Commit graph

14657 commits

Author SHA1 Message Date
John Crispin
289a9cf7ae HE: Add HE Operation element to element parser
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
Jouni Malinen
d70776098d VHT: Remove copying of VHT Operation element from (Re)Assoc Req
This copying attempt was added incorrectly since that element is never
actually present in (Re)Association Request frames. It is only valid to
copy that element from the mesh peering frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 18:03:40 +03:00
Jouni Malinen
ce362f885f FILS: Explicitly clear plaintext buffer for Assoc Resp
This buffer may contain GTK and IGTK, so better clear it explicitly from
heap memory before freeing the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
31bc66e4d1 More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously
used os_memset() to explicitly clear a stack buffer that contains keys
when that clearing happened just before returning from the function.
Since memset_s() is not exactly portable (or commonly available yet..),
use a less robust mechanism that is still pretty likely to prevent
current compilers from optimizing the explicit clearing of the memory
away.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
e1923f5b6a tests: Skip ap_ft_eap_sha384_reassoc without CONFIG_SUITEB192=y
This test case required Suite B 192-bit support to be enabled in the
build, so skip it if that is not the case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 22:24:30 +03:00
Masashi Honma
18f4fc43f2 hs20-osu-client: Check snprintf result to avoid compiler warnings
Fix false positive warnings by gcc 8.3.0.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-05-25 21:58:29 +03:00
Jouni Malinen
0de46d8a66 mesh: Fix RSN initialization failure handling
The driver was left in mesh mode (joined to the group) if RSN
authenticator initialization failed. This could result in next
operations failing due to unexpected driver state.

This was found with the following hwsim test case sequence:
mesh_wpa_auth_init_oom dpp_config_no_discovery

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:48:45 +03:00
Jouni Malinen
7d43c7b2d6 nl80211: Write event name in debug log for ignored events
This makes it easier to understand debug logs from systems that have
multiple interfaces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:37:23 +03:00
Jouni Malinen
c9ead82d11 tests: Fix robustness issue in DPP test cases with SAE
The sae_groups parameter needs to be cleared before attempt a SAE
connection in a test case to avoid issues with this parameter having
been left to something else than the default one by a previous test
case. This was found with the following sequence:
sae_pwe_failure dpp_auto_connect_legacy_psk_sae_1

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:18:24 +03:00
Jouni Malinen
baf8ab8cec RADIUS server: Do not close fd=0 in error cases
Initialize auth_sock and acct_sock to -1 to avoid radius_server_deinit()
attempting to close fd=0 if anything fails in setting up the RADIUS
server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 19:10:08 +03:00
Jouni Malinen
f82a840878 tests: Fix ERP test cases to close separate AS (ifname=as-erp)
The earlier change from using apdev[1] to using a no-interface
ifname=as-erp in the ERP related test cases ended up leaving the
separate authentication server interface running after the end of the
test case. This left UDP port 18128 open and any consecutive test case
needing this port failed to start another authentication server.

This can be reproduced with following test case sequence:
fils_auth_gtk_rekey authsrv_unknown_user

Fixes: e374def207 ("tests: Start ERP authentication server without AP")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 19:07:11 +03:00
Jouni Malinen
2d11e5d5e6 tests: ERP with EAP-SIM/AKA/AKA' fast reauthentication
Verify Session-Id derivation when using EAP-SIM/AKA/AKA' fast
reauthentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 17:18:39 +03:00
Mohit Sethi
5eefa8115b EAP-AKA: Add Session-Id derivation during fast-reauth
The Session-Id derivation for EAP-AKA in RFC 5247 only explained how the
Session-Id is derived for regular authentication. Jouni reported it as
an errata with text explaining how to derive it during fast
reauthentication.

This patch now exports the Session-Id for EAP-AKA during fast
reauthentication based on this Session-Id = 0x17 || NONCE_S || MAC
construction.

Also documented by Alan Dekok in draft-dekok-emu-eap-session-id.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 17:17:00 +03:00
Mohit Sethi
1c16b257a0 EAP-SIM: Add Session-Id derivation during fast-reauth
The Session-Id derivation for EAP-SIM in RFC 5247 only explained how the
Session-Id is derived for regular authentication. Jouni reported it as
an errata with text explaining how to derive it during fast
reauthentication.

This patch now exports the Session-Id for EAP-SIM during fast
reauthentication based on this Session-Id = 0x12 || NONCE_S || MAC
construction.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 17:05:03 +03:00
Mohit Sethi
2f6700c9c6 defconfig: Add config parameter for SIM simulator for EAP-SIM
Allow compilation of internal GSM-Milenage implementation for EAP-SIM
testing with eapol_test.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 16:26:44 +03:00
Alona Solntseva
6b43264e79 hostapd_cli: Add update_beacon command
Add ability to use UPDATE_BEACON with hostapd_cli. The option has been
exposed in ctrl_iface already.

Signed-off-by: Alona Solntseva <alona.solntseva@tandemg.com>
Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
2019-05-25 16:17:44 +03:00
Jouni Malinen
312ec34e40 UBSan: Avoid dependency on undefined behavior in internal AES operation
The rcons[] and Td4s[] array values need to be type cast explicitly to
u32 for the left shift 24 operation to be defined due to the implicit
conversion to int not handling the case where MSB would become 1 without
depending on UB.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14929
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:51:12 +03:00
Jouni Malinen
27486bc5ab tests: Fix ap-mgmt-fuzzer exit to free memory
This fuzzing wrapper does not go through full hostapd_clean_iface() call
to free memory, so call ap_list_deinit() to avoid reporting memory leaks
from added AP list entries. This case could not be hit with
hostapd/wpa_supplicant since they perform full interface deinit on
interface removal.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14928
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:34:58 +03:00
Jouni Malinen
5bad612311 WNM: Fix bounds checking in SSID List element matching
The IE header length check was off-by-one and that could allow the loop
to read one octet beyond the end of the buffer before breaking out in
the second check.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14927
Fixes: 0a66ce3c49 ("WNM: Add support for SSID List element matching")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:29:47 +03:00
Jouni Malinen
724c0f17b8 tests: Fix p2p-fuzzer callbacks
Couple of the callback functions had changed their prototypes and
p2p-fuzzer compilation resulted in a warning and not returning
*scheduled from the send_action() callback. This was reported as
use-of-uninitialized-value which was not really possible with
wpa_supplicant since the issue was only in the fuzzing wrapper.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14924
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:20:01 +03:00
Jouni Malinen
d27f1acbfa tests: Preferred Candidate List with truncated BSS Termination Duration
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:20:01 +03:00
Jouni Malinen
e8ebef87cb WNM: Fix BSS Termination Duration subelement length validation
The length check for the BSS Termination Duration subelement was
accidentally removed and this could result in reading up to 10 bytes
beyond the end of a received frame. The actual read bytes would be
stored locally, but they were not used for anything, so other than
reading beyond the end of an allocated heap memory buffer, this did not
result in any behavior difference or exposure of the bytes.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14922
Fixes: 093226783d ("WNM: Simplify how candidate subelements are stored")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:19:33 +03:00
Jouni Malinen
2dfe2ad6cb tests: Free WNM allocations cleanly in wnm-fuzzer
Avoid a memory leak in fuzzer tests by calling wnm_deallocate_memory()
before exiting since this fuzzing wrapper does not use full
wpa_supplicant_cleanup().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-24 16:30:19 +03:00
Jouni Malinen
358141344a tests: DPP channel-list with multiple channels in opclass
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 01:37:16 +03:00
Jouni Malinen
b1aee7a622 DPP: Fix bootstrapping URI parser to handle channel list for an opclass
The bootstrapping URI format for DPP was extended during protocol design
to allow a list of channels without having to repeat the same operating
class information for each channel. That change was not included in the
initial implementation of the parser and a channel-list like
"C:81/1,6,11" would not be understood correctly (i.e., only the longer
"C:81/1,81/6,81/11" form would have been parsed correctly).

Fix this by extending the parser to accept both the shorter and longer
form for a list of channels within a single operating class.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 01:34:24 +03:00
Jouni Malinen
69afb6b395 FILS: Verify RSNE match between Beacon/Probe Response and (Re)AssocResp
IEEE Std 802.11ai-2016 requires the FILS STA to do this check, but this
was missing from the initial implementation. The AP side behavior was
not described properly in 802.11ai due to a missing change in the
(Re)Association Response frame format tables which has resulted in some
deployed devices not including the RSNE.

For now, use an interoperability workaround to ignore the missing RSNE
and only check the payload of the element if it is present in the
protected frame. In other words, enforce this validation step only with
an AP that implements FILS authentication as described in REVmd while
allowing older implementations to skip this check (and the protection
against downgrade attacks). This workaround may be removed in the future
if it is determined that most deployed APs can be upgraded to add RSNE
into the (Re)Association Response frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 00:34:43 +03:00
Jouni Malinen
831d8c9cf5 FILS: Add RSNE into (Re)Association Response frame
This AP behavior was missing from IEEE Std 802.11ai-2016, but it is
needed for the RSNE validation to work correctly and for a FILS STA to
be able to perform the mandatory check for RSNE matching when processing
the (Re)Association Response frame (as described in 802.11ai). REVmd
will be updating the standard to cover this AP case, so prepare the
implementation to match that. Without this, a FILS STA might reject
association whenever using FILS authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-23 00:34:43 +03:00
Jouni Malinen
a96c783645 dbus: Fix some memory leaks on error paths
wpa_dbus_dict_close_write() was not called if
fill_dict_with_properties() fails and that could result in leaking
memory. Fix this in two cases. There might be other missing calls to
jouni@codeaurora.org() on error paths, but those will need to be handled
separately with more complex changes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 22:06:46 +03:00
Jouni Malinen
e3b39e62c2 OpenSSL: Fix a memory leak in OCSP handling
If OCSP_resp_find_status() fails with the first OCSP_CERTID, the
generation of the second OCSP_CERTID ended up leaking memory. Fix this
by freeing the previously allocated OCSP_CERTID on that code path.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 21:08:53 +03:00
Jouni Malinen
6602d9e3a6 DPP: Fix a memory leak in testing sequence
Do not allow auth->own_protocol_key to be overridden without having
freed the previously stored key in case a test sequence in
dpp_proto_auth_conf_replaced_by_resp is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 20:38:10 +03:00
Jouni Malinen
c5622b43cd DPP: Fix a memory leak on duplicate Authentication Response
Do not allow auth->peer_protocol_key to be overridden without having
freed the previously stored key in case two Authentication Response
messages are received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 20:25:10 +03:00
Jouni Malinen
1cdfe8d23f DPP: Fix a memory leak in PKEX Qi/Qr derivation
The result of EC_GROUP_dup() needs to be freed, so do so within the
derivation functions for all error cases and in the callers for success
cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 19:59:21 +03:00
Jouni Malinen
51dc146f3e EAP-PAX server: Avoid debug prints of uninitialized memory in error cases
Use a separate error case handler for eap_pax_mac() failures and memcmp
to avoid wpa_hexdump() calls for the (mainly theoretical) local error
cases in deriving the MAC.

Fixes: b3c2b5d9f7 ("EAP-PAX server: Check hash function results")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 19:02:19 +03:00
Jouni Malinen
677e120181 dragonfly: Fix a memory leak on error path
This is mostly a theoretical case, but since crypto_bignum_rand() could
fail, need to free the allocated struct crypto_bignum *tmp in such a
case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:55:57 +03:00
Jouni Malinen
8925d2010d OpenSSL: Fix memory leak in crypto_dh_derive_secret()
BN_clear() does not free the BIGNUM; it only clears its value. Fix this
memory leak by using the appropriate BN_clear_free() function instead.

Fixes: b11fa98bcb ("Add explicit checks for peer's DH public key")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:53:32 +03:00
Jouni Malinen
57ec74ea9b DPP: Fix memory leak in EC_GROUP handling
EC_GROUP_new_by_curve_name() allocates memory for the returned pointer,
so need to free this with EC_GROUP_free() before leaving the calling
functions. This was leaking memory when parsing JWK and when performing
PKEX.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:32:29 +03:00
Jouni Malinen
7a9ddba6f5 DPP: Fix a memory leak in key pair generation
ec_params needs to be free within dpp_gen_keypair() to avoid leaking the
allocated memory.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 18:27:06 +03:00
Jouni Malinen
7153540c39 tests: Enable full memory leak reporting in valgrind
This has heavier CPU and memory requirements, but is needed to report
memory leaks in libraries.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 13:07:50 +03:00
Jouni Malinen
f9cd1327ad OpenSSL: Fix memory leak in crypto_ecdh_init()
ec_params needs to be freed before returning from the function.
Extension of this function to support BoringSSL introduced this memory
leak and that was later extended to be the only variant and apply to
OpenSSL and LibreSSL cases as well in commit c23e87d0d1 ("OpenSSL:
Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()").

Fixes: f29761297b ("BoringSSL: Implement crypto_ecdh_init()")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-08 12:16:03 +03:00
Paul Zhang
fb10f3bb65 Add subcmd QCA_NL80211_VENDOR_SUBCMD_INTEROP_ISSUES_AP
In practice, some APs have interop issues with the DUT. This sub command
is used to transfer the AP info between the driver and user space. This
works both as a command and event. As a command, it configures the
stored list of APs from user space to firmware; as an event, it
indicates the AP info detected by the firmware to user space for
persistent storage. The attributes defined in enum
qca_vendor_attr_interop_issues_ap are used to deliver the parameters.

Signed-off-by: Paul Zhang <paulz@codeaurora.org>
2019-05-07 13:03:51 +03:00
Jouni Malinen
a85d4ed1c0 tests: FILS SK using ERP and SHA256/SHA384 change in roam
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-06 23:43:33 +03:00
Jouni Malinen
e374def207 tests: Start ERP authentication server without AP
There is no actual need for running the authentication server with
driver=nl80211, so simplify this by using driver=none instead. This
frees up apdev[1] for actual AP needs in the test cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-06 23:36:30 +03:00
Jouni Malinen
8528ad0c60 tests: Enable virtual time in UML
This speeds up test execution significantly by removing unnecessary
waiting for things to happen since the kernel log is allowed to jump
forward whenever there is nothing to do.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-06 20:29:16 +03:00
John Crispin
ad5224dd43 HE: Fix typo srp -> spr in hostapd configuration parameters
The initial commit used srp instead of spr for the spatial reuse
configuration prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-05 00:59:18 +03:00
John Crispin
b505ef7e96 HE: Do not add SPR IE if sr_control is set to 0
If none of the sr_control bits are set, we do not neet to add the IE to
the Beacon frame.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-05 00:58:25 +03:00
Jouni Malinen
4abaf4df84 tests: Make ap_csa_disable more robust
This test case was failing frequently due to the station not being able
to connect back to the AP if the interrupted channel switch ended up
moving the AP to the new channel anyway on restart. Scan both possible
channels to allow the AP to be found in either case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-05 00:57:37 +03:00
Jouni Malinen
b756cd4959 tests: Add forgotten CONFIG_IEEE80211AX=y to the defaults
This was supposed to be added when test_he.py was added.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-05 00:57:37 +03:00
Jouni Malinen
de94be0acd Enforce that IEEE 802.1X EAPOL-Key Replay Counter increases
While this should not happen in practical use cases,
wpa_get_ntp_timestamp() could return the same value when called twice in
a row quickly. Work around that case by enforcing a new Replay Counter
value based on stored last value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-05 00:57:37 +03:00
Jouni Malinen
1cefd89b37 tests: Support UML kernel as a replacement for KVM
This allows UML builds to be used in running user mode without having to
run the full x86 kernel in virtual machine.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-05 00:44:04 +03:00
Jouni Malinen
6980542556 tests: sigma_dut and TLS server certificate constraints
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-03 13:06:44 +03:00