Commit graph

11016 commits

Author SHA1 Message Date
Avraham Stern
231b04b6cb utils: Share a single helper function to get IE by ID
Add a helper function to find a certain IE inside IEs buffer by ID and
use this function in several places that implemented similar
functionality locally.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-21 17:14:56 +02:00
Avraham Stern
ea69d9737c wpa_supplicant: Share a single get_mode() implementation
There is no need to duplicate this helper function in multiple files.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-21 17:14:51 +02:00
Jouni Malinen
75cc211d6b VLAN: Check vlan_desc validity in a failure debug print
The recent VLAN changes added an explicit code path that sets vlan_desc
= NULL within ap_sta_set_vlan(). This makes some code analyzers warn
about the debug print that could potentially dereference this pointer.
Silence that warning by verifying the pointer more consistently within
this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-20 19:22:43 +02:00
Nick Lowe
43022abdb9 Use 64-bit TX/RX byte counters for statistics
If the driver supports 64-bit TX/RX byte counters, use them directly.
The old 32-bit counter extension is maintained for backwards
compatibility with older drivers.

For nl80211 driver interface, the newer NL80211_STA_INFO_RX_BYTES64 and
NL80211_STA_INFO_TX_BYTES64 attributes are used when available. This
resolves the race vulnerable 32-bit value wrap/overflow. Rework RADIUS
accounting to use these for Acct-Input-Octets, Acct-Input-Gigawords,
Acct-Output-Octets, and Acct-Output-Gigawords, these values are often
used for billing purposes.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-20 19:03:10 +02:00
Andrei Otcheretianski
3f81ac0762 AP: Set STA assoc flag in the driver before sending Assoc Resp frame
Previously, stations were added to the driver only after the
(Re)Association Response frame was acked. In the time period between the
station has acked the (Re)Association Response frame and the time the
station was added to the kernel, the station can already start sending
Data frames, which will be dropped by the hardware/driver. In addition
to the data loss, the driver may ignore NDPs with PM bit set from this
STA.

Fix this by setting/adding the STA with associated flag set to the
driver before the AP sends the (Re)Association Response frame with
status success. If the (Re)Association Response frame wasn't acked,
remove the station from the driver.

Note that setting a station to associated state before the non-AP
station acknowledges the (Re)Association Response frame is not compliant
with the IEEE 802.11 standard that specifically states that a non-AP
station should transition to authenticated/associated state only after
it acknowledged the (Re)Association Response frame. However, this is a
justifiable simplification to work around the issue described above since

1. The station will be removed in case it does not acknowledge the
   (Re)Association Response frame.
2. All Data frames would be dropped until the station is set to
   authorized state and there are no known issues with processing the
   other Class 3 frames during the short window before the
   acknowledgement is seen.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-02-20 18:25:13 +02:00
Ayala Beker
bb598c3bdd AP: Add support for full station state
Add support for drivers that support full AP client state, i.e., can
handle adding stations that are not associated yet. For such drivers,
add a station after processing the authentication request, instead of
adding it in the association response callback.

Doing so is beneficial in cases where the driver cannot handle the add
station request, in which case it is useless to perform the complete
connection establishment.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-20 18:25:13 +02:00
Ayala Beker
dc55b6b672 nl80211: Add support for full station state operations
This provides means for determining whether the driver supports full AP
station state and setting the needed STA flags for using this
functionality.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-20 18:25:13 +02:00
Jouni Malinen
bccd22f356 tests: EAP-FAST protocol testing
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-20 18:25:13 +02:00
Jouni Malinen
5558b9980f EAP-FAST peer: Remove fixed return value from eap_fast_parse_phase1()
This function was always returning 0, so the error path was unreachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-20 10:07:29 +02:00
Jouni Malinen
d7ef6e6371 tests: Verify fast_max_pac_list_len=0 special case
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-20 10:06:02 +02:00
Nick Lowe
4b16c15bbc EAP-pwd server: Use os_get_random() for unpredictable token
Do not use os_random() that uses a low quality PRNG to generate the
anti-clogging token. The construction can be improved upon by replacing
it with a call to os_get_random(), which uses a high quality PRNG. While
the RFC 5931 explictly recommends not to do this ("SHOULD NOT be from a
source of random entropy"), it does still mandate unpredicability ("MUST
be unpredictable"). The anti-clogging token is most unpredictable when
it is taken from a high quality PRNG.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-19 18:44:40 +02:00
Nick Lowe
239952b4da DFS: Remove the os_random() fallback
Remove the fallback dependency on os_random() from the code that gets a
valid DFS channel. This is exceptionally unlikely to ever be called as
the call to os_get_random() is unlikely to fail. The intention is to
facilitate future removal of os_random() as it uses a low quality PRNG.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-19 18:44:40 +02:00
Nick Lowe
98a516eae8 WPS: Use only os_get_random() for PIN generation
Remove the fallback dependency on os_random() when generating a WPS pin.
This is exceptionally unlikely to ever be called as the call to
os_get_random() is unlikely to fail. The intention is to facilitate
future removal of os_random() as it uses a low quality PRNG.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-19 18:44:40 +02:00
Nick Lowe
f441e5af77 Use os_get_random() for Shared Key authentication challenge
Do not use the system clock or os_random() that uses a low quality PRNG
as part of the pseudo-random challenge in auth_shared_key(). The
construction can be improved upon by replacing it with a call to
os_get_random(), which uses a high quality PRNG.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-19 18:44:40 +02:00
Jouni Malinen
20c48fd99b tests: Allow PIN generation failure during OOM in ap_wps_random_ap_pin
This is needed to avoid reporting failures after a change to remove the
fallback path in PIN generation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-19 18:44:39 +02:00
Nick Lowe
8c676b5056 Add RADIUS Service-Type attribute with a value of Framed
This seems to be the common value used by APs and also mentioned in RFC
3580.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-19 18:44:39 +02:00
Jouni Malinen
78dd5c11ac tests: Renew expired certificates
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-19 18:44:39 +02:00
Masashi Honma
09d96de09e mesh: Drop Authentication frames from BLOCKED STA
Previously, only mesh Action frames from BLOCKED STA were dropped.
Extend that to drop Authentication frames as well.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-02-18 21:27:06 +02:00
Masashi Honma
70c93963ed SAE: Fix PMKID calculation for PMKSA cache
The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the
PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix
this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-02-18 21:07:47 +02:00
Nick Lowe
1492fbb90c Print Acct-Session-Id and Acct-Multi-Session-Id 64-bit values
These are now 64-bit variables and the printf formats and type casts
need to be updated to match.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-18 20:58:21 +02:00
Roy Marples
e21cecaf54 kqueue: Use 0 instead of NULL for udata
Use 0 for udata instead of NULL for portability.
NetBSD uses uintptr_t, others a pointer.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:40:12 +02:00
Roy Marples
640b0b933a ctype functions require an unsigned char
Ensure that characters are represented as unsigned char when using
isblank() and isspace(). These function take in a "int c" argument, but
it needs to be unsigned for the cases where EOF is not indicated.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:39:00 +02:00
Roy Marples
a5a3efccc2 Fix compile on NetBSD for vlan
Shuffle includes above system ones so to fix a compile issue
on NetBSD where the if_type #define from <net/if.h>
conflicts with the wpa_driver_if_type enum.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:09:14 +02:00
Roy Marples
a084c24469 wired: Fix compile on NetBSD for wired driver
Shuffle wpa_supplicant includes above system ones so that
to fix a compile problem on NetBSD where if_type #define
conflicts with the wpa_driver_if_type enum.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:03:57 +02:00
Roy Marples
634e2e29d6 Add CONFIG_ELOOP_KQUEUE to defconfig
Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:02:13 +02:00
Jouni Malinen
99a94f5588 nl80211: Avoid wpa_printf %s call with NULL pointer in set_param()
While most C libraries print "(null)" when NULL is used as an argument
to printf format string %s, this is not really necessary to print here,
so move the debug print to be after the NULL check.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-18 11:59:58 +02:00
Michael Braun
953aab8665 tests: Verify correct VLAN after RSN pre-authentication
This enhances the test pmksa_cache_preauth_vlan_used to check
connectivity in the correct VLAN bridge.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
732bbcc709 tests: Verify connectivity with untagged/tagged VLAN mixed configuration
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
57af507ea7 tests: Untagged VLAN ID with EGRESS_VLANID RADIUS attribute
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
571e690775 tests: STA assigned to vif under per_sta_vif
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
a8c235ee62 tests: Verify ap_vlan_iface_cleanup_multibss with per_sta_vif
This adds a new test case to run ap_vlan_iface_cleanup_multibss with
per_sta_vif enabled.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
629d369674 tests: Verify tagged-only connectivity
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
ba91e92023 wpa_supplicant: Parse ifname argument from DATA_TEST_CONFIG
This is required to test tagged VLANs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
8be640b780 VLAN: Add per-STA vif option
This allows the stations to be assigned to their own vif. It does not
need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if
!vlan_desc.notempty, so vlan_id can be assigned regardless.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
d0bdc96bdd VLAN: Actually add tagged VLANs to AP_VLAN
This makes vlan_newlink() and vlan_dellink() add tagged VLANs to AP_VLAN
interfaces as given by struct vlan_description.

hostapd_vlan_if_remove() is done in vlan_dellink() as tagged interfaces
need to be removed before the interface can be deleted and a DELLINK
message can be generated.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
f9c00188ca VLAN: Factor out per-vid code in newlink/dellink
To prepare for adding tagged VLAN support in vlan_init.c, vlan_newlink()
and vlan_dellink() are split into multiple functions. This reduces
indention and eases adding tagged VLANs as well.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
8e44c192da radius: Add tagged VLAN parsing
1. Add tagged VLAN to struct vlan_description
    (compile limited number of tagged VLANs per description)
    For k tagged VLANs, the first k entries in vlan_description.tagged
    are used. They are sorted in ascending order. All other entries are
    zero. This way os_memcmp() can find identical configurations.
2. Let tagged VLANs be parsed from RADIUS Access-Accept
3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set
4. Select an unused vlan_id > 4096 for new tagged VLAN configurations
5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
1889af2e0f VLAN: Separate station grouping and uplink configuration
Separate uplink configuration (IEEE 802.1q VID) and grouping of stations
into AP_VLAN interfaces.

The int vlan_id will continue to identify the AP_VLAN interface the
station should be assigned to. Each AP_VLAN interface corresponds to an
instance of struct hostapd_vlan that is uniquely identified by int
vlan_id within an BSS.

New: Each station and struct hostapd_vlan holds a struct
vlan_description vlan_desc member that describes the uplink
configuration requested. Currently this is just an int untagged IEEE
802.1q VID, but can be extended to tagged VLANs and other settings
easily.

When the station was about to be assigned its vlan_id, vlan_desc and
vlan_id will now be set simultaneously by ap_sta_set_vlan(). So
sta->vlan_id can still be tested for whether the station needs to be
moved to an AP_VLAN interface.

To ease addition of tagged VLAN support, a member notempty is added to
struct vlan_description. Is is set to 1 if an untagged or tagged VLAN
assignment is requested and needs to be validated. The inverted form
allows os_zalloc() to initialize an empty description.

Though not depended on by the code, vlan_id assignment ensures:
  * vlan_id = 0 will continue to mean no AP_VLAN interface
  * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id
    with no per_sta_vif and no extra tagged vlan.
  * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans.

This way struct wpa_group and drivers API do not need to be changed in
order to implement tagged VLANs or per_sta_vif support.

DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only,
thus grouping of the stations for per_sta_vif can be used with
DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct
hostapd_vlan is still used to manage AP_VLAN interfaces.

MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of
VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will
continue to refer to int vlan_id.

Renaming vlan_id to vlan_desc when type changed from int to struct
vlan_description was avoided when vlan_id was also used in a way that
did not depend on its type (for example, when passed to another
function).

Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN
%d" will refer to untagged IEEE 802.1q VID.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:11 +02:00
Jouni Malinen
3a583e0023 OpenSSL: Fix PKCS#12 parsing of extra certificates with OpenSSL 1.0.1
Commit 8bcf8de827 ('OpenSSL: Fix memory
leak in PKCS12 additional certificate parsing') tried to fix a memory
leak in both the 1.0.2(and newer) and 1.0.1 branches of PKCS12 parsing.
However, the 1.0.1 case was not properly tested and freeing of the
certificate after a successful SSL_CTX_add_extra_chain_cert() call
resulted in use of freed memory when going through the TLS handshake.
Fix this by not freeing the certificate in that specific case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 18:30:55 +02:00
Jouni Malinen
ddd0032e03 wpa_cli: Clean up logical operation
While '!func() == 0' here resulted in correct behavior, it is not clear
and clang is starting to warn about this (-Wlogical-not-parentheses).
Use 'func()' instead as the condition to clear this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 15:52:08 +02:00
Jouni Malinen
24c382af7a TDLS: Clean up os_memcmp use
Ciuple of the nonce comparisons used a strange '!os_memcmp() == 0' to
check if the values were different. While this resulted in correct
behavior, the construction is not exactly clear and clang has started
warning about this (-Wlogical-not-parentheses). Clean this up by using
'os_mecmp() != 0'.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 15:49:28 +02:00
Jouni Malinen
b333f53f6e tests: Fix eap_proto_sake_errors with OpenSSL 1.1.0
The use of the newer OpenSSL API in openssl_hmac_vector() removes one of
the memory allocations, so the TEST_ALLOC_FAIL here could not trigger.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 15:28:16 +02:00
Jouni Malinen
6136d43b8e trace: Free symbols on program exit
This makes valgrind memleak checks with CONFIG_WPA_TRACE=y somewhat
cleaner.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 14:10:29 +02:00
Jouni Malinen
8bcf8de827 OpenSSL: Fix memory leak in PKCS12 additional certificate parsing
The additional PKCS12 certificates were not freed properly in the loop
added in commit de2a7b796d ('OpenSSL: Use
connection certificate chain with PKCS#12 extra certs').

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 13:29:40 +02:00
Jouni Malinen
03e3ddf84e OpenSSL: Fix memory leak in HMAC_CTX compatibility wrapper function
Commit 5c9a33702f ('OpenSSL: Clean up
crypto_hash_*() to use a single implementation') added a wrapper
function to allow the new OpenSSL API to be used with older OpenSSL
versions. However, the HMAC_CTX_free() wrapper was incorrectly skipping
the call to HMAC_CTX_cleanup() which is still needed to free the
resources OpenSSL allocated internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 13:13:36 +02:00
Jouni Malinen
d9a0f69747 OpenSSL: Fix memory leak in OCSP parsing
The result from OCSP_cert_to_id() needs to be freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:40:41 +02:00
Jouni Malinen
29bc76e3d3 OpenSSL: Do not use library init/deinit functions with 1.1.0
SSL_library_init() does not work properly after EVP_cleanup() starting
from OpenSSL 1.1.0 pre release 3. The automated library init/deinit
functions in that pre release are supposed to handle all initialization
and deinitialiation, so comment out the explicit calls to these function
with OpenSSL 1.1.0 and newer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:35:34 +02:00
Jouni Malinen
0f09637001 OpenSSL: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:35:20 +02:00
Jouni Malinen
e60913b600 curl: Fix memory leak in subjectAltName parsing
The parsed data from X509_get_ext_d2i() needs to be freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:33:27 +02:00
Jouni Malinen
6014890bfb OpenSSL: Fix memory leak with EVP_CIPHER_CTX_new()
Commit 1eb87ae48d ('OpenSSL: Use
EVP_CIPHER_CTX_new() to work with OpenSSL 1.1.0') started using
EVP_CIPHER_CTX_new() to allocate EVP_CIPHER_CTX from heap instead of
using stack memory. This commit used incorrect EVP_CIPHER_CTX_reset()
function in number of cases when the allocated memory was supposed to be
freed instead of just reset for reuse. Fix this by using
EVP_CIPHER_CTX_free() properly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 00:30:43 +02:00