchannel operations.
nl80211: Support vendor scan together with normal scan
Allow wpa_supplicant to use vendor scan (if supported by the driver)
together with the normal nl80211 scan and handling external scan events.
Since this results in possibility of concurrent scan operations, some of
the operations related to scan results need to check more carefully when
an event is relevant for a specific interface.
This commit contains the necessary changes for supporting the QCA vendor
scan implementation, i.e., sending the vendor scan command to underlying
driver and handling the vendor scan events from the driver.
Johannes Berg [Tue, 15 Sep 2015 15:09:22 +0000 (17:09 +0200)]
tests: Add test for hostapd cli ordering
When the 'SET wpa 2' command is executed last, it seems to somehow
reset parts of the settings, causing hostapd to beacon with the
pairwise cipher suite selector set to 00-0F-AC:0 (none/use-group).
This is not permitted and should be rejected; wpa_supplicant also
cannot connect.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Do not clear RSN parameters before full configuration
This fixes an issue where hostapd SET command is used to configure RSN
parameters and the wpa parameter is sent after the other parameters.
Previously, the default case here ended up clearing rsn_pairwise and
wpa_pairwise values and once wpa=2 was finally set, the cipher
configuration had already been lost.
Maneesh Jain [Thu, 18 Jun 2015 04:16:34 +0000 (09:46 +0530)]
D-Bus: Add InvitationReceived Signal
This is equivalent to the P2P_EVENT_INVITATION_RECEIVED signal on the
control interface. It can be used to sent the Invitation Received signal
to applications written using D-Bus.
Fix an iteration bug in get_shared_radio_freqs_data when building
freqs_data array. Only the last used-by flag was maintained instead of
making this a bitfield of all found uses.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
D-BUS: dev_passwd_id should be "q" because it uses DBUS_TYPE_UINT16
This corrects the type of dev_passwd_id in GONegotiationRequest event.
This field is packed as DBUS_TYPE_UINT16 but in
wpas_dbus_interface_signals it was "i" which is DBUS_TYPE_INT32.
projects / thirdparty / hostap.git / log
