path: root/src/wps
Commit message (Collapse)AuthorAgeFilesLines
* WPS UPnP: Support build on OS XJouni Malinen2020-06-091-3/+3
| | | | | | | | Define MAC address fetching for OS X (by reusing the existing FreeBSD implementation) to allow full compile testing of the WPS implementation on a more BSD-like platform. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS UPnP: Fix FreeBSD buildJouni Malinen2020-06-091-1/+1
| | | | | | | | | struct ifreq does not include the ifr_netmask alternative on FreeBSD, so replace that more specific name with ifr_addr that works with both Linux and FreeBSD. Fixes: 5b78c8f961f2 ("WPS UPnP: Do not allow event subscriptions with URLs to other networks") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS UPnP: Handle HTTP initiation failures for events more properlyJouni Malinen2020-06-081-2/+2
| | | | | | | | | | | | | | | While it is appropriate to try to retransmit the event to another callback URL on a failure to initiate the HTTP client connection, there is no point in trying the exact same operation multiple times in a row. Replve the event_retry() calls with event_addr_failure() for these cases to avoid busy loops trying to repeat the same failing operation. These potential busy loops would go through eloop callbacks, so the process is not completely stuck on handling them, but unnecessary CPU would be used to process the continues retries that will keep failing for the same reason. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS UPnP: Fix event message generation using a long URL pathJouni Malinen2020-06-082-3/+9
| | | | | | | | | | | | | More than about 700 character URL ended up overflowing the wpabuf used for building the event notification and this resulted in the wpabuf buffer overflow checks terminating the hostapd process. Fix this by allocating the buffer to be large enough to contain the full URL path. However, since that around 700 character limit has been the practical limit for more than ten years, start explicitly enforcing that as the limit or the callback URLs since any longer ones had not worked before and there is no need to enable them now either. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS UPnP: Do not allow event subscriptions with URLs to other networksJouni Malinen2020-06-083-4/+39
| | | | | | | | | | | | The UPnP Device Architecture 2.0 specification errata ("UDA errata 16-04-2020.docx") addresses a problem with notifications being allowed to go out to other domains by disallowing such cases. Do such filtering for the notification callback URLs to avoid undesired connections to external networks based on subscriptions that any device in the local network could request when WPS support for external registrars is enabled (the upnp_iface parameter in hostapd configuration). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS UPnP: Do not update Beacon frames unnecessarily on subscription removalJouni Malinen2020-06-041-1/+3
| | | | | | | | | | There is no need to update the WPS IE in Beacon frames when a subscription is removed if that subscription is not for an actual selected registrar. For example, this gets rids of unnecessary driver operations when a subscription request gets rejected when parsing the callback URLs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Allow TKIP support to be removed from buildDisha Das2020-04-173-0/+21
| | | | | | | | | Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from hostapd and wpa_supplicant builds. This disables use of TKIP as both the pairwise and group cipher. The end result does not interoperate with a WPA(v1)-only device or WPA+WPA2 mixed modes. Signed-off-by: Disha Das <dishad@codeaurora.org>
* WPS: Remove expired PINs on Selected Registrar timeoutJouni Malinen2020-03-041-0/+1
| | | | | | | | | | This clears the AuthorizedMACs advertisement immediately when the Selected Registrar timeout is hit and no more active PINs are present. Previously, the AuthorizedMACs advertisement could remain in place indefinitely since expired PINs were removed only when actually trying to find a PIN for a new WPS exchange. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS: Remove static-WEP-only workaroundJouni Malinen2020-02-292-29/+0
| | | | | | | WEP provisioning was removed from WPS v2, so this workaround functionality has not been applicable. Remove it completely. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Make it possible to use PSKs loaded from the PSK fileTomasz Jankowski2020-02-152-2/+27
| | | | | | | | | | | | | | By default, when configuration file set wpa_psk_file, hostapd generated a random PSK for each Enrollee provisioned using WPS and appended that PSK to wpa_psk_file. Changes that behavior by adding a new step. WPS will first try to use a PSK from wpa_psk_file. It will only try PSKs with wps=1 tag. Additionally it'll try to match enrollee's MAC address (if provided). If it fails to find an appropriate PSK, it falls back to generating a new PSK. Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
* WPS: Use PMK_LEN instead of hardcoded 32Jouni Malinen2020-02-151-4/+5
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Add application extension data to WPS IEBilal Hatipoglu2020-01-044-2/+23
| | | | | | | | | | | | | | Application Extension attribute is defined in WSC tech spec v2.07 page 104. Allow hostapd to be configured to add this extension into WPS IE in Beacon and Probe Response frames. The implementation is very similar to vendor extension. A new optional entry called "wps_application_ext" is added to hostapd config file to configure this. It enodes the payload of the Application Extension attribute in hexdump format. Signed-off-by: Veli Demirel <veli.demirel@airties.com> Signed-off-by: Bilal Hatipoglu <bilal.hatipoglu@airties.com>
* WPS: Add prefixes to public event_* functionsBrian Norris2019-12-223-23/+26
| | | | | | | | | | | | | | | | | | | | | openssl engines may dynamically load external libraries. Our event_*() functions happen to be named very generically, such that event_add() collides with the libevent library (https://libevent.org/). This can have disastrous effects (esp. when using CONFIG_WPA_TRACE, which enables partial linking) when our SSL engines call into the WPS event_add() instead of their intended libevent event_add(). Resolve this by providing a more unique prefix to these functions. Rename performed via: sed -i -E \ 's:\<event_(add|delete_all|send_all_later|send_stop_all)\>:wps_upnp_event_\1:g' \ $(git grep -l event_) Tested via (among other things) hwsim '-f ap_wps' module. Signed-off-by: Brian Norris <briannorris@chromium.org>
* Clean up base64_{encode,decode} pointer typesJouni Malinen2019-11-285-8/+9
| | | | | | | | Allow any pointer to be used as source for encoding and use char * as the return value from encoding and input value for decoding to reduce number of type casts needed in the callers. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS: Check SHA256 result successJouni Malinen2019-10-152-7/+11
| | | | | | | These functions can fail in theory, so verify they succeeded before comparing the hash values. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS: Fix a typo in a comment (use full WPA2-Personal name)Jouni Malinen2019-06-261-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Multi-AP: Avoid memcpy(ptr, NULL, 0) in WPS Registrar initializationJouni Malinen2019-02-231-3/+7
| | | | | | | This can result in compiler warnings due to the unexpected NULL pointer as a source memory even when the length of the copied data is 0. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Support Multi-AP backhaul STA onboarding with WPSDavina Lu2019-02-186-0/+123
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the WPS Registrar offers a different set of credentials (backhaul credentials instead of fronthaul credentials) when the Multi-AP subelement is present in the WFA vendor extension element of the WSC M1 message. Add new configuration options to specify the backhaul credentials for the hostapd internal registrar: multi_ap_backhaul_ssid, multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are only relevant for a fronthaul SSID, i.e., where multi_ap is set to 2 or 3. When these options are set, pass the backhaul credentials instead of the normal credentials when the Multi-AP subelement is present. Ignore the Multi-AP subelement if the backhaul config options are not set. Note that for an SSID which is fronthaul and backhaul at the same time (i.e., multi_ap == 3), this results in the correct credentials being sent anyway. The security to be used for the backaul BSS is fixed to WPA2PSK. The Multi-AP Specification only allows Open and WPA2PSK networks to be configured. Although not stated explicitly, the backhaul link is intended to be always encrypted, hence WPA2PSK. To build the credentials, the credential-building code is essentially copied and simplified. Indeed, the backhaul credentials are always WPA2PSK and never use per-device PSK. All the options set for the fronthaul BSS WPS are simply ignored. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
* wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPSDavina Lu2019-02-184-1/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the backhaul STA needs to add a Multi-AP IE to the WFA vendor extension element in the WSC M1 message that indicates it supports the Multi-AP backhaul STA role. The Registrar (if it support Multi-AP onboarding) will respond to that with a WSC M8 message that also contains the Multi-AP IE, and that contains the credentials for the backhaul SSID (which may be different from the SSID on which WPS is performed). Introduce a new parameter to wpas_wps_start_pbc() and allow it to be set via control interface's new multi_ap=1 parameter of WPS_PBC call. multi_ap_backhaul_sta is set to 1 in the automatically created SSID. Thus, if the AP does not support Multi-AP, association will fail and WPS will be terminated. Only wps_pbc is supported. This commit adds the multi_ap argument only to the control socket interface, not to the D-Bus interface. Since WPS associates with the fronthaul BSS instead of the backhaul BSS, we should not drop association if the AP announces fronthaul-only BSS. Still, we should only do that in the specific case of WPS. Therefore, add a check to multi_ap_process_assoc_resp() to allow association with a fronthaul-only BSS if and only if key_mgmt contains WPS. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Daniel Golle <daniel@makrotopia.org> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
* WPS: Add multi_ap_subelem to wps_build_wfa_ext()Arnout Vandecappelle (Essensium/Mind)2019-02-189-29/+40
| | | | | | | | | | | | | | The Multi-AP specification adds a new subelement to the WFA extension element in the WPS exchange. Add an additional parameter to wps_build_wfa_ext() to add this subelement. The subelement is only added if the parameter is nonzero. Note that we don't reuse the existing MULTI_AP_SUB_ELEM_TYPE definition here, but rather define a new WFA_ELEM_MULTI_AP, to make sure the enum of WFA subelement types for WPS vendor extension remains complete. For now, all callers set the multi_ap_subelem parameter to 0. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* WPS: Fix wps_validate_credential() argument typeJouni Malinen2018-12-241-1/+1
| | | | | | | Newer gcc complained about the mismatching len[] argument type. Silence that by using the correct type. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS NFC: Fix potential NULL pointer dereference on an error pathYu Ouyang2018-12-041-1/+2
| | | | | | | | | | | | | The NFC connection handover specific case of WPS public key generation did not verify whether the two wpabuf_dup() calls succeed. Those may return NULL due to an allocation failure and that would result in a NULL pointer dereference in dh5_init_fixed(). Fix this by checking memory allocation results explicitly. If either of the allocations fail, do not try to initialize wps->dh_ctx and instead, report the failure through the existing error case handler below. Signed-off-by: Jouni Malinen <jouni@codeaurora.org
* Free dh_ctx on failure in wps_nfc_gen_dh()Srikanth Marepalli2018-09-201-0/+1
| | | | | | This is needed to avoid a memory leak on an error path. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS: Do not increment wildcard_uuid when pin is lockedLior David2017-10-031-1/+4
| | | | | | | | | | | | | | | | | | | | | | | Commit 84751b98c151f70c322b6b7f70d967400e147852 ('WPS: Allow wildcard UUID PIN to be used twice') relaxed the constraints on how many time a wildcard PIN can be used to allow two attempts. However, it did this in a way that could result in concurrent attempts resulting in the wildcard PIN being invalidated even without the second attempt actually going as far as trying to use the PIN and a WPS protocol run. wildcard_uuid is a flag/counter set for wildcard PINs and it is incremented whenever the PIN is retrieved by wps_registrar_get_pin(). Eventually it causes the wildcard PIN to be released, effectively limiting the number of registration attempts with a wildcard PIN. With the previous implementation, when the PIN is in use and locked (PIN_LOCKED), it is not returned from wps_registrar_get_pin() but wildcard_uuid is still incremented which can cause the PIN to be released earlier and stations will have fewer registration attempts with it. Fix this scenario by only incrementing wildcard_uuid if the PIN is actually going to be returned and used. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* Use os_memdup()Johannes Berg2017-03-073-19/+10
| | | | | | | | | | | | | | | | | | | | | | This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Share a single str_starts() implementationJouni Malinen2016-08-061-6/+0
| | | | | | No need to define this as a static function in multiple files. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Declare module test functions in a header fileJouni Malinen2016-06-231-0/+1
| | | | | | This gets rid of number of warnings from sparse. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Mark some module test arrays staticJouni Malinen2016-06-231-1/+1
| | | | | | These are not used outside the source code file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Check sha256_vector() result in wps_build_oob_dev_pw()Jouni Malinen2016-05-161-1/+2
| | | | | | | | This gets rid of a valgrind warning on uninitialized memory read in the wpas_ctrl_error test case where the result was used after the failed sha256_vector() call. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Fix debug prints in wps_derive_psk() error caseJouni Malinen2016-05-164-11/+16
| | | | | | | | Check for hmac_sha256() failures and exit from wps_derive_psk() without printing out the derived keys if anything fails. This removes a valgrind warning on uninitialized value when running the ap_wps_m3_oom test case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Fix segmentation fault in new DH key derivationRujun Wang2016-05-131-1/+1
| | | | | | | | | | | | Commit 4104267e81b0a0acdb43f693a67f236b3237a719 ('Fix memory leak on NFC DH generation error path') modified dh5_init() behavior in the non-OpenSSL implementation to free the public key (if any was previously set). However, this did not update one of the callers to make sure the publ argument in the call is initialized. This could result in trying to free invalid pointer and segmentation fault when hostapd or wpa_supplicant was built against some other crypto library than OpenSSL. Signed-off-by: Rujun Wang <chinawrj@gmail.com>
* WPS: Reject a Credential with invalid passphraseJouni Malinen2016-05-021-0/+10
| | | | | | | | | | | | | | | WPA/WPA2-Personal passphrase is not allowed to include control characters. Reject a Credential received from a WPS Registrar both as STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or WPA2PSK authentication type and includes an invalid passphrase. This fixes an issue where hostapd or wpa_supplicant could have updated the configuration file PSK/passphrase parameter with arbitrary data from an external device (Registrar) that may not be fully trusted. Should such data include a newline character, the resulting configuration file could become invalid and fail to be parsed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Explicitly clear wpabuf memory with key informationJouni Malinen2016-04-285-48/+48
| | | | | | | | This reduces duration that private keying material might remain in the process memory by clearing wpabuf data used in WPS operations when there is possibility of the buffer including keys or related material. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Use only os_get_random() for PIN generationNick Lowe2016-02-192-8/+6
| | | | | | | | | Remove the fallback dependency on os_random() when generating a WPS pin. This is exceptionally unlikely to ever be called as the call to os_get_random() is unlikely to fail. The intention is to facilitate future removal of os_random() as it uses a low quality PRNG. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
* WPS: Testing mechanism to force auth/encr type flagsJouni Malinen2016-01-013-3/+29
| | | | | | | | | | The new wps_force_{auth,encr}_types parameters can be used in test build (CONFIG_WPS_TESTING) to force wpa_supplicant to use the specified value in the Authentication/Encryption Type flags attribute. This can be used to test AP behavior on various error cases for which there are workarounds to cover deployed device behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Add a workaround for WPA2PSK missing from Enrollee auth flagsJouni Malinen2016-01-011-0/+17
| | | | | | | | | | | Some deployed implementations seem to advertise incorrect information in this attribute. A value of 0x1b (WPA2 + WPA + WPAPSK + OPEN, but no WPA2PSK) has been reported to be used. Add WPA2PSK to the list to avoid issues with building Credentials that do not use the strongest actually supported authentication option (that device does support WPA2PSK even when it does not claim it here). Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Do not build Credential with unsupported encr combination on APJouni Malinen2016-01-012-2/+23
| | | | | | | | | | | | | | | | | It was possible for the Registrar code to generate a Credential with auth type WPAPSK (i.e., WPA v1) with encr type AES if the Enrollee claimed support for WPAPSK and not WPA2PSK while the AP was configured in mixed mode WPAPSK+WPA2PSK regardless of how wpa_pairwise (vs. rsn_pairwise) was set since encr type was selected from the union of wpa_pairwise and rsn_pairwise. This could result in the Enrollee receiving a Credential that it could then not use with the AP. Fix this by masking the encryption types separately on AP based on the wpa_pairwise/rsn_pairwise configuration. In the example case described above, the Credential would get auth=WPAPSK encr=TKIP instead of auth=WPAPSK encr=AES. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Support parallel UPnP WPS protocol runsJouni Malinen2015-11-304-12/+90
| | | | | | | | | This allows multiple external registrars to execute a WPS protocol run with a WPS AP over UPnP. Previously, hostapd supported only a single WPS peer entry at a time and if multiple ERs tried to go through a WPS protocol instance concurrently, only one such exchange could succeed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Avoid undefined behavior in pointer arithmeticJouni Malinen2015-10-181-2/+2
| | | | | | | | | Reorder terms in a way that no invalid pointers are generated with pos+len operations. end-pos is always defined (with a valid pos pointer) while pos+len could end up pointing beyond the end pointer which would be undefined behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Mark web_connection_parse_get() argument filename constJouni Malinen2015-10-031-1/+2
| | | | | | | All the other web_connection_parse_*() functions were already doing this, so make the GET handler consistent as well. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Reduce struct wps_parse_attr sizeJouni Malinen2015-09-073-22/+26
| | | | | | | | | Use shorter variables for storing the attribute lengths and group these variables together to allow compiler to pack them more efficiently. This reduces the struct size from 960 bytes to 760 bytes in 64-bit builds. This reduces stack use in number of functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Reduce wps_ap_priority_compar() stack useJouni Malinen2015-09-071-6/+6
| | | | | | | | There is no need to maintain two concurrent instances of struct wps_parse_attr in this function. Share a single structure for parsing both IEs. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS ER: Clean up WPS session on PutMessage error casesJouni Malinen2015-09-071-7/+20
| | | | | | | This is needed to allow new operation to be started after an error without having to wait for the AP entry to time out. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Allow config_methods to be cleared with an empty stringJouni Malinen2015-09-051-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Merge identical error paths in ssdp_listener_open()Jouni Malinen2015-09-051-8/+5
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Remove trailing CR from subscription callback URLsJouni Malinen2015-08-311-0/+2
| | | | | | This cleans up the debug log a bit. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Print subscription UUID in debug log in more placesJouni Malinen2015-08-312-5/+15
| | | | | | This makes it easier to debug subscription issues. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Clean up next_advertisement() error pathJouni Malinen2015-08-311-5/+1
| | | | | | | | No need to have a common failure handler if it is used from only a single location and that lcoation does not even need the memory freeing step. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Merge event_send_start() error pathsJouni Malinen2015-08-311-5/+3
| | | | | | There is no need to keep these separate. Signed-off-by: Jouni Malinen <j@w1.fi>
* WPS: Merge SetSelectedRegistrar parsing error returnsJouni Malinen2015-08-311-4/+2
| | | | | | There is no need to maintain two error paths for this. Signed-off-by: Jouni Malinen <j@w1.fi>