Commit graph

6237 commits

Author SHA1 Message Date
Jouni Malinen
622d4d49e2 GnuTLS: Add TEST_FAIL() to crypto routines for testing purposes
This allows number of hwsim test cases for local error conditions to be
executed with GnuTLS-based builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:12 +02:00
Jouni Malinen
f8697e8109 GnuTLS: Implement tls_get_version()
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-28 22:33:06 +02:00
Jouni Malinen
133f8d09fc GnuTLS: Implement HMAC functions using libgcrypt
Replace the internal HMAC MD5, SHA-1, and SHA256 implementations with
the ones from libgcrypt and also add the SHA384 and SHA512 versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:35:26 +02:00
Jouni Malinen
85c12a62ee GnuTLS: Implement sha{256,384,512}_vector() using libgcrypt
Replace the internal SHA256 implementation with the one from libgcrypt
and also add the SHA384 and SHA512 versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:21:37 +02:00
Jouni Malinen
cc3e7bfc3c GnuTLS: Use a helper function for hash functions
Use a shared helper function instead of implementing practically same
sequence separately for each hash function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 23:13:51 +02:00
Jouni Malinen
02b38d0ad5 Fix MFP-enabled test for disallowed TKIP
The test against use of TKIP was done only in MFP-required
(ieee80211w=2) configuration. Fix this to check the pairwise cipher for
MFP-enabled (ieee80211w=1) case as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 18:38:12 +02:00
Jouni Malinen
ba3d435fe4 SAE: Add option to require MFP for SAE associations
The new hostapd.conf parameter sae_require_pmf=<0/1> can now be used to
enforce negotiation of MFP for all associations that negotiate use of
SAE. This is used in cases where SAE-capable devices are known to be
MFP-capable and the BSS is configured with optional MFP (ieee80211w=1)
for legacy support. The non-SAE stations can connect without MFP while
SAE stations are required to negotiate MFP if sae_require_mfp=1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 18:27:58 +02:00
Jouni Malinen
c4fc7e31c7 SAE: Set special Sc value when moving to Accepted state
Set Sc to 2^16-1 when moving to Accepted state per IEEE Std 802.11-2016,
12.4.8.6.5 (Protocol instance behavior - Confirmed state). This allows
the peer in Accepted state to silently ignore unnecessary
retransmissions of the Confirm message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 12:19:08 +02:00
Jouni Malinen
abcbd0604c SAE: Add Rc variable and peer send-confirm validation
This implements the behavior described in IEEE Std 802.11-2016,
12.4.8.6.6 (Protocol instance behavior - Accepted state) to silently
discard received Confirm message in the Accepted state if the new
message does not use an incremented send-confirm value or if the special
2^16-1 value is used. This avoids unnecessary processing of
retransmitted Confirm messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 12:19:08 +02:00
Jouni Malinen
9249afc8e1 SAE: Print state changes in debug log
This makes it easier to follow state changes in SAE protocol instances.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 00:07:42 +02:00
Jouni Malinen
d8b841eba8 SAE: Make dot11RSNASAESync configurable
The new hostapd.conf parameter sae_sync (default: 5) can now be used to
configure the dot11RSNASAESync value to specify the maximum number of
synchronization errors that are allowed to happen prior to
disassociation of the offending SAE peer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-26 12:46:22 +02:00
Sean Parkinson
04b1bcc5f3 EAP-pwd: Use abstract crypto API
This makes it easier to use EAP-pwd with other crypto libraries than
OpenSSL.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 21:40:21 +02:00
Sean Parkinson
0c3d49afd8 EAP-EKE: Use abstract crypto API
This makes it easier to use EAP-pwd with other crypto libraries.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:38:17 +02:00
Sean Parkinson
c335507c8d Enhance crypto abstract API for DH
The patch offers alternate implementations of some functions using the
abstract cryptographic API.

This work was done in preparation for the changes to allow hostap to be
compiled with the wolfSSL cryptography and TLS library.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:38:10 +02:00
Jouni Malinen
0e02f2a9fa crypto: Implement new crypto API functions for DH
This implements crypto_dh_init() and crypto_dh_derive_secret() using
os_get_random() and crypto_mod_exp() for all crypto_*.c wrappers that
include crypto_mod_exp() implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 17:36:04 +02:00
Jouni Malinen
eac084cb38 OpenSSL: Implement new crypto API functions
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 17:35:41 +02:00
Sean Parkinson
23ff5d73df Enhance crypto abstract API
Add more crypto_*() wrappers to enable use of other crypto libraries
than OpenSSL.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:35:38 +02:00
Sean Parkinson
441e8bfbb4 Fix copy-paste errors in function comments
Use correct function names for the documentation.

Signed-off-by: Sean Parkinson <sean@wolfssl.com>
2017-12-24 17:03:07 +02:00
Jouni Malinen
47e966abac DH: Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-24 17:02:53 +02:00
Jouni Malinen
3546ef5104 EAP-pwd: Remove trailing empty line
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-23 17:27:15 +02:00
Peng Xu
61536b5f41 Add new QCA vendor attribute for getting preferred channel
A new vendor attribute QCA_WLAN_VENDOR_ATTR_GET_WEIGHED_PCL is added for
getting preferred channels with weight value and a flag to indicate how
the channels should be used in P2P negotiation process.

Signed-off-by: Peng Xu <pxu@qti.qualcomm.com>
2017-12-22 20:34:51 +02:00
Jouni Malinen
1a2cb20d5b Fix couple of QCA_NL80211_VENDOR_SUBCMD_GET_SAR_LIMITS comments
Copy-paste errors in the command name (set vs. the new get).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-22 18:57:47 +02:00
Sunil Dutt
2fca2d2144 Vendor parameter for forcing RSNE override
Indicates the driver to use the RSNE as-is from the connect interface.
Exclusively used for the scenarios where the device is used as a testbed
device with special functionality and not recommended for production.
This helps driver to not validate the RSNE passed from user space and
thus allow arbitrary IE data to be used for testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-22 18:43:55 +02:00
Jeff Johnson
2d942ec4ac Define a QCA vendor command to retrieve SAR Power limits
Previously commit c79238b6a4 ('Define a
QCA vendor command to configure SAR Power limits') implemented a vendor
command interface to allow a userspace entity to dynamically control the
SAR power limits. Now implement a command to retrieve the current SAR
power limits.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:55:15 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Bhagavathi Perumal S
af832aa998 hostapd: Add average channel utilization in STATUS
This allows external programs to get the average channel utilization.
The average channel utilization is calculated and reported through
STATUS command. Users need to configure chan_util_avg_period and
bss_load_update_period in hostapd config to get the average channel
utilization.

Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
2017-12-12 00:48:27 +02:00
Bhagavathi Perumal S
802c0fd0c3 hostapd: Update BSS load update period dynamically
Recalculate the timeout value for each event instead of calculating this
once and then not allowing the timeout configuration to be changed
without fully stopping and restarting the interface.

This allows the bss_load_update_period configuration parameter to be
modified while a BSS continues operating.

Signed-off-by: Bhagavathi Perumal S <bperumal@qti.qualcomm.com>
2017-12-12 00:48:25 +02:00
Jouni Malinen
778d87054e Fix error handling in bss_load_update_period parser
Do not update the configuration parameter before having verified the
value to be in the valid range.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-12 00:46:21 +02:00
Jouni Malinen
04ded82efa OWE: Fix error case handling with drivers that implement AP SME
owe_auth_req_process() can return NULL in error cases, but the caller
was not prepared for this. The p pointer cannot be overridden in such
cases since that would result in buffer length (p - buf) overflows. Fix
this by using a temporary variable to check the return value before
overriding p so that the hostapd_sta_assoc() ends up using correct
length for the IE buffer.

Fixes: 33c8bbd8ca ("OWE: Add AP mode handling of OWE with drivers that implement SME")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-11 13:41:10 +02:00
Jouni Malinen
c23e87d0d1 OpenSSL: Replace EVP_PKEY_paramgen() with EC_KEY_new_by_curve_name()
The BoringSSL version of crypto_ecdh_init() and dpp_gen_keypair() works
fine with OpenSSL as well, so use that same implementation for both to
avoid unnecessary maintanence of multiple versions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:49:39 +02:00
Jouni Malinen
7641d485db BoringSSL: Use EC_KEY_new_by_curve_name() to simplify implementation
There is no need to go through EC_GROUP_new_by_curve_name(),
EC_KEY_new(), and EC_KEY_set_group() when a single call to
EC_KEY_new_by_curve_name() takes care of all that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:41:29 +02:00
Jouni Malinen
a5da39607d Revert "BoringSSL: Add DPP special cases regardless of claimed version number"
This reverts commit 5548453a2d since
BoringSSL added ECDSA_SIG_set0() and ECDSA_SIG_get0() in commit
8dc226ca8f1ef60737e1c1bf8cfcabf51d4068c7 ('Add some missing OpenSSL
1.1.0 accessors.') and updated X509_ALGOR_get0() prototype to match
OpenSSL 1.1.0 changes in commit e3b2a5d30d309091cab3e6a19dee7323c40d968d
('Const-correct X509_ALGOR_get0.').

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:27:04 +02:00
Jouni Malinen
0f30844722 Revert "BoringSSL: Define RSA_bits() helper"
This reverts commit 3cfbd3b0f6 since
BoringSSL added RSA_bits() in commit
8dc226ca8f1ef60737e1c1bf8cfcabf51d4068c7 ('Add some missing OpenSSL
1.1.0 accessors.').

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 23:22:05 +02:00
Jouni Malinen
a2c442be25 OpenSSL: Allow cipher list to be overridden for tls_suiteb=1 case
This allows wpa_supplicant configuration with phase1="tls_suiteb=1" to
use openssl_ciphers="ECDHE-RSA-AES256-GCM-SHA384" to further limit the
possible TLS cipher suites when using Suite B with RSA >3K keys. This
combination disables use of DHE and as such, mandates ECDHE to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-10 21:16:26 +02:00
Jouni Malinen
e5c7c2f28e Fix ap-mgmt-fuzzer build
Add src/ap/eth_p_oui.o into libap.a to be able to link ap-mgmt-fuzzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-09 18:41:55 +02:00
David Benjamin
63942cf0f3 OpenSSL: Avoid SSL*_use_default_passwd_cb()
These functions are a bit awkward to use for one-off file loads, as
suggested by the tls_clear_default_passwd_cb() logic. There was also
some historical mess with OpenSSL versions and either not having per-SSL
settings, having per-SSL settings but ignoring them, and requiring the
per-SSL settings.

Instead, loading the key with the lower-level functions seems a bit
tidier and also allows abstracting away trying both formats, one after
another.

Signed-off-by: David Benjamin <davidben@google.com>
2017-12-09 18:29:08 +02:00
David Benjamin
149143e31d OpenSSL: Remove unnecessary os_strdup() from password callback
There's no need to make an extra copy of private_key_passwd for
SSL_{CTX_,}set_default_passwd_cb().

Signed-off-by: David Benjamin <davidben@google.com>
2017-12-09 18:09:10 +02:00
Paul Zhang
9b0de99fac Add new QCA vendor attribute for WLAN Latency Module (WLM)
A new vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_LATENCY_LEVEL is added
for vendor sub-command QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION.
This attribute is for setting the level of WLM.

Signed-off-by: Paul Zhang <paulz@qti.qualcomm.com>
2017-12-08 14:15:19 +02:00
Jouni Malinen
055cd39788 tests: DPP P-256 test vectors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-07 13:35:19 +02:00
Jouni Malinen
f55269753c DPP: Allow protocol key to be overridden for testing purposes
This can be used for various testing needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-05 23:53:08 +02:00
Jouni Malinen
402c8e00b7 WPS: Map GCMP-256 and CCMP-256 to AES encryption type
This is needed to allow a credential to be built for GCMP-256/CCMP-256
networks that do not enable GCMP-128/CCMP-128.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:45 +02:00
Shiva Sankar Gajula
a2660890a5 WPS: Allow WPS to be enabled in CCMP-256 and GCMP-256 only cases
Extend the check against WPA/TKIP only configuration by adding CCMP-256
and GCMP-256 to the list of allowed ciphers. This is needed to allow WPS
to be enabled in AP configurations where neither CCMP-128 nor GCMP-128
are enabled.

Signed-off-by: Shiva Sankar Gajula <sgajula@qti.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
163fc3d562 DPP: Indicate to upper layers whether mutual authentication was used
DPP Responder selects whether mutual authentication is used. This commit
adds information about that selection to upper layers (ctrl_iface event
DPP-AUTH-DIRECTION mutual=<0/1>) on the Initiator side.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
34603767b8 DPP: Extend protocol testing to allow exchange termination
This extends dpp_test functionality to allow DPP exchanges to be stopped
when receiving a specified message.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-02 12:00:44 +02:00
Jouni Malinen
963d3149ab nl80211: Fix NL80211_MESHCONF_AUTO_OPEN_PLINKS encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and wpa_supplicant
needs to use same size when writing the attribute.

This fixes mesh mode regression triggered by kernel commit "net:
netlink: Update attr validation to require exact length for some types"
in v4.15-rc1 that resulted in the following debug log entry when trying
to join a mesh:
nl80211: mesh join failed: ret=-22 (Invalid argument)

Fixes: 6c1664f605 ("nl80211: Add new commands to support mesh interfaces")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 22:21:24 +02:00
Jouni Malinen
a2426829ce nl80211: Fix NL80211_ATTR_SMPS_MODE encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and
hostapd/wpa_supplicant needs to use same size when writing the
attribute.

This fixes AP mode regression triggered by kernel commit "net: netlink:
Update attr validation to require exact length for some types" in
v4.15-rc1 that resulted in the following debug log entry when trying to
enable beaconing:
nl80211: Beacon set failed: -34 (Numerical result out of range)

Fixes: da1080d721 ("nl80211: Advertise and configure SMPS modes")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 20:22:44 +02:00
Jouni Malinen
f0a383a981 DPP: Extend dpp_test with invalid E-Nonce in Config Req
Allow an E-Nonce attribute with invalid length to be sent for protocol
testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 22:01:10 +02:00
Jouni Malinen
55c6c85855 DPP: Extend dpp_test with invalid Transaction ID in Peer Disc Req
Allow a Transaction ID attribute with invalid length to be sent for
protocol testing purposes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 21:56:19 +02:00
Krishna Rao
364039d223 Add QCA vendor command and attributes for RROP
Add QCA vendor command and attributes for vendor specific Representative
RF Operating Parameter (RROP) information. This information is intended
for optional use by external ACS. It provides guidance values for some
RF parameters that are used by the system during operation, so that
external ACS can utilize these to compare between channels, bands, etc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 18:47:32 +02:00
Jouni Malinen
0e19300d5b nl80211: Use consistent "0x" prefix for the cookie values
One of the event message for TX status was missing 'x' from the "0x"
prefix. Add that to make the used format consistent for all cookie debug
print cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 12:42:58 +02:00