Commit graph

16338 commits

Author SHA1 Message Date
Santtu Lakkala
8ba809f67b OpenSSL: Allow ca_cert_blob in PEM format
GnuTLS backend already accepts CA cert blobs in both DER and PEM
formats. Implement similar trial-and-error handling in OpenSSL backend.

Signed-off-by: Santtu Lakkala <santtu.lakkala@jolla.com>
2019-05-28 13:39:01 +03:00
Johannes Berg
2080f4c779 tests: uml: Request non-raw serial ports
When the serial ports are set into raw mode on stdio (fd:0,fd:1)
then Ctrl-C is sort of passed through, but not effective. Request
non-raw mode to avoid that and let us cancel test execution with
Ctrl-C properly (both in parallel-vm.py and vm-run.sh cases).

Note that this requires a currently out-of-tree patch, but so
does the virtual time. If the patch is not applied, the command
line argument is ignored.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:34:44 +03:00
Johannes Berg
d5d156bd92 AP: add station with basic rates configuration
When a new station is added, let it have some supported rates
(they're empty without this change), using the basic rates
that it must support to connect.

This, together with the kernel-side changes for client-side,
lets us finish the complete auth/assoc handshake with higher
rates than the mandatory ones, without any further config.

However, the downside to this is that a broken station that
doesn't check the basic rates are supported before it tries
to connect will possibly not get any response to its auth
frame.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:33:00 +03:00
Jouni Malinen
658ed3ba62 tests: Fix status fetching loop in macsec_psk_ns with UML
time-travel=inf-cpu needs bit more wait before being able to fetch the
STATUS* items after initial connection request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 00:02:14 +03:00
Jouni Malinen
e87e6f609b tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL
Need to drop OpenSSL security level to 0 for ADH-AES128-SHA to work with
the latest library version.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 00:01:01 +03:00
Jouni Malinen
1df79115aa tests: Fix sae_anti_clogging_during_attack with UML time-travel=inf-cpu
Need to add short break to allow time-travel=inf-cpu case to allow the
connection events to be processed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-27 23:11:47 +03:00
Jouni Malinen
298eb0792e tests: Give more time in ap_wpa2_psk_ext_delayed_ptk_rekey for UML
Waiting for exactly one second for a one second timeout with
time-travel=inf-cpu is not exactly robust, so increase that wait to be
able to see the last EAPOL-Key TX attempt from hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-27 22:53:53 +03:00
Jouni Malinen
f19c56e383 tests: Fix ap_wpa2_eap_status loop with UML time-travel=inf-cpu
Busy loop for waiting is not going to work with time-travel=inf-cpu, so
need to something a bit more explicit to wait for the wpa_supplicant
process to proceed while not fully breaking the idea of this test case
to iteration through large number of STATUS-VERBOSE commands to hit
different states.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-27 22:43:07 +03:00
Jouni Malinen
d55035c935 tests: Use time-travel=inf-cpu with UML
This is the current proposed way of configuring virtual time.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-27 22:43:04 +03:00
John Crispin
4f3f33804a HE: Make the basic NSS/MCS configurable
Add a config option to allow setting a custom Basic NSS/MCS set. As a
default we use single stream HE-MCS 0-7.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:45:04 +03:00
John Crispin
63e1940432 HE: Verify supported capabilities
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:42:40 +03:00
John Crispin
0cd5b4ee30 HE: Enable channel switch similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:42:14 +03:00
John Crispin
958cb34886 HE: Enable DFS similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:41:49 +03:00
John Crispin
1d2c45ecfc HE: Enable ACS similarly to VHT
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:41:23 +03:00
John Crispin
8b18d2b24e HE: Disable HE on channel 14
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:40:59 +03:00
John Crispin
de21d1d6e2 HE: Handle HE capability in neighbor DB
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:40:33 +03:00
John Crispin
88005ee98d HE: Pass in HE information into hostapd_set_freq_params()
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:33:59 +03:00
John Crispin
ad9a1bfe78 nl80211: Share VHT channel configuration for HE
Set operating channel bandwidth and center frequencies using the same
attributes for VHT and HE.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:03:39 +03:00
John Crispin
78d35b16de HE: Add AP mode MLME/SME handling for HE stations
Process HE information in (Re)Association Request frames and add HE
elements into (Re)Association Response frames when HE is enabled in the
BSS.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:40:48 +03:00
John Crispin
8f5fc369e2 HE: Fix HE Capabilities element variable length encoding
The HE Capibilities element has dynamic size due to the variable length
and optional fields at the end. Mask out the channel width capabilities
that are less than the configured. Only add the MCS/NSS sets for the
announced channel widths and also add the PPET elements.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:23 +03:00
John Crispin
0dbc894f46 HE: Fix HE Capabilities indication from driver
The PPE Thresholds information in the end of the HE Capabilities element
is optional and of variable length. struct he_ppe_threshold was not
really used correctly for encoding this, so remove it and just reserve
enough space for the information.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:23 +03:00
John Crispin
05b28306f5 HE: Add HE channel management configuration options
These are symmetric with the VHT ones.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
c6b7ac077f HE: Add helpers for getting the channel width parameters
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
39b9d059cd HE: Remove vht_ prefix from acs_adjust_vht_center_freq()
This is used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
7118a697f4 HE: Remove vht_ prefix from seg0/seg1_idx in DFS
These are used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
f428332d32 HE: Remove vht_ prefix from bw/seg0/seg1_idx in CSA fallback
These are used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
f200631c35 HE: Remove vht_ prefix from CSA/bandwidth
Bandwidth is used for both VHT and HE here.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
b04e43086b HE: Remove vht_ prefix from shared set_freq argument
oper_chwidth is used for both VHT and HE here.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:05 +03:00
John Crispin
464dcfd030 HE: Remove VHT_ prefix from CHANWITDH_* define
The bandwidth values are shared between VHT and HE mode so remove the
VHT specific prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:49 +03:00
John Crispin
846e8396ab HE: Mask out the beamforming capabilities if they are not configured
These bits might be set by the capabilities read from the kernel, so
mask them out if beamforming is not enabled in the local configuration.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
John Crispin
59d9c3a145 nl80211: Allow HE Capability to be set for a STA
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
John Crispin
289a9cf7ae HE: Add HE Operation element to element parser
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
Jouni Malinen
d70776098d VHT: Remove copying of VHT Operation element from (Re)Assoc Req
This copying attempt was added incorrectly since that element is never
actually present in (Re)Association Request frames. It is only valid to
copy that element from the mesh peering frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 18:03:40 +03:00
Jouni Malinen
ce362f885f FILS: Explicitly clear plaintext buffer for Assoc Resp
This buffer may contain GTK and IGTK, so better clear it explicitly from
heap memory before freeing the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
31bc66e4d1 More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously
used os_memset() to explicitly clear a stack buffer that contains keys
when that clearing happened just before returning from the function.
Since memset_s() is not exactly portable (or commonly available yet..),
use a less robust mechanism that is still pretty likely to prevent
current compilers from optimizing the explicit clearing of the memory
away.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 16:11:56 +03:00
Jouni Malinen
e1923f5b6a tests: Skip ap_ft_eap_sha384_reassoc without CONFIG_SUITEB192=y
This test case required Suite B 192-bit support to be enabled in the
build, so skip it if that is not the case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 22:24:30 +03:00
Masashi Honma
18f4fc43f2 hs20-osu-client: Check snprintf result to avoid compiler warnings
Fix false positive warnings by gcc 8.3.0.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-05-25 21:58:29 +03:00
Jouni Malinen
0de46d8a66 mesh: Fix RSN initialization failure handling
The driver was left in mesh mode (joined to the group) if RSN
authenticator initialization failed. This could result in next
operations failing due to unexpected driver state.

This was found with the following hwsim test case sequence:
mesh_wpa_auth_init_oom dpp_config_no_discovery

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:48:45 +03:00
Jouni Malinen
7d43c7b2d6 nl80211: Write event name in debug log for ignored events
This makes it easier to understand debug logs from systems that have
multiple interfaces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:37:23 +03:00
Jouni Malinen
c9ead82d11 tests: Fix robustness issue in DPP test cases with SAE
The sae_groups parameter needs to be cleared before attempt a SAE
connection in a test case to avoid issues with this parameter having
been left to something else than the default one by a previous test
case. This was found with the following sequence:
sae_pwe_failure dpp_auto_connect_legacy_psk_sae_1

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:18:24 +03:00
Jouni Malinen
baf8ab8cec RADIUS server: Do not close fd=0 in error cases
Initialize auth_sock and acct_sock to -1 to avoid radius_server_deinit()
attempting to close fd=0 if anything fails in setting up the RADIUS
server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 19:10:08 +03:00
Jouni Malinen
f82a840878 tests: Fix ERP test cases to close separate AS (ifname=as-erp)
The earlier change from using apdev[1] to using a no-interface
ifname=as-erp in the ERP related test cases ended up leaving the
separate authentication server interface running after the end of the
test case. This left UDP port 18128 open and any consecutive test case
needing this port failed to start another authentication server.

This can be reproduced with following test case sequence:
fils_auth_gtk_rekey authsrv_unknown_user

Fixes: e374def207 ("tests: Start ERP authentication server without AP")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 19:07:11 +03:00
Jouni Malinen
2d11e5d5e6 tests: ERP with EAP-SIM/AKA/AKA' fast reauthentication
Verify Session-Id derivation when using EAP-SIM/AKA/AKA' fast
reauthentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 17:18:39 +03:00
Mohit Sethi
5eefa8115b EAP-AKA: Add Session-Id derivation during fast-reauth
The Session-Id derivation for EAP-AKA in RFC 5247 only explained how the
Session-Id is derived for regular authentication. Jouni reported it as
an errata with text explaining how to derive it during fast
reauthentication.

This patch now exports the Session-Id for EAP-AKA during fast
reauthentication based on this Session-Id = 0x17 || NONCE_S || MAC
construction.

Also documented by Alan Dekok in draft-dekok-emu-eap-session-id.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 17:17:00 +03:00
Mohit Sethi
1c16b257a0 EAP-SIM: Add Session-Id derivation during fast-reauth
The Session-Id derivation for EAP-SIM in RFC 5247 only explained how the
Session-Id is derived for regular authentication. Jouni reported it as
an errata with text explaining how to derive it during fast
reauthentication.

This patch now exports the Session-Id for EAP-SIM during fast
reauthentication based on this Session-Id = 0x12 || NONCE_S || MAC
construction.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 17:05:03 +03:00
Mohit Sethi
2f6700c9c6 defconfig: Add config parameter for SIM simulator for EAP-SIM
Allow compilation of internal GSM-Milenage implementation for EAP-SIM
testing with eapol_test.

Signed-off-by: Mohit Sethi <mohit.sethi@aalto.fi>
2019-05-25 16:26:44 +03:00
Alona Solntseva
6b43264e79 hostapd_cli: Add update_beacon command
Add ability to use UPDATE_BEACON with hostapd_cli. The option has been
exposed in ctrl_iface already.

Signed-off-by: Alona Solntseva <alona.solntseva@tandemg.com>
Signed-off-by: Simon Dinkin <simon.dinkin@tandemg.com>
2019-05-25 16:17:44 +03:00
Jouni Malinen
312ec34e40 UBSan: Avoid dependency on undefined behavior in internal AES operation
The rcons[] and Td4s[] array values need to be type cast explicitly to
u32 for the left shift 24 operation to be defined due to the implicit
conversion to int not handling the case where MSB would become 1 without
depending on UB.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14929
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:51:12 +03:00
Jouni Malinen
27486bc5ab tests: Fix ap-mgmt-fuzzer exit to free memory
This fuzzing wrapper does not go through full hostapd_clean_iface() call
to free memory, so call ap_list_deinit() to avoid reporting memory leaks
from added AP list entries. This case could not be hit with
hostapd/wpa_supplicant since they perform full interface deinit on
interface removal.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14928
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:34:58 +03:00
Jouni Malinen
5bad612311 WNM: Fix bounds checking in SSID List element matching
The IE header length check was off-by-one and that could allow the loop
to read one octet beyond the end of the buffer before breaking out in
the second check.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14927
Fixes: 0a66ce3c49 ("WNM: Add support for SSID List element matching")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-25 01:29:47 +03:00