Commit graph

10297 commits

Author SHA1 Message Date
Pali Rohár
f24e48861d EAP-TTLS peer: Fix parsing auth= and autheap= phase2 params
This patch fixes an issue with an invalid phase2 parameter value
auth=MSCHAPv2 getting interpreted as auth=MSCHAP (v1) which could
degrade security (though, only within a protected TLS tunnel). Now when
invalid or unsupported auth= phase2 parameter combinations are
specified, EAP-TTLS initialization throws an error instead of silently
doing something.

More then one auth= phase2 type cannot be specified and also both auth= and
autheap= options cannot be specified.

Parsing phase2 type is case sensitive (as in other EAP parts), so phase2
parameter auth=MSCHAPv2 is invalid. Only auth=MSCHAPV2 is correct.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
[Use cstr_token() to get rid of unnecessary allocation; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-18 00:24:30 +02:00
Matt Woods
47c1de20a4 atheros: Unify memory processing functions
There are two types of memory processing functions in the file
atheros_driver.c, such as memory and os_memory. Unify the processing
functions into one type which has the prefix "os_".

Signed-off-by: Matt Woods <matt.woods@aliyun.com>
2015-12-17 23:29:25 +02:00
Jouni Malinen
d386a9ace8 tests: TDLS with VHT 80, 80+80, and 160
This adds more coverage for TDLS testing for a case where the direct
link should use various VHT channel bandwidths.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-17 21:20:02 +02:00
Jouni Malinen
d06a35052f mesh: Fix VHT Operation information in peering messages
The full VHT channel information was not set in the hostapd data
structures which resulted in incorrect information (all zeros) being
used when building the VHT Operation element for peering messages while
the actual driver mode was set with the full details. We did not seem to
use the VHT information from peering messages, so this does not change
behavior with another wpa_supplicant-based mesh implementation. Anyway,
these elements should match the ones used in Beacon frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-17 21:20:02 +02:00
Jouni Malinen
7e40a8812b tests: Verify SIGNAL_POLL values in ap_vht80
This confirms that the station recognized and negotiated 80 MHz
channel use with VHT.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-17 21:20:02 +02:00
Jouni Malinen
138903f91f tests: Run OCSP test cases with internal TLS library
There is no sufficient OCSP support to go through these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 21:19:59 +02:00
Jouni Malinen
8ba8c01d0c TLS: Report OCSP rejection cases when no valid response if found
This adds a CTRL-EVENT-EAP-TLS-CERT-ERROR and CTRL-EVENT-EAP-STATUS
messages with 'bad certificate status response' for cases where no valid
OCSP response was received, but the network profile requires OCSP to be
used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 11:47:38 +02:00
Jouni Malinen
f163ed8bae TLS: Process OCSP SingleResponse(s)
This completes OCSP stapling support on the TLS client side. Each
SingleResponse value is iterated until a response matching the server
certificate is found. The validity time of the SingleResponse is
verified and certStatus good/revoked is reported if all validation step
succeed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 11:28:38 +02:00
Jouni Malinen
8e3271dcd1 TLS: Store DER encoded version of Subject DN for X.509 certificates
This is needed for OCSP issuerNameHash matching.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 11:28:38 +02:00
Jouni Malinen
32ce69092e TLS: Share digest OID checkers from X.509
These will be used by the OCSP implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 11:28:38 +02:00
Jouni Malinen
b72a36718f TLS: Support longer X.509 serialNumber values
This extends the old support from 32 or 64 bit value to full 20 octets
maximum (RFC 5280, 4.1.2.2).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 01:41:45 +02:00
Jouni Malinen
58a406202a tests: OCSP certificate signed OCSP response using key ID
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 00:49:26 +02:00
Jouni Malinen
af4eba16ce TLS: Parse and validate BasicOCSPResponse
This adds the next step in completing TLS client support for OCSP
stapling. The BasicOCSPResponse is parsed, a signing certificate is
found, and the signature is verified. The actual sequence of OCSP
responses (SignleResponse) is not yet processed in this commit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 00:48:34 +02:00
Jouni Malinen
8e416cecdb tests: Make key-lifetime-in-memory more robust for GTK check
The decrypted copy of a GTK from EAPOL-Key is cleared from memory only
after having sent out CTRL-EVENT-CONNECTED. As such, there was a race
condition on the test case reading the wpa_supplicant process memory
after the connection. This was unlikely to occur due to the one second
sleep, but even with that, it would be at least theorically possible to
hit this race under heavy load (e.g., when using large number of VMs to
run parallel testing). Avoid this by running a PING command to make sure
wpa_supplicant has returned to eloop before reading the process memory.
This should make it less likely to report false positives on GTK being
found in memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-14 17:23:47 +02:00
Jouni Malinen
f089cdf98e tests: Add more memory details on key-lifetime-in-memory
This makes it easier to see where in memory the key was found and what
there is in memory around that location.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-14 15:49:01 +02:00
Jouni Malinen
06f14421ea TLS: Parse OCSPResponse to extract BasicOCSPResponse
This adds the next step for OCSP stapling. The received OCSPResponse is
parsed to get the BasicOCSPResponse. This commit does not yet process
the BasicOCSPResponse.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
d560288a44 TLS: Parse CertificateStatus message
This allows the internal TLS client implementation to accept
CertificateStatus message from the server when trying to use OCSP
stapling. The actual OCSPResponse is not yet processed in this commit,
but the CertificateStatus message is accepted to allow the TLS handshake
to continue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
eeba168453 TLS: Add status_request ClientHello extension if OCSP is requested
This allows the internal TLS implementation to request server
certificate status using OCSP stapling. This commit is only adding code
to add the request. The response is not yet used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
4303d531a8 TLS: Parse ServerHello extensions
This prints the received ServerHello extensions into the debug log and
allows handshake to continue even if such extensions are included.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
16c43d2a8f tests: Run PKCS#12 tests with internal TLS crypto
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
6b7bb42923 TLS: Add minimal support for PKCS #12
This allows the internal TLS implementation to parse a private key and a
certificate from a PKCS #12 file protected with
pbeWithSHAAnd3-KeyTripleDES-CBC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
5ce2941bfe TLS: Extend PKCS #5 to support PKCS #12 style key decryption
This adds support for decrypting private keys protected with the old
PKCS #12 mechanism using OID pbeWithSHAAnd3-KeyTripleDES-CBC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
f6a62df8e1 TLS: Fix and complete ASN.1 tag list
One of the unused defines had incorrect value and couple of tags were
missing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-13 22:12:07 +02:00
Jouni Malinen
ca27ee0998 tests: External server certificate chain validation
This tests tls_ext_cert_check=1 behavior with EAP-TLS, EAP-TTLS,
EAP-PEAP, and EAP-FAST.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-13 21:12:20 +02:00
Jouni Malinen
3c108b7573 EAP peer: External server certificate chain validation
This adds support for optional functionality to validate server
certificate chain in TLS-based EAP methods in an external program.
wpa_supplicant control interface is used to indicate when such
validation is needed and what the result of the external validation is.

This external validation can extend or replace the internal validation.
When ca_cert or ca_path parameter is set, the internal validation is
used. If these parameters are omitted, only the external validation is
used. It needs to be understood that leaving those parameters out will
disable most of the validation steps done with the TLS library and that
configuration is not really recommend.

By default, the external validation is not used. It can be enabled by
addingtls_ext_cert_check=1 into the network profile phase1 parameter.
When enabled, external validation is required through the CTRL-REQ/RSP
mechanism similarly to other EAP authentication parameters through the
control interface.

The request to perform external validation is indicated by the following
event:
CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid>

Before that event, the server certificate chain is provided with the
CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump>
parameter. depth=# indicates which certificate is in question (0 for the
server certificate, 1 for its issues, and so on).

The result of the external validation is provided with the following
command:
CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad>

It should be noted that this is currently enabled only for OpenSSL (and
BoringSSL/LibreSSL). Due to the constraints in the library API, the
validation result from external processing cannot be reported cleanly
with TLS alert. In other words, if the external validation reject the
server certificate chain, the pending TLS handshake is terminated
without sending more messages to the server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 18:24:27 +02:00
Jouni Malinen
be90370bd5 tests: Fix wpas_ctrl_country and dbus_country with valid db.txt
init=CORE was previously used due to invalid db.txt data for 00. For
now, allow both it and the new init=USER after fixed db.txt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 12:45:30 +02:00
Jouni Malinen
5b7784a89c tests: EAP-FAST local error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 12:42:44 +02:00
Jouni Malinen
b6e5e14fd4 EAP-FAST peer: Fix PAC parser error messages
Do not override the parsing error with the "PAC block not terminated
with END" message if the reason for the END line not yet being seen is
in failure to parse an earlier line.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 12:00:28 +02:00
Jouni Malinen
5b904b3e42 EAP-FAST: Check T-PRF result in MSK/EMSK derivation
Pass the error return from sha1_t_prf() to callers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 11:20:05 +02:00
Jouni Malinen
b1d8c5ce6a EAP-FAST peer: Fix error path handling for Session-Id
It was possible to hit a NULL pointer dereference if Session-Id
derivation failed due to a memory allocation failure.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 11:12:32 +02:00
Jouni Malinen
36478a16e6 OpenSSL: Support new API for HMAC/EVP_MD_CTX in OpenSSL 1.1.x-pre1
The EVP_MD_CTX and HMAC_CTX definitions are now hidden from applications
using OpenSSL. Fix compilation issues with OpenSSL 1.1.x-pre1 by using
the new API for allocating these structures.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 18:11:39 +02:00
Jouni Malinen
1025603b3f tests: FT PTK rekeying triggered by AP/station after roam
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 00:14:36 +02:00
Jouni Malinen
9257610a6e FT: Fix FTIE generation for EAPOL-Key msg 3/4
This FTIE needs to be an exact copy of the one in (Re)Association
Response frame. Copy the stored element rather than building a new copy
that would not have the correct MIC value. This is needed to fix PTK
rekeying after FT protocol run.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 00:14:36 +02:00
Jouni Malinen
e44bd28cd1 FT: Fix sm->assoc_resp_ftie storing on the AP side
The FTIE from (Re)Association Response frame was copied before
calculating the MIC. This resulted in incorrect value being used when
comparing the EAPOL-Key msg 2/4 value in case PTK rekeying was used
after FT protocol run. Fix this by storing the element after the MIC
field has been filled in.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 00:14:35 +02:00
Jouni Malinen
59e78c2408 FT: Fix FTIE generation for 4-way handshake after FT protocol run
wpa_insert_pmkid() did not support cases where the original RSN IE
included any PMKIDs. That case can happen when PTK rekeying through
4-way handshake is used after FT protocol run. Such a 4-way handshake
used to fail with wpa_supplicant being unable to build the EAPOL-Key msg
2/4.

Fix this by extending wpa_insert_pmkid() to support removal of the old
PMKIDs, if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-10 00:14:35 +02:00
Jouni Malinen
cc02fd3eff tests: Make pmksa_cache_opportunistic_connect more robust
This test case could fail if the cfg80211 scan cache brought in a BSS
entry from an earlier test case and a new scan did not get executed
prior to the ROAM command. Fix this by forcing the scan to go through
prior to roaming to AP2

This issue showed up with the following test case sequence:
connect_cmd_roam pmksa_cache_opportunistic_connect

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 20:31:18 +02:00
Jouni Malinen
b0ecbd3a4a AP: Use more readable version of management group cipher in error cases
This makes it easier to interpret AP side debug log for a case where a
station specifies in unsupported management group cipher.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 20:01:05 +02:00
Jouni Malinen
0ceff76e7b tests: WPA2 AP processing of RSN IE differences
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 20:00:10 +02:00
Jouni Malinen
651c6a84af Add TEST_ASSOC_IE for WPA/RSN IE testing on AP side
The new wpa_supplicant control interface command "TEST_ASSOC_IE
<hexdump>" can now be used to override the WPA/RSN IE for Association
Request frame and following 4-way handshake to allow protocol testing of
AP side processing of WPA/RSN IE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 19:33:16 +02:00
Jouni Malinen
8eb45bde38 tests: Write GTK locations into debug log in key_lifetime_in_memory
It looks like it is possible for the GTK to be found from memory every
now and then. This makes these test cases fail. Write the memory
addresses in which the GTK was found to the log to make it somewhat
easier to try to figure out where the key can be left in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 17:48:43 +02:00
Jouni Malinen
1d32bc2c1c tests: Make dbus_wps_oom more robust
It was possible for the BSSs object property change signal to be
generated during the OOM test case for Get(). If that happened, the
signal was not sent out, but the following Get(BSSs) operation succeeded
unexpectedly which resulted in a test failure. Make this less likely to
happen by waiting 50 ms between the scan and Get(BSSs) operation. This
should be sufficient to cover most cases since wpa_supplicant uses 5 ms
timeout for D-Bus property changed updates.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 17:10:06 +02:00
Jouni Malinen
bc321e1597 tests: Make ap_max_num_sta_no_probe_resp more robust
It was possible for the AP's Beacon frame to be seen by dev[0] when
running a scan. This is not an error case. Make this test case more
robust by verifying with a sniffer whether a Probe Response frame was
sent to unexpected STA.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 13:38:18 +02:00
Jouni Malinen
58059e6c0c FST: Print debug entry on MB IE update based on EVENT_AUTH
This is more consistent with all the other callers of
wpas_fst_update_mbie().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 12:53:24 +02:00
Jouni Malinen
ce96e65cb7 tests: D-Bus vendor element operations
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 12:50:41 +02:00
Avichal Agarwal
af041f997d dbus: Add support for vendor specific elements
The new methods are
1. VendorElemAdd "i" "ay" i=integer ay=array of bytes
2. VendorElemGet "i" i=integer (output array of bytes)
3. VendorElemRem "i" "ay" i=integer ay=array of bytes

These provide functionality similar to the control interface commands
VENDOR_ELEM_ADD, VENDOR_ELEM_GET, and VENDOR_ELEM_REMOVE.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
[VendorElemGet to return array of bytes instead of string; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 12:50:13 +02:00
Jouni Malinen
b4e1e99577 tests: EAP-PSK local error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 11:13:12 +02:00
Jouni Malinen
4073ef22ae tests: EAP-IKEv2 local error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 00:39:27 +02:00
Jouni Malinen
5c8acf7d96 EAP-IKEv2: Check HMAC SHA1/MD5 result
Make the IKEv2 helper functions return a possible error return from the
HMAC routines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-05 21:49:04 +02:00
Jouni Malinen
d1341917ce tests: WPS and fragment ack OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-05 21:35:45 +02:00
Matt Woods
7b991b47eb Use proper build config for parsing proxy_arp
In the definition of struct hostapd_bss_config, proxy_arp isn't affected
by the macro CONFIG_HS20. In addition, proxy_arp is not described in the
section of Hotspot 2.0 in the file hostapd.conf. The item proxy_arp
should be decided its action area by the macro CONFIG_PROXYARP which is
used to select whether the needed function gets included in the build.

Signed-off-by: Matt Woods <matt.woods@aliyun.com>
2015-12-05 21:03:00 +02:00