Even though this OpenSSL function is documented as returning "1 if point
if on the curve and 0 otherwise", it can apparently return -1 on some
error cases. Be prepared for that and check explicitly against 1 instead
of non-zero.
Signed-off-by: Jouni Malinen <j@w1.fi>
If PWE is discovered before the minimum number of loops (k) is reached,
the extra iterations use a random "password" to further obfuscate the
cost of discovering PWE.
Signed-off-by: Jouni Malinen <j@w1.fi>
This replaces the earlier IEEE Std 802.11-2012 algorithm with the design
from P802.11-REVmc/D4.0. Things brings in a blinding technique for
determining whether the pwd-seed results in a suitable PWE value.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows the IKE groups 27-30 (RFC 6932) to be used with OpenSSL
1.0.2 and newer. For now, these get enabled for SAE as configurable
groups (sae_groups parameter), but the new groups are not enabled by
default.
Signed-off-by: Jouni Malinen <j@w1.fi>
draft-irtf-cfrg-dragonfly recommends implementation to set the security
parameter, k, to a value of at least 40. This will make PWE generation
take significantly more resources, but makes it more likely to hide
timing differences due to different number of loops needed to find a
suitable PWE.
Signed-off-by: Jouni Malinen <j@w1.fi>
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
OpenSSL 0.9.8 (and newer) includes SSL_CTX_get_app_data() and
SSL_CTX_set_app_data(), so there is no need to maintain this old
OPENSSL_SUPPORTS_CTX_APP_DATA backwards compatibility design.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, it would have been possible for va_end(args) to be called
twice in case mp_init() fails. While that may not cause issues on number
of platforms, that is not how va_start()/va_end() are supposed to be
used. Fix this by returning from the function without using va_end()
twice on the same va_list args.
Signed-off-by: Jouni Malinen <j@w1.fi>
The construction used here to figure out the offset of variable length
IEs in Probe Request frames was a bit odd looking and resulted in a
warning from a static analyzer, so replace it with more standard use of
offsetof().
Signed-off-by: Jouni Malinen <j@w1.fi>
The flags argument is used to indicate a failure case (0x80) which
allows erp == NULL. This may be a bit too difficult combination for
static analyzers to understand, so add an explicit check for !erp as
another condition for returning from the function before the erp pointer
gets dereferenced without checking it.
Signed-off-by: Jouni Malinen <j@w1.fi>
drv cannot be NULL here (it is dereferenced even on the preceding line)
and anyway, os_free(NULL) is allowed, so remove the redundant check.
Signed-off-by: Jouni Malinen <j@w1.fi>
The eap argument to this function is never NULL and the earlier
ieee802_1x_learn_identity() call is dereferencing it anyway, so there is
no point in checking whether it is NULL later in the function.
Signed-off-by: Jouni Malinen <j@w1.fi>
This needs to find the PRI channel also in cases where the affected
channel is the SEC channel of a 40 MHz BSS, so need to include the
scanning coverage here to be 40 MHz from the center frequency. Without
this, it was possible to miss a neighboring 40 MHz BSS that was at the
other end of the 2.4 GHz band and had its PRI channel further away from
the local BSS.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the common WLAN-* RADIUS attributes were added only when WPA
or WPA2 was used. These can be of use for OSEN as well, so include them
in that case, too.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to have a separate "fail silently" case for wpa_ie_len
== 0. That condition does not seem to be reachable and even if it were,
the following "ie len too short" case will result in the exact same
return value.
Signed-off-by: Jouni Malinen <j@w1.fi>
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.
Signed-off-by: Jouni Malinen <j@w1.fi>
Sending a wowlan configuration command can be done on any wireless
interface (not only netdev), as it is a device configuration and not
interface configuration specific. Fix the code to allow it to be
sent on any interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Android libnl_2 implementation added support for "nl80211" name in
commit 'libnl_2: Extend genl_ctrl_resolve() to support "nl80211" name'
in July 2012 which got included in Android 4.2. It is fine to drop this
old Android ICS workaround from wpa_supplicant now.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
p2p_process_nfc_connection_handover() allocates msg memory in the parser
and might return before memory is released if the received message is
not valid.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
If key derivation fails, there is no point in trying to continue
authentication. In theory, this could happen if memory allocation during
TLS PRF fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Free tmp_out before returning to prevent memory leak in case the second
memory allocation in openssl_tls_prf() fails. This is quite unlikely,
but at least theoretically possible memory leak with EAP-FAST.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
org.wi-fi.wfds service is not a replacement for non-WFA service matches.
Do not try to replace the results with that if there is not sufficient
room for the response. Instead, reply with all the matching services
that fit into the message. org.wi-fi.wfds is the first entry in the list
(if matching request/service is present), so it won't get overridden by
other services.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The service hash for org.wi-fi.wfds is supposed to match only if the
device has a WFA defined org.wi-fi.wfds.* service. Verify that before
adding org.wi-fi.wfds to the response.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Probe Response building is already doing service matching and there is
no need to do this in both places, so simplify the p2p_reply_probe()
implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When doing initial processing of Probe Request frame service hashes, the
previous implementation dropped all other hash values if a hash for
org.wi-fi.wfds was included. This is not correct, since that is not a
full wildcard of all services (it only matches WFA defined
org.wi-fi.wfds.* services).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This "wildcard" match is for WFA specified org.wi-fi.wfds.* services,
not for all services. Verify that there is a really matching service
being advertised instead of assuming this "wildcard" matches if any
services are advertised.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The org.wi-fi.wfds "wildcard" is not a full wildcard of all service
names and as such, it must not remove other service name hash values
from the Probe Request frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
p2ps_gen_hash() has a limit on service names based on the temporary
buffer from stack. Verify that the service name from the local P2P_FIND
command is short enough to fix into that buffer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Quoting P2PS specification: "If multiple Service Hash values are
included in the Probe Request frame, then the ASP shall find a match for
each Service Hash, and it shall send a Probe Response frame with the
information listed in this section for all matched Service Hashes." This
commit changes handling of wildcard hash matching by adding a
wildcard 'org.wi-fi.wfds' info together with the other hash matches.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add auxiliary functions to write a single advertised service info record
into a wpabuf and to find P2PS wildcard hash in a received hash
attribute. Re-factor p2p_buf_add_service_instance() function to allow
adding new wildcard types in future commits.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
When hostapd or wpa_supplicant is run in debug more with key material
prints allowed (-K on the command line), it is possible for passwords
and keying material to show up in debug prints. Since some of the debug
cases end up allocating a temporary buffer from the heap for processing
purposes, a copy of such password may remain in heap. Clear these
temporary buffers explicitly to avoid causing issues for hwsim test
cases that verify contents of memory against unexpected keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Avoid using p2p_data::query_hash for both Probe Request frame processing
and for hashes specified by p2p_find. It's resolved by use of local
query_hash and query_count variables in p2p_reply_probe().
Since p2p_data::query_hash is used only for seek hash values rename
p2p_data::query_hash to p2ps_seek_hash.
Delete p2p_data::query_count since it's not needed anymore.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Commit 86bd36f0d5 ('Add generic mechanism
for adding vendor elements into frames') introduced a mechanism to add
vendor elements into various frames, but missed the addition to the
Invitation Response frame. This commit addresses the same.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This variable is used locally only in the p2p_reply_probe() function.
The value of this variable is valid only in the context of the single
Probe Request message handling and doesn't make much sense in p2p
context.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Free a PD context with a function encapsulating both os_free() call and
setting a PD context pointer to NULL.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
A P2P Client may be discoverable and reply to Probe Request frames,
while at the same time the P2P GO would also be discoverable and include
the P2P Client information in the P2P Group Info attribute of the Probe
Response frames.
If a seeker constantly hears the Probe Response frames from a P2P Client
and then from the GO, but handles them in the opposite order (due to
scan results ordering), the more valuable Probe Response frame from the
P2P Client will be ignored. Fix this by defining a threshold (1 second)
during which the direct Probe Response frame will be preferred over the
information acquired from the GO and will not be considered as old.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
When adding group clients to the P2P peer list, use the driver provided
BSS entry timestamp instead of the current time. Otherwise, the time
comparison which is made in p2p_add_device() doesn't make sense.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
If the RX frequency of the Probe Request frame is known, specify it when
sending the Probe Response frame. This is needed when the Probe Request
frame is received on another virtual interface, for example, when a GO
or P2PS client are discoverable on the group operating channel.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Change send_mlme() API to allow sending management frames on a specific
channel, overriding the internal driver decision.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Return P2P_PREQ_PROCESSED instead of P2P_PREQ_NOT_PROCESSED on
a successful Probe Request frame handling in p2p_reply_probe().
Verify a return value of p2p_reply_probe() in p2p_probe_req_rx()
and continue a pending invitation/connection flow only if the
Probe Request frame is from an expected P2P peer.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
