Commit graph

4695 commits

Author SHA1 Message Date
Jouni Malinen
7c524a64c1 eloop: Fix cases where a socket is reopened from a timeout/signal handler
It was possible for a registered eloop socket handler to be unregistered
and re-registered for a re-opened socket with the same fd from a timeout
or signal handler. If such a case happened with the old socket having a
pending event waiting for processing, some eloop combinations could end
up calling the new handler function with the new socket and get stuck
waiting for an event that has not yet happened on the new socket. This
happened with timeout and signal handlers with all eloop.c types. In
addition to that, the epoll case could also trigger this when a socket
handler re-registered a re-opened socket.

Fix these by checking whether there has been socket handler changes
during processing and break the processing round by going back to
select/poll/epoll for an updated result if any changes are done during
the eloop handler calls before processing the old socket results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-23 18:39:35 +03:00
Jouni Malinen
569f8f9b87 tests: eloop socket re-open from timeout/socket handler
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-23 18:39:02 +03:00
Jouni Malinen
48b06c17fa drv_callbacks: Coding style cleanup
Clean up inconsistent whitespace use and split strings.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-22 19:56:04 +03:00
Jouni Malinen
acbd59d0a8 eloop: Try to terminate more quickly on SIGINT and SIGTERM
It was possible for the SIGINT/SIGTERM signal to be received while
processing a pending timeout/socket/signal event and then get stuck in
the following select() call before processing the signal event. If no
other events show up within the two second SIGALRM trigger, process will
be terminated forcefully even though there would have been possibility
to do clean termination assuming no operationg blocked for that two
second time.

Handle this more cleanly by checking for eloop.pending_terminate before
starting the select()/poll()/epoll_wait() wait for the following event.
Terminate the loop if pending signal handling requests termination.

In addition, make eloop_terminated() return 1 on eloop.pending_terminate
in addition to eloop.terminate since the process will be terminated
shortly and there is no point in starting additional processing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-22 17:05:46 +03:00
Ahmad Kholaif
6b0ceee929 Add QCA vendor definitions for multi-port concurrency
Introduce definitions for QCA vendor specific subcommands and attributes
to support multiport concurrency.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-22 11:50:01 +03:00
Ravi Joshi
d71bdfbd83 Add QCA vendor command for updating gateway parameters
Add vendor command for updating gateway parameters to the driver.

Signed-off-by: Ravi Joshi <ravij@qca.qualcomm.com>
2015-07-21 13:20:08 +03:00
Jouni Malinen
de74489276 Move ap_list_timer() to use common AP periodic cleanup mechanism
This reduces number of periodic eloop timeouts when AP mode operations
are in progress.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:42:35 +03:00
Jouni Malinen
22fd2822f9 Move hostapd_acl_expire() to use common AP periodic cleanup mechanism
This reduces number of periodic eloop timeouts when AP mode operations
are in progress.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:39:22 +03:00
Jouni Malinen
3188aabaf1 Add shared periodic cleanup function for AP mode
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:33:30 +03:00
Jouni Malinen
8c0d0ff22e Use a single cleanup timer per wpa_supplicant process
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:28:12 +03:00
Jouni Malinen
3c48c9c08f tests: Additional module tests for src/utils
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-19 23:07:04 +03:00
Jouni Malinen
8d7aa7565b EAP server: Force FAILURE if EAP method buildReq fails
Previously, this resulted in unnecessary wait and retransmission of the
previous EAP-Request. Change that to trigger immediate transmission of
EAP-Failure and disconnection since the EAP method cannot really recover
from this state.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-19 16:29:29 +03:00
Jouni Malinen
7420e36293 hostap: Remove special handling for protocol version 3 on RX
This functionality was removed from the Host AP driver in May 2003, so
there is not any point in maintaining this in hostapd either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 23:43:10 +03:00
Jouni Malinen
9c68b6af97 FST: Fix FST-MANAGER TEST_REQUEST parsing
The space separator between the command and the parameter was not
skipped properly and the first integer ended up being interpreted as 0
in all cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 19:28:38 +03:00
Jouni Malinen
c715d5c36c FST: Remove unreachable code in fst_session_handle_tear_down()
fst_session_is_in_progress() is already checked as part of
fst_find_session_in_progress() before calling
fst_session_handle_action(). This is the only call path that can reach
fst_session_handle_tear_down() and as such, fst_session_is_in_progress()
cannot return 0 here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 19:06:34 +03:00
Jouni Malinen
a55ebeac26 FST: Remove duplicated dl_list_empty() check befor dl_list_first()
dl_list_first() takes care of this already, so there is no need to do a
separate check here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
73664e0985 FST: Use EINVAL more consistently as a negative return value
There was a mix of EINVAL and -EINVAL returns through the FST
implementation. Make this more consistent by always returning -EINVAL in
error cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
a0f04da517 FST: Mark get_mb_ie() return value const
The caller is not expected to free or modify the value since this is
returning a reference to a buffer maintained by the upper layer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
74619cc150 FST: Replace print_mb_ies() with wpa_snprintf_hex()
There is no need to add new functions with more or less identical
functionality of an already available helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
c836aa267e FST: Mark format_session_state_extra() static
This is not used outside fst_ctrl_iface.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 12:40:23 +03:00
PavanKumar N
fab51186dc Allow driver to be set in hostapd through global control interface
This extends the hostapd global control interface ADD command to allow
driver wrapper to be specified ("ADD <ifname> <ctrl_iface> <driver>").
Previously, this case that did not use a configuration file allowed only
the default driver wrapper to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 23:54:29 +03:00
Jouni Malinen
faf7ce5d4f Drop CONFIG_TI_COMPILER ifdefs
This experimental support for Texas Instruments C compiler was never
fully completed and it has not really been used in close to ten years,
so drop this to simply the header files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-17 21:57:07 +03:00
Jouni Malinen
c7068f106f WPS: Avoid bogus static analyzer warning in ndef_parse_record()
Use a local variable and check the record payload length validity before
writing it into record->payload_length in hopes of getting rid of a
bogus static analyzer warning. The negative return value was sufficient
to avoid record->payload_length being used, but that seems to be too
complex for some analyzers. (CID 122668)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 20:43:17 +03:00
Jouni Malinen
6462e7387d FST: Avoid using pointer to mgmt->u.action.u.fst_action
Typecasting &mgmt->u.action.u.fst_action to a struct pointer for various
FST Action frame payloads seemed to be triggering static analyzer
warnings about bounds checking since sizeof(mgmt->u.action.u.fst_action)
== 1 even though that is really a variable length structure. Try to
avoid this by calculating the pointer for the beginning of the frame
instead of variable length struct. (CID 125642)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 20:37:15 +03:00
Jouni Malinen
85b563f7a4 P2P: Clear p2p->ssid_set on flush
It was possible for the previously set SSID to remain in place between
test cases (e.g., in sequence "p2ps_connect_adv_go_persistent
p2p_set_ssid_postfix") and the P2P SSID postfix not getting used
properly. Make this less likely to occur by clearing the old SSID in
p2p_flush().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 20:32:13 +03:00
Jouni Malinen
9721b083f4 FST: Remove the IE header len/size macros
These are confusing when the style used with the couple of FST IE checks
differs from the rest of hostapd/wpa_supplicant implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 19:06:48 +03:00
Jouni Malinen
f5f1cc9307 FST: Clean up fst_group_update_ie()
None of the callers passed in cleaning_up == TRUE, so drop that unused
code path.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 19:06:48 +03:00
Jouni Malinen
2bb51eddad FST: Move fst_mbie_get_peer_addr() into fst_group.c
There is no need for this function to be an inline function in a header
file since it is used only within fst_group.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 19:06:48 +03:00
Jouni Malinen
be9fbd9b67 FST: Fix FST Action frame length validation
Commit 717333f4e4 ('FST: Add the Fast
Session Transfer (FST) module') performed incorrect frame length
validation for Setup Request (did not remove 24+1 header from
consideration) and did not include payload validation for other FST
Action frames. Fix these by explicitly verifying that the payload of
these frames is sufficiently long before reading the values from there.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 13:00:17 +03:00
Jouni Malinen
66d464067d FT: Register RRB l2_packet only if FT-over-DS is enabled
There is no need to waste resources for this packet socket if FT-over-DS
is disabled or when operating P2P GO or AP mode in wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 11:16:15 +03:00
Anton Nayshtut
a8dab08a28 FST: Testing support
This patch introduces infrastructure needed for FST module tests.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:16 +03:00
Anton Nayshtut
46ab9b8cf0 nl80211: Register for FST Action frames (STA)
wpa_supplicant will process these Action frames for FST operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:16 +03:00
Anton Nayshtut
3794af2dc1 FST: wpa_supplicant control interface
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
8bae489f15 FST: Do not prune STAs belonging to the same FST
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
347827ff6e FST: Add FST IEs into AP mode management frames
This adds the FST IEs received from the FST module into Beacon, Probe
Response, and (Re)Association Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
037378ff31 FST: Send FST Action frames to AP mode processing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
8e9a8b0f8c FST: hostapd control interface
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
6959145b86 FST: Integration into hostapd
This commit integrates the FST into the hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
ae667c0827 FST: Store MB IEs from (Re)Association Request
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
104bef453b FST: hostapd configuration parameters
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
659a1605d8 Parsing of multi band element
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
717333f4e4 FST: Add the Fast Session Transfer (FST) module
Fast Session Transfer (FST) is the transfer of a session from a channel
to another channel in a different frequency band. The term "session"
refers to non-physical layer state information kept by a pair of
stations (STAs) that communicate directly (i.e., excludes forwarding).

The FST is implemented in accordance with IEEE Std 802.11ad-2012.

Definitions

 * FST interface - an interface for which FST functionality is enabled
 * FST group - a bunch of FST interfaces representing single
		multi-band STA
 * FST peer - a multi-band capable STA connected
 * FST module - multi-band operation functionality implemented in
		accordance with IEEE Std 802.11ad-2012 (see 10.32
		Multi-band operation) as a part of hostapd/wpa_supplicant
 * FST manager - an external application that implements custom FST
		related logic, using the FST module's interfaces
		accessible via CLI or D-Bus

This commit introduces only the FST module. Integration of the FST
module into the hostapd/wpa_supplicant and corresponding CLI/D-Bus
interfaces and FST related tests are covered in separate commits.

FST manager application is out of scope of these commits.

As FST aggregates a few interfaces into FST group, the FST module uses
global CLI for both commands and notifications. It also exposes
alternative non-interface based D-Bus subtree for this purposes.

Configuration and Initialization

 * FST functionality can enabled by compilation flag (CONFIG_FST)
 * hostapd/wpa_supplicant controlling multiple interfaces are used for
   FST
 * once enabled by compilation, the FST can be enabled for specific
   interfaces in the configuration files
 * FST interfaces are aggregated in FST groups (fst_group_id config file
   entry), where each FST group:
   - represents one multi-band device
   - should have two or more FST interfaces in it
 * priority (fst_priority config file entry) must be configured for each
   FST interface. FST interface with higher priority is the interface FST
   will always try to switch to. Thus, for example, for the maximal
   throughput, it should be the fastest FST interface in the FST setup.
 * default Link Loss Timeout (LLT) value can be configured for each FST
   interface (fst_llt config file entry). It represents LLT to be used
   by FST when this interface is active.
 * FST interfaces advertise the Multi-band capability by including the
   Multi-band element in the corresponding frames

FST CLI commands:

 * fst list_groups - list FST groups configured.
 * fst list_ifaces - list FST interfaces which belong to specific group
 * fst iface_peers - list Multi-Band STAs connected to specific interface
 * fst list_sessions - list existing FST sessions
 * fst session_get - get FST session info
 * fst session_add - create FST session object
 * fst session_set - set FST session parameters (old_iface, new_iface,
                     peer_addr, llt)
 * fst session_initiate - initiate FST setup
 * fst session_respond - respond to FST setup establishemnt attempt by
                         counterpart
 * fst session_transfer - initiate FST switch
 * fst session_teardown - tear down FST Setup but leave the session object
			  for reuse
 * fst session_remove - remove FST session object

FST CLI notifications:
  * FST-EVENT-PEER - peer state changed (CONNECT/DISCONNECT)
  * FST-EVENT-SESSION - FST session level notification with following
                        sub-events:
     - EVENT_FST_SESSION_STATE - FST session state changed
     - EVENT_FST_ESTABLISHED - previously initiated FST session became
                               established
     - EVENT_FST_SETUP - new FST session object created due to FST session
                         negotiation attempt by counterpart

All the FST CLI commands and notifications are also implemented on D-Bus
for wpa_supplicant.

IEEE 802.11 standard compliance

FST module implements FST setup statemachine in compliance with IEEE
802.11ad (P802.11-REVmc/D3.3), as it described in 10.32 Multi-band
operation (see also Figure 10-34 - States of the FST setup protocol).

Thus, for example, the FST module initiates FST switch automatically
when FST setup becomes established with LLT=0 in accordance with
10.32.2.2 Transitioning between states.

At the moment, FST module only supports non-transparent STA-based FST
(see 10.32.1 General).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
290078a734 Add IEEE 802.11ad element descriptions
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Anton Nayshtut
36209df93a Add is_multicast_ether_addr()
This helper function can be used to check whether a MAC address is a
multicast (including broadcast) address.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Anton Nayshtut
ee1e3f57b5 hostapd: Global control interface notifications
This commit implements hostapd global control interface notifications
infrastructure. hostapd global control interface clients issue
ATTACH/DETACH commands to register and deregister with hostapd
correspondingly - the same way as for any other hostapd/wpa_supplicant
control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Anton Nayshtut
cb05808c46 nl80211: Generic Linux master interface support for hostapd
Previously, hostapd only supported the case of EAPOL frames receiving
from interfaces enslaved into bridge. This commit adds support for any
Linux master (teaming, openvswitch, bonding, etc.) to be detected.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Jouni Malinen
3722c0f4aa Add EAPOL_SET hostapd command to configure EAPOL parameters
This new control interface command "EAPOL_REAUTH <MAC address>
<parameter> <value>" can be used to implement the IEEE 802.1X PAE
Set Authenticator Configuration operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-12 11:34:18 +03:00
Jouni Malinen
cfb5c08f21 Add EAPOL_REAUTH hostapd command to trigger EAPOL reauthentication
This new control interface command "EAPOL_REAUTH <MAC address>" can be
used to implement the IEEE 802.1X PAE Reauthenticate operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-12 11:33:33 +03:00
Jouni Malinen
bddc51e8e4 RSN: Stop connection attempt on apparent PMK mismatch
If WPA2-Enterprise connection with full EAP authentication (i.e., no
PMKSA caching used) results in a PMKID that does not match the one the
AP/Authenticator indicates in EAPOL-Key msg 1/4, there is not much point
in trying to trigger full EAP authentication by sending EAPOL-Start
since this sequence was immediately after such full authentication
attempt.

There are known examples of authentication servers with incorrect MSK
derivation when TLS v1.2 is used (e.g., FreeRADIUS 2.2.6 or 3.0.7 when
built with OpenSSL 1.0.2). Write a clear debug log entry and also send
it to control interface monitors when it looks likely that this case has
been hit. After doing that, stop the connection attempt by
disassociating instead of trying to send out EAPOL-Start to trigger new
EAP authentication round (such another try can be tried with a new
association).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 20:55:17 +03:00
Jouni Malinen
fe1bf32974 Make TLS version number available in STATUS command
This adds a new STATUS command field "eap_tls_version" that shows the
TLS version number that was used during EAP-TLS/TTLS/PEAP/FAST exchange.
For now, this is only supported with OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:51:03 +03:00
Jouni Malinen
5650d379a3 OpenSSL: Add option to disable use of TLSv1.0
The new phase1 config parameter value tls_disable_tlsv1_0=1 can now be
used to disable use of TLSv1.0 for a network configuration. This can be
used to force a newer TLS version to be used. For example,
phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1" would indicate that
only TLS v1.2 is accepted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:27:57 +03:00
Jouni Malinen
2456264fad NFC: Add a hardcoded limit on maximum NDEF payload length
While this is already enforced in practice due to the limits on the
maximum control interface command length and total_length bounds
checking here, this explicit check on payload_length value may help
static analyzers understand the code better. (CID 122668)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 17:03:34 +03:00
Jouni Malinen
df9079e727 NFC: Fix payload length validation in NDEF record parser
It was possible for the 32-bit record->total_length value to end up
wrapping around due to integer overflow if the longer form of payload
length field is used and record->payload_length gets a value close to
2^32. This could result in ndef_parse_record() accepting a too large
payload length value and the record type filter reading up to about 20
bytes beyond the end of the buffer and potentially killing the process.
This could also result in an attempt to allocate close to 2^32 bytes of
heap memory and if that were to succeed, a buffer read overflow of the
same length which would most likely result in the process termination.
In case of record->total_length ending up getting the value 0, there
would be no buffer read overflow, but record parsing would result in an
infinite loop in ndef_parse_records().

Any of these error cases could potentially be used for denial of service
attacks over NFC by using a malformed NDEF record on an NFC Tag or
sending them during NFC connection handover if the application providing
the NDEF message to hostapd/wpa_supplicant did no validation of the
received records. While such validation is likely done in the NFC stack
that needs to parse the NFC messages before further processing,
hostapd/wpa_supplicant better be prepared for any data being included
here.

Fix this by validating record->payload_length value in a way that
detects integer overflow. (CID 122668)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 16:52:25 +03:00
Andrei Otcheretianski
b843a8b8a6 P2PS: Save intended interface address after P2PS PD
One possible outcome of the P2PS PD is P2P GO/P2P Client. In this case,
one peer becomes a P2P GO and the P2P Client joins it. Since multiple
GOs may run simultaneously on the same P2P Device, the P2P Client should
join using the intended interface address.

To be able to find the device by the intended interface address, save it
during the PD.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:59:44 +03:00
Andrei Otcheretianski
5cc6ec0f68 P2PS: Set intended interface address correctly for new group
If a device may be an explicit GO, it adds the GO details in the PD
Request. First, we try to reuse an active GO. If it is not present, we
try to reuse a non-active persistent group. In the latter case, if a
dedicated P2P interface is needed, the intended address should be that
of the pending interface. However, the wpas_get_go_info() provided the
ssid->bssid address, which is the address of the P2P device. This might
result in an incorrect intended interface attribute in the PD Request in
case a separate group interface is used.

Fix this by setting group_iface variable to true only if a dedicated
interface should be used and set the attribute accordingly.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:57:07 +03:00
Andrei Otcheretianski
1f14e2bf92 P2PS: Add PD Response validation
Validate the PD Response frame contents more thoroughly when it is used
for P2PS.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:52:38 +03:00
Andrei Otcheretianski
1f1a08b4cc P2PS: Add intended iface address during PD for persistent group
When persistent group is used and the peer is GO in this group,
intended interface attribute should be added to PD request/response.
Not doing so violates the spec.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:41:19 +03:00
Andrei Otcheretianski
223ccebfa3 P2PS: Save wps_prov_info on the responder side
When device A sends PD response to device B, device A should save
wps_prov_info for device B. Not doing so would result in a redundant and
incorrect PD flow, e.g., when upon PROV-DISC-DONE event device B starts
a GO and device A should join it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:26:07 +03:00
Andrei Otcheretianski
2fc866d1bc P2PS: Validate WPS config methods more accurately in PD Request
In case of a P2PS PD, allow keypad, display, and P2PS WPS config
methods. For a legacy PD, allow keypad, display, and pushbutton methods.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:24:01 +03:00
Max Stepanov
ea210b9f8a P2P: Refactor p2p_process_prov_disc_resp() function
Add 'else if' to P2PS status verification to prevent a redundant
condition checking. The first 'if' condition is true only if
  status == P2P_SC_SUCCESS || status == P2P_SC_SUCCESS_DEFERRED.
while the second condition checks:
  status != P2P_SC_SUCCESS &&
  status != P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE &&
  status != P2P_SC_SUCCESS_DEFERRED
Thus, the two conditions are mutually exclusive and 'else if' can be
used if this case.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:21:44 +03:00
Max Stepanov
20f4c3d76b P2P: Delete redundant comparison in p2p_process_prov_disc_resp()
Delete redundant comparison of msg.wps_config_methods with
dev->req_config_methods in p2p_process_prov_disc_resp() since it's
already done early in this function. Also, the second comparison
doesn't make too much sense: it can happen after a possible
p2p_reset_pending_pd() call setting dev->req_config_methods to 0.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:20:43 +03:00
Max Stepanov
82d6113502 P2PS: Fix adv_id and adv_mac params of P2P-PROV-DISC-FAILURE
When wpa_supplicant receives a PD Response with reject status it
generated P2P-PROV-DISC-FAILURE event without adv_id and adv_mac
parameters. Fix this by adding these parameters to the
wpas_prov_disc_fail() function call.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 19:40:49 +03:00
Dan Williams
e8492c8145 hostap: Fix send_mlme() after 'freq' parameter addition
This fixes the incomplete driver_hostap.c change from commit
5d180a7739 ('drivers: Add freq parameter
to send_mlme() function') that did not take into account the internal
callers.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2015-07-07 19:40:49 +03:00
Jouni Malinen
c8a15753eb Send EAPOL-Start on HELD->CONNECTING transition
Previously, only CONNECTING->CONNECTING case ended up sending out an
EAPOL-Start frame to avoid sending the unnecessary initial EAPOL-Start.
However, this optimization prevented new EAPOL-Start from being
initiated when leaving the HELD state. Allow that case to trigger
immediate EAPOL-Start transmission to speed up connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 19:25:31 +03:00
Mike Gerow
471c810bc1 pkcs11: Don't ask for a new PIN on TLS handshake failure
The only time the PIN should fail is when we initialize the TLS
connection, so it doesn't really make sense to get rid of the PIN just
because some other part of the handshake failed.

This is a followup to commit fd4fb28179
('OpenSSL: Try to ensure we don't throw away the PIN unnecessarily').

Signed-off-by: Mike Gerow <gerow@google.com>
2015-07-07 19:25:31 +03:00
Jouni Malinen
476a634d60 Avoid ubsan warning on 0x80<<24 not fitting in int in WPA_GET_BE32/LE32
Use a typecast to make this shift unsigned so that the MSB fits within
the range of allowed values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
cf6fd19b34 ndisc_snoop: Avoid misaligned read of IPv6 address
The IPv6 address in the frame buffer may not be 32-bit aligned, so use a
local copy to align this before reading the address with 32-bit reads
(s6_addr32[]).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
e9ed7d9898 EAP-TTLS: Avoid ubsan warning on 0x80<<24 not fitting in int
Use a typecast to make this unsigned so that the MSB fits within the
range of allowed values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
0f5fb8a467 radiotap: Avoid ubsan warning on 1<<31
Use the BIT() macro and unsigned int to avoid ubsan warning on 1<<31 not
fitting in an int.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
fc880b11ed NFC: Avoid misaligned read of an NDEF field
The 32-bit version of payload length field may not be 32-bit aligned in
the message buffer, so use WPA_GET_BE32() to read it instead of ntohl().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
e01281fccc trace: Use explicit alignment requirements to avoid misalignment
64-bit builds with CONFIG_WPA_TRACE=y resulted in the wpabuf pointers
getting misaligned (only 32-bit aligned) and that would result in reads
and writes of unaligned size_t values. Avoid this by indicating explicit
alignment requirement for wpabuf_trace to 8 octets (i.e., there will be
extra four octets of padding in case of 64-bit builds).

Similarly, struct os_alloc_trace resulted in some potential misalignment
cases, e.g., when CONFIG_ACS=y uses a 'long double' variable within
struct hostapd_channel_data. Avoid misalignment issues with explicit
alignment indication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
f97e3ce473 drivers: Use unsigned arguments for sta_set_flags()
Since BIT() is now returning unsigned int, these functions need to match
that to avoid compiler warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
32d6463fe7 Make BIT() unsigned int instead of int
This is needed to avoid ubsan warnings on BIT(31).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
bd47c80564 Include stddef.h to use the standard offsetof()
src/utils/list.h ended up defining a local version of offsetof() due to
stddef.h not getting included. This resulted in unnecessary warnings
from ubsan related to "dereferencing" of a NULL pointer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
028b19675d RADIUS DAS: Avoid compiler warning on abs()
The input parameter ended up being converted to long int instead of int,
so use an explicit typecase to get rid of the compiler warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
597e8afeb4 ERP: Avoid mixing of enum types
Use explicit typecasting to avoid implicit conversion warnings in cases
where enum eap_erp_type is used in functions taking an EapType argument.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
05a90d78dc FT: Allow CCMP-256 and GCMP-256 as group ciphers
The FT-specific check for valid group cipher in wpa_ft_gen_req_ies() was
not up-to-date with the current list of supported ciphers. Fix this by
using a generic function to determine validity of the cipher. In
practice, this adds support for using CCMP-256 and GCMP-256 as the group
cipher with FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
f24b97972b OpenSSL: Merge error returns
These similar error cases can use a single return statement.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:48:22 +03:00
Jouni Malinen
84d6a17a27 TLS: Remove unused tls_capabilities()
This mechanism to figure out TLS library capabilities has not been used
since commit fd2f2d0489 ('Remove
EAP-TTLSv1 and TLS/IA') (Sep 2011).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:40:48 +03:00
Jouni Malinen
786722763d ms_funcs: Merge similar return cases
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
359636170f hw_features: Merge similar return case in check_40mhz_2g4()
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
aac1efec34 Reject the initial 4-way handshake if initial GTK setup fails
This makes the AP/Authenticator design more robust against unexpected
failures in random number generation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
2da525651d Add backtrace-based error path testing mechanism
The new TEST_FAIL and GET_FAIL control interface commands can be used
similarly to the earlier TEST_ALLOC_FAIL/GET_ALLOC_FAIL design. The new
version is more generic framework allowing any function to be annotated
for failure testing with the TEST_FAIL() macro. This mechanism is only
available in builds with CONFIG_WPA_TRACE_BFD=y and
CONFIG_TESTING_OPTIONS=y. For other builds, the TEST_FAIL() macro is
defined to return 0 to allow the compiler to remove the test code from
normal production builds.

As the first test site, allow os_get_random() to be marked for failing
based on call backtrace.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
55413ce072 P2P: Do not allow 40 MHz co-ex PRI/SEC switch to force MCC
Do not allow 40 MHz co-ex PRI/SEC switch to force us to change our PRI
channel if we have an existing connection on the selected PRI channel
since doing multi-channel concurrency is likely to cause more harm than
using different PRI/SEC selection in environment with multiple BSSes on
these two channels with mixed 20 MHz or PRI channel selection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-28 18:14:58 +03:00
Stepanov, Max
8c43ef8449 P2PS: Fix attribute addition in p2p_buf_add_service_instance()
Fix a condition when Advertised Service Info Attribute is added to
a probe response in p2p_buf_add_service_instance(). The issue is
that a 'found' value is increased even if 'test' and 'adv->hash' hashes
are different. As result 'found' may have a non-zero value when an
attribute data length is 0. In this cause an empty attribute is about to
be added. Fixing it by eliminating 'found' and checking 'total_len'
containing a real number of bytes added to Advertised Service Info
Attribute.

This fixes an issue from commit 50a9efe713
('P2PS: Fix Probe Response frame building in error cases').

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-06-27 23:54:10 +03:00
Jouni Malinen
6c7314917b AP: Increase maximum value accepted for cwmin/cwmax
The cwmin/cwmax parameters were limited more than is needed. Allow the
full range (0..15 for wmm_ac_??_{cwmin,cwmax} and 1..32767 for
tx_queue_data?_{cwmin,cwmax}) to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 23:34:49 +03:00
Jouni Malinen
575e4f5d49 SAE: Reject FFC commit-element with value p-1
The current P802.11 description of SAE uses "1 < element < p" as the
required range. However, this is not correct and does not match the
Dragonfly description of "1 < element < p-1". SAE definition will need
to change here. Update the implementation to reject p-1 based on the
correct rule here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 21:20:14 +03:00
Jouni Malinen
a406244395 P2PS: Do not reply to ProbeReq on another channel when starting Listen
It was possible for the P2PS Probe Response frame to go out on the
channel on which a Probe Request frame was reported even when we are
just about to start Listen mode on another channel. This could result in
the peer device using incorrect channel for us. Fix this by skipping the
response in this special case while waiting for Listen mode to start.

This showed up as a hwsim test failure with test sequence "gas_fragment
p2ps_connect_display_method_nonautoaccept" in cases where the dev[0]
Listen channel was not same as the AP operating frequency in the GAS
test.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 17:10:19 +03:00
Jouni Malinen
0c2b3f6541 SAE: Reject commit-scalar value 1
IEEE Std 802.11-2012 description of SAE does not require this, i.e., it
describes the requirement as 0 < scalar < r for processing the Commit
message. However, this is not correct and will be changes to 1 < scalar
< r to match the Dragonfly description so that a trivial secret case
will be avoided explicitly.

This is not much of an issue for the locally generated commit-scalar
since it would be very unlikely to get the value of 1. For Commit
message processing, a peer with knowledge of the password could
potentially force the exchange to expose key material without this
check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 12:41:40 +03:00
Dmitry Shmidt
4f39908b60 Send CTRL-EVENT-NETWORK-NOT-FOUND if no suitable network was found
This provides more information to upper layer programs on what happens
with connection attempts in cases where the enabled networks are not
found in scan results.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-06-27 11:08:08 +03:00
Kevin Cernekee
ded14ce95d Android: Fix nl80211 build if BOARD_*_PRIVATE_LIB is unspecified
wpa_supplicant has stub functions if the external p2p symbols are
unavailable, but the build still fails if the
wpa_driver_nl80211_driver_cmd symbol is missing.  Fix this by leaving the
function pointer NULL.  This is safe because wpa_drv_driver_cmd() performs
a NULL check.

Signed-off-by: Kevin Cernekee <cernekee@google.com>
2015-06-26 22:46:49 +03:00
Kevin Cernekee
a1407217b1 Android: Rename ANDROID_P2P_STUB to ANDROID_LIB_STUB
If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will
need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd
in order to successfully link.  Let's make the name more generic so it is
more obvious what it is used for.

Suggested-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Kevin Cernekee <cernekee@google.com>
2015-06-26 22:46:16 +03:00
Maneesh Jain
4457f41b54 radius: Fix NULL dereference issue on allocation failure
In case memory allocation fails, data->pac_opaque_encr_key may be NULL
and lead to possible crash.

Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-06-26 22:44:41 +03:00
Jouni Malinen
f826fb1de1 OpenSSL: Handle EC_POINT_is_on_curve() error case
Even though this OpenSSL function is documented as returning "1 if point
if on the curve and 0 otherwise", it can apparently return -1 on some
error cases. Be prepared for that and check explicitly against 1 instead
of non-zero.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
bbb50086e3 SAE: Use random "password" in extra hunting-and-pecking loops
If PWE is discovered before the minimum number of loops (k) is reached,
the extra iterations use a random "password" to further obfuscate the
cost of discovering PWE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
eb5fee0bf5 SAE: Add side-channel protection to PWE derivation with ECC
This replaces the earlier IEEE Std 802.11-2012 algorithm with the design
from P802.11-REVmc/D4.0. Things brings in a blinding technique for
determining whether the pwd-seed results in a suitable PWE value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
16841ab246 crypto: Add functions for computing the Legendre symbol and EC y^2
These are needed to implement side-channel protection for SAE PWE
derivation for ECC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
c4a13b424b OpenSSL: Add support for Brainpool Elliptic Curves
This allows the IKE groups 27-30 (RFC 6932) to be used with OpenSSL
1.0.2 and newer. For now, these get enabled for SAE as configurable
groups (sae_groups parameter), but the new groups are not enabled by
default.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
4584b66eae SAE: Increase security parameter k to 40 based on Dragonfly recommendation
draft-irtf-cfrg-dragonfly recommends implementation to set the security
parameter, k, to a value of at least 40. This will make PWE generation
take significantly more resources, but makes it more likely to hide
timing differences due to different number of loops needed to find a
suitable PWE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-25 20:53:37 +03:00
Jouni Malinen
fdd731bd4a SAE: Fix PWE generation to use minimum loop count (k) properly
The implementation did not match the comment, i.e., only k-1 rounds were
required instead of k.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-25 20:53:37 +03:00