Commit graph

4721 commits

Author SHA1 Message Date
Jouni Malinen
8b706a99b8 nl80211: Add MFP information for NL80211_CMD_CONNECT
This was previously included only with NL80211_CMD_ASSOCIATE, but the
information is as useful (if not even more useful) for
NL80211_CMD_CONNECT. It should be noted that cfg80211 does not yet use
this attribute with NL80211_CMD_CONNECT, but that can be added easily.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-12 17:51:54 +02:00
Sunil Dutt
624b4d5a64 P2P: Use the same Dialog Token value for every GO Negotiation retry
Each GO Negotiation Request is (re)tried with an unique dialog token and
a GO Negotiation Response / Confirmation from the peer with a mismatched
dialog token is ignored which could result in a failure in this group
formation attempt. Thus, the P2P device would continue retrying the GO
Negotiation Request frames till the GO Negotiation Response frame with a
matching dialog token is received. To avoid the failures due to the
dialog token mismatch in retry cases if the peer is too slow to reply
within the timeout, the same dialog token value is used for every retry
in the same group formation handshake.

It should be noted that this can result in different contents of the GO
Negotiation Request frame being sent with the same dialog token value
since the tie breaker bit in GO Intent is still toggled for each
attempt. The specification is not very clear on what would be the
correct behavior here. Tie breaker bit is not updated on
"retransmissions", but that is more likely referring to the layer 2
retransmission and not the retry at higher layer using a new MMPDU.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-12 17:51:54 +02:00
Jan Vales
dd9b296ebf Include session transfer stats into SIGUSR1 dump
Add the RX/TX packets/bytes into each station's SIGUSR1 dump
information.

Signed-off-by: Jan Vales <jan@jvales.net>
2013-01-12 17:51:54 +02:00
Jouni Malinen
0ef29e0c0b SAE: Move temporary data into a separate data structure
This allows even more memory to be freed when the SAE instance enters
Accepted state. This leaves only the minimal needed memory allocated
during the association which is especially helpful for the AP
implementation where multiple stations may be associated concurrently.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
b4fd3613d3 SAE: Free temporary buffers when moving to Accepted state
Most of the variables are not needed anymore once the SAE instance
has entered Accepted state. Free these to save memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
30846fa65f SAE: Remove unnecessary sae_derive_k() wrapper
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
f05dad2090 SAE: Clean up exponent calculation for PWE
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
66fc91ab11 SAE: Share more commit value derivation between FFC and ECC cases
The rand/mask values and commit scalar are derived using the exact same
operations, so only use a separate function for deriving the commit
element.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
75870c933f SAE: Replace comparison to one with crypto_bignum wrapper
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
3b0ffebcda SAE: Rename and move ECC/FFC functions to be next to each other
This makes it easier to see where there is separate implementation for
ECC and FFC groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
4ef34a9960 SAE: Remove duplicated SAE field debug dumps
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
ce4479c106 SAE: Store commit elements as EC point or bignum instead of octet string
This avoids unnecessary EC point and bignum initialization steps during
the SAE exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
61bd6a307c SAE: Validate peer commit values as part of parsing the message
There is no need to postpone this validation step to a separate
processing operation for the commit message, so move the minimal
validation tasks into the parsing functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
24dc1e2a2c SAE: Split sae_parse_commit() into helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
b0f6124c1c SAE: Store commit scalars as bignum instead of octet string
This avoids unnecessary bignum initialization steps during the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
4df61ba5b9 SAE: Store PWE as EC point or bignum instead of octet string
This avoids unnecessary EC point and bignum initialization steps during
the SAE exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
b1677c393b SAE: Use more generic random bignum generation
Move the bignum comparison part into the bignum library to allow a
single implementation of rand generation for both ECC and FCC based
groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
629c56d70a SAE: Store rand value as bignum instead of octet string
This avoids unnecessary bignum initialization steps during the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
bf4f5d6570 SAE: Add support for FFC groups that do not use a safe prime
This allows DH groups 22, 23, 24 to be used with SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
2ce12789c1 Add Diffie-Hellman group definitions for MODP groups in RFC 5114
The groups 22, 23, and 24 are not based on a safe prime and generate a
prime order subgroup. As such, struct dh_group is also extended to
include the order for previously defined groups (q=(p-1)/2 since these
were based on a safe prime).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
fbfb0e65bf SAE: Add support for FFC groups
This allows FFC groups to be used with SAE. Though, these groups are not
included in the default sae_groups value based on what is available
since the FFC groups have the additional requirement of using a safe
prime with the current implementation (or specification of the group
order).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
388f535461 SAE: Maintain bignum of group order and prime in context data
This simplifies operations by not having to create bignum instances
multiple times during SAE exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
305fe835d4 Add more crypto_bignum_*() wrappers
These operations will be needed for SAE FCC group operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
6917c9e829 Allow AP mode deauth/disassoc reason code to be overridden
The optional "reason=<reason code>" parameter to the ctrl_iface
deauthenticate and disassociate commands can now be used to change the
reason code used in the disconnection frame. This can be used, e.g., by
P2P GO to disconnect a single P2P client from the group by sending it an
indication of the group getting terminated (Deauthentication frame with
reason code 3). It needs to be noted that the peer device is still in
possession on the PSK, so it can still reconnect to the group after this
if it does not follow the group termination indication.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-12 17:51:54 +02:00
Sunil Dutt
1a9f6509b3 P2P: Publish more connected clients info in Probe Response frames
This commit increases the maximum buffer size for P2P Client Info
advertized by the Group Owner in the Probe Response frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-12 17:51:53 +02:00
Jouni Malinen
5bfc46bb55 Extra validation to keep static analyzers happy
Use of two variables to track bounds checking seems to be a bit too much
for some static analyzers, so add an extra condition for buffer padding
to avoid incorrect warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
de61795e7c TDLS: Use merge_byte_arrays() helper
This makes implementation simpler and easier for static analyzers to
understand.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
301ed630a8 Replace macros with inline functions for WPA_{GET,PUT}_{BE,LE}*
These verify that a proper pointer type is used and in addition, seems
to get rid of some false static analyzer warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
cbf61176ed Add more debug info if wpa_supplicant_set_suites() fails
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
9c75e9fb81 WPS: Verify wpa_config_set() return value more consistently
Even though this command is very unlikely to fail, in theory, it could
and the WPS connection would fail in such a case. Return more clearer
failure indication in such a case without even trying to start
reassociation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
559cdabb0f Use more explicit way of copying pointer value to a buffer
The code initializing GMK Counter uses the group pointer value as extra
entropy and to distinguish different group instances. Some static
analyzers complain about the sizeof(pointer) with memcpy, so use a more
explicit type casting to make it more obvious what the code is doing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a50414c322 SAE: Check random_get_bytes() return value
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
4954c859ea SAE: Indicate used group in ctrl_iface STATUS
The new "sae_group=<id>" line will be included in the ctrl_iface STATUS
output if SAE was used for the association.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
625f202a74 SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
e056f93e60 Update copyright notices to include year 2013
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
cd9c2714e7 SAE: Add support for ECC group 21 (521-bit random ECP group)
In addition to the trivial change in adding the new group ientifier,
this required changes to KDF and random number generation to support
cases where the length of the prime in bits is not a multiple of eight.
The binary presentation of the value needs to be shifted so that the
unused most significant bits are the zero padding rather than the extra
bits in the end of the array.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
bf14657b9f SAE: Add support for additional ECC groups
In addition to the mandatory group 19 (256-bit random ECP group) add
support for groups 20 (384-bit), 25 (192-bit), and 26 (224-bit).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
cbf9f4c642 SAE: Fix PWE loop termination on excessive iterations
The counter>200 check needs to be done before the continue-on-not-found
case to be effective in stopping this loop.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
d5f5fa86e4 SAE: Set pwd-value length based on prime length
The buffer is set based on maximum group prime length, but pwd-value
needs to be correct length for the negotiated group.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a55f2eef71 SAE: Use EC group context to get the group prime
Do not use the hardcoded group19_prime buffer for this to allow group
negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
09200a1166 SAE: Use EC group context for peer-commit-scalar validation
Do not use the hardcoded group19_order/group19_prime buffers for this to
allow group negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
c5eb5b1999 SAE: Use EC group context for random number generation
Do not use the hardcoded group19_order/group19_prime buffers for this to
allow group negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
ce46ec8df0 SAE: Store the group order in EC context data
This makes the SAE implementation a bit simpler by not having to build
the bignum for group order during execution.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
4925b303db SAE: Use defines for key lengths
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
7babd2539c SAE: Add a define for maximum supported prime length
This can be used to increase buffer sizes when adding support for new
groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
12e06dc228 SAE: Use sae->prime_len instead of hardcoded 32
This is needed to allow multiple groups to be supported.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
19a5bd0a25 SAE: Use the EC context from struct sae_data
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a46d72d7d7 SAE: Maintain EC group context in struct sae_data
This can be used to share same EC group context through the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
aadabe7045 SAE: Use crypto wrappers instead of direct OpenSSL calls
This makes the SAE implementation independent of the crypto/bignum
library.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
619c70a0b2 crypto: Add wrappers for OpenSSL BIGNUM and EC_POINT
These new crypto wrappers can be used to implement bignum and EC
operations using various crypto libraries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00