]> git.ipfire.org Git - thirdparty/hostap.git/log
thirdparty/hostap.git
5 years agoAdd TLS-PRF using HMAC with P_SHA384 for TEAP
Jouni Malinen [Fri, 16 Aug 2019 18:15:32 +0000 (21:15 +0300)] 
Add TLS-PRF using HMAC with P_SHA384 for TEAP

This version of TLS PRF is needed when using TEAP with TLS ciphersuites
that are defined to use SHA384 instead of SHA256.

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: sigma_dut with TOD-TOFU
Jouni Malinen [Fri, 16 Aug 2019 13:39:08 +0000 (16:39 +0300)] 
tests: sigma_dut with TOD-TOFU

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: TOD-TOFU policy reporting
Jouni Malinen [Fri, 16 Aug 2019 13:25:14 +0000 (16:25 +0300)] 
tests: TOD-TOFU policy reporting

Also rename the previously added test case to use the TOD-STRICT name
for the earlier policy OID.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Update RSA 3k certificates before the previous ones expire
Jouni Malinen [Fri, 16 Aug 2019 13:21:38 +0000 (16:21 +0300)] 
tests: Update RSA 3k certificates before the previous ones expire

In addition, update the generation script to allow convenient update of
the server and user certificates without having to generate new keys.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Add a server certificate with TOD-TOFU policy
Jouni Malinen [Fri, 16 Aug 2019 12:59:43 +0000 (15:59 +0300)] 
tests: Add a server certificate with TOD-TOFU policy

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoExtend server certificate TOD policy reporting to include TOD-TOFU
Jouni Malinen [Fri, 16 Aug 2019 12:51:40 +0000 (15:51 +0300)] 
Extend server certificate TOD policy reporting to include TOD-TOFU

The previously used single TOD policy was split into two policies:
TOD-STRICT and TOD-TOFU. Report these separately in the
CTRL-EVENT-EAP-PEER-CERT events (tod=1 for TOD-STRICT and tod=2 for
TOD-TOFU).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoSAE: Conditionally set PMKID while notifying the external auth status
Sunil Dutt [Fri, 16 Aug 2019 05:18:45 +0000 (10:48 +0530)] 
SAE: Conditionally set PMKID while notifying the external auth status

This is needed for the drivers implementing SME to include the PMKID in
the Association Request frame directly following SAE authentication.

This commit extends the commit d2b208384391 ("SAE: Allow PMKID to be
added into Association Request frame following SAE") for drivers with
internal SME that use the external authentication mechanism.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoSAE: Use BSSID stored in ext_auth_bssid for set_pmk
Sunil Dutt [Fri, 16 Aug 2019 05:08:10 +0000 (10:38 +0530)] 
SAE: Use BSSID stored in ext_auth_bssid for set_pmk

pending_bssid is cleared in the connected state and thus is not valid if
SAE authentication is done to a new BSSID when in the connected state.
Hence use the BSSID from ext_auth_bssid while configuring the PMK for
the external authentication case. This is required for roaming to a new
BSSID with driver-based-SME while the SAE processing happens with
wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoOWE: Update connect params with new DH attributes to the driver
Sunil Dutt [Thu, 25 Jul 2019 06:40:57 +0000 (12:10 +0530)] 
OWE: Update connect params with new DH attributes to the driver

A new DH public key is sent through this interface to the driver after
every successful connection/roam to a BSS. This helps to do OWE roaming
to a new BSS with drivers that implement SME/MLME operations during
roaming.

This updated DH IEs are added in the subsequent (Re)Association Request
frame sent by the station when roaming. The DH IE from the roamed AP is
given to wpa_supplicant in the roam result event. wpa_supplicant shall
further process these DH IEs to generate the PMK for the 4-way
handshake.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agonl80211: Request update connection params only for drivers with SME
Sunil Dutt [Fri, 16 Aug 2019 04:53:24 +0000 (10:23 +0530)] 
nl80211: Request update connection params only for drivers with SME

Update Connection Params is intended for drivers that implement
internal SME and expect these updated connection params from
wpa_supplicant. Do not send this request for the drivers using
SME from wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Additional FT with PMF required testing coverage
Jouni Malinen [Fri, 16 Aug 2019 10:53:04 +0000 (13:53 +0300)] 
tests: Additional FT with PMF required testing coverage

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoFT: Reject over-the-DS response with MFPC=0 if PMF is required
Jouni Malinen [Fri, 16 Aug 2019 10:50:54 +0000 (13:50 +0300)] 
FT: Reject over-the-DS response with MFPC=0 if PMF is required

If FT over-the-DS case is enforced through the "FT_DS <BSSID>" control
interface command, the PMF capability check during BSS selection is not
used and that could have allowed PMF to be disabled in the over-the-DS
case even if the local network profile mandated use of PMF. Check
against this explicitly to avoid unexpected cases if the APs within the
same mobility domain are not configured consistently.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoRSN: Do not allow connection to proceed without MFPC=1 if PMF required
Jouni Malinen [Fri, 16 Aug 2019 10:48:16 +0000 (13:48 +0300)] 
RSN: Do not allow connection to proceed without MFPC=1 if PMF required

PMF capability check is done as part of BSS selection routines, but
those are not used when going through the enforced roaming operation
("ROAM <BSSID>" control interface command). While that mechanism is
mainly for testing purposes, extend it to do the same check for PMF to
prevent cases where forced roaming could end up disabling PMF against
the local profile requirement.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoFT: Fix MFPR flag in RSNE during FT protocol
Jouni Malinen [Fri, 16 Aug 2019 10:23:06 +0000 (13:23 +0300)] 
FT: Fix MFPR flag in RSNE during FT protocol

Commit e820cf952f29 ("MFP: Add MFPR flag into station RSN IE if 802.11w
is mandatory") added indication of MFPR flag in non-FT cases, but forgot
to do so for the FT protocol cases where a different function is used to
build the RSNE. Do the same change now for that FT specific case to get
consistent behavior on indicating PMF configuration state with MFPR.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoOCE: Mandate PMF for WPA2 association with OCE AP
Ankita Bajaj [Tue, 30 Jul 2019 09:05:32 +0000 (14:35 +0530)] 
OCE: Mandate PMF for WPA2 association with OCE AP

An OCE AP with WPA2 enabled shall require PMF negotiation when
associating with an OCE STA. An OCE STA-CFON may negotiate PMF with a
STA when it is operating as an AP. Don't select an OCE AP for connection
if PMF is not enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoHS 2.0: Match credentials based on required_roaming_consortium
Purushottam Kushwaha [Fri, 26 Jul 2019 05:55:19 +0000 (11:25 +0530)] 
HS 2.0: Match credentials based on required_roaming_consortium

When required_roaming_consortium is set in a credential, station
should match this against Roaming Consortium(s) for a BSS similar
to how it is matching for roaming_consortiums during Interworking
credentials availability check for roaming_consortium.

In the context of Hotspot 2.0 PPS MO, this means addressing matching
part in the same manner for HomeSP/HomeOIList/<X+>/HomeOI regardless of
how HomeSP/HomeOIList/<X+>/HomeOIRequired is set (i.e., the required
part is used as an independent check for the AP advertising the needed
information while the "credential can be used here and this is a home
network" part is shared).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: SAE and PMKSA caching (PMKID in AssocReq after SAE)
Jouni Malinen [Wed, 14 Aug 2019 14:51:31 +0000 (17:51 +0300)] 
tests: SAE and PMKSA caching (PMKID in AssocReq after SAE)

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoSAE: Allow PMKID to be added into Association Request frame following SAE
Jouni Malinen [Wed, 14 Aug 2019 14:49:23 +0000 (17:49 +0300)] 
SAE: Allow PMKID to be added into Association Request frame following SAE

IEEE Std 802.11-2016 does not require this behavior from a SAE STA, but
it is not disallowed either, so it is useful to have an option to
identify the derived PMKSA in the immediately following Association
Request frames. This is disabled by default (i.e., no change to previous
behavior) and can be enabled with a global wpa_supplicant configuration
parameter sae_pmkid_in_assoc=1.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoMake wpa_insert_pmkid() more generic
Jouni Malinen [Wed, 14 Aug 2019 14:47:58 +0000 (17:47 +0300)] 
Make wpa_insert_pmkid() more generic

This is not used only with FT, so make the comments less confusing and
include the function in all builds to make it available for
non-FT/non-FILS builds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Fix wlan.mesh.config.cap workaround for test_wpas_mesh_max_peering
Sven Eckelmann [Fri, 12 Jul 2019 10:48:53 +0000 (12:48 +0200)] 
tests: Fix wlan.mesh.config.cap workaround for test_wpas_mesh_max_peering

The wlan.mesh.config doesn't have to be the last element of beacon. Things
like VHT or HE oper/cap are usually follow the mesh configuration element.

The workaround must first get the position of a correct reference value in
wlan.mesh.config (ps_protocol) and then calculate the correct
wlan.mesh.config.cap offset based on that.

Reported-by: Johannes Berg <johannes@sipsolutions.net>
Fixes: 2cbaf0de223b ("tests: Work around tshark bug in wpas_mesh_max_peering")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
5 years agoHE: MCS size is always a minimum of 4 bytes
John Crispin [Mon, 1 Jul 2019 13:27:09 +0000 (15:27 +0200)] 
HE: MCS size is always a minimum of 4 bytes

The MCS set always has a minimal size of 4 bytes. Without this change
HE20 failed to work.

Signed-off-by: John Crispin <john@phrozen.org>
5 years agonl80211: Don't force VHT channel definition with HE
Sven Eckelmann [Mon, 1 Jul 2019 13:34:08 +0000 (15:34 +0200)] 
nl80211: Don't force VHT channel definition with HE

HE (802.11ax) is also supported on 2.4 GHz. And the 2.4 GHz band isn't
supposed to use VHT operations. Some codepaths in wpa_supplicant will
therefore not initialize the freq->bandwidth or the freq->center_freq1/2
members. As a result, the nl80211_put_freq_params() will directly return
an error (-1) or the kernel will return an error due to the invalid
channel definition.

Instead, the channel definitions should be created based on the actual
HT/VHT/none information on 2.4 GHz.

Fixes: ad9a1bfe788e ("nl80211: Share VHT channel configuration for HE")
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
5 years agoCheck for LEAP before doing FT
Matthew Wang [Thu, 8 Aug 2019 20:02:12 +0000 (13:02 -0700)] 
Check for LEAP before doing FT

According to https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html
Cisco does not support EAP-LEAP with Fast Transition. Here,
we check for LEAP before selecting FT 802.1X key management
suite.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
5 years agotests: DPP network introduction with expired netaccesskey
Jouni Malinen [Sun, 11 Aug 2019 13:45:43 +0000 (16:45 +0300)] 
tests: DPP network introduction with expired netaccesskey

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: SAE dot11RSNASAESync
Jouni Malinen [Sun, 11 Aug 2019 13:34:41 +0000 (16:34 +0300)] 
tests: SAE dot11RSNASAESync

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agoFix a typo in hostapd config documentation
Jouni Malinen [Sun, 11 Aug 2019 13:32:27 +0000 (16:32 +0300)] 
Fix a typo in hostapd config documentation

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: OCE AP
Jouni Malinen [Sun, 11 Aug 2019 13:31:34 +0000 (16:31 +0300)] 
tests: OCE AP

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: WPS registrar configuring an AP using preconfigured AP password token
Jouni Malinen [Sun, 11 Aug 2019 13:25:48 +0000 (16:25 +0300)] 
tests: WPS registrar configuring an AP using preconfigured AP password token

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: HE AP parameters
Jouni Malinen [Sun, 11 Aug 2019 13:14:44 +0000 (16:14 +0300)] 
tests: HE AP parameters

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: OCV on 2.4 GHz with PMF getting enabled automatically
Jouni Malinen [Sun, 11 Aug 2019 13:06:49 +0000 (16:06 +0300)] 
tests: OCV on 2.4 GHz with PMF getting enabled automatically

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: acs_exclude_dfs=1
Jouni Malinen [Sun, 11 Aug 2019 13:02:43 +0000 (16:02 +0300)] 
tests: acs_exclude_dfs=1

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: FT RKH parameters
Jouni Malinen [Sun, 11 Aug 2019 10:25:33 +0000 (13:25 +0300)] 
tests: FT RKH parameters

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: FT PMK-R0/R1 expiration
Jouni Malinen [Sun, 11 Aug 2019 10:19:44 +0000 (13:19 +0300)] 
tests: FT PMK-R0/R1 expiration

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Server checking CRL with check_crl_strict=0
Jouni Malinen [Sun, 11 Aug 2019 08:04:13 +0000 (11:04 +0300)] 
tests: Server checking CRL with check_crl_strict=0

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agoFix check_crl_strict documentation
Jouni Malinen [Sun, 11 Aug 2019 07:44:29 +0000 (10:44 +0300)] 
Fix check_crl_strict documentation

The OpenSSL error codes used here were for certificates, not CRLs. Fix
that to refer to CRL being expired or not yet valid.

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: private_key_passwd2 in hostapd configuration
Jouni Malinen [Sun, 11 Aug 2019 07:40:13 +0000 (10:40 +0300)] 
tests: private_key_passwd2 in hostapd configuration

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Additional hostapd configuration parser coverage
Jouni Malinen [Sat, 10 Aug 2019 21:24:38 +0000 (00:24 +0300)] 
tests: Additional hostapd configuration parser coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Additional dpp_controller parsing coverage
Jouni Malinen [Sat, 10 Aug 2019 15:45:37 +0000 (18:45 +0300)] 
tests: Additional dpp_controller parsing coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Additional sae_password parsing coverage
Jouni Malinen [Sat, 10 Aug 2019 15:37:54 +0000 (18:37 +0300)] 
tests: Additional sae_password parsing coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Additional tls_flags coverage
Jouni Malinen [Sat, 10 Aug 2019 14:22:32 +0000 (17:22 +0300)] 
tests: Additional tls_flags coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Additional operator_icon parsing coverage
Jouni Malinen [Sat, 10 Aug 2019 14:06:40 +0000 (17:06 +0300)] 
tests: Additional operator_icon parsing coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Additional osu_nai2 parsing coverage
Jouni Malinen [Sat, 10 Aug 2019 14:04:27 +0000 (17:04 +0300)] 
tests: Additional osu_nai2 parsing coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Additional venue_url parsing coverage
Jouni Malinen [Sat, 10 Aug 2019 14:02:10 +0000 (17:02 +0300)] 
tests: Additional venue_url parsing coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Additional eap_user_file parsing coverage
Jouni Malinen [Sat, 10 Aug 2019 13:35:11 +0000 (16:35 +0300)] 
tests: Additional eap_user_file parsing coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Additional vlan_file parsing coverage
Jouni Malinen [Sat, 10 Aug 2019 13:16:29 +0000 (16:16 +0300)] 
tests: Additional vlan_file parsing coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agoAdd QCA vendor command for avoid frequency feature
Rajeev Kumar Sirasanagandla [Thu, 25 Jul 2019 17:27:17 +0000 (22:57 +0530)] 
Add QCA vendor command for avoid frequency feature

Add vendor command QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT
and attribute qca_wlan_vendor_attr_avoid_frequency_ext to send structured
avoid frequency data.

This new command is alternative to existing command
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY since existing command is
using stream of bytes instead of structured data using vendor attributes.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
5 years agoUpdate QCA vendor attributes for 6 GHz band support
Rajeev Kumar Sirasanagandla [Thu, 1 Aug 2019 11:16:32 +0000 (16:46 +0530)] 
Update QCA vendor attributes for 6 GHz band support

As a part of P802.11ax amendment, 6 GHz band operation is added.

Since the 6 GHz channel numbers are overlapping with existing 2.4 GHz
and 5 GHz channel numbers, use frequency to identify unique channel
operation instead of channel number. Channel frequency is unique across
bands.

In the existing QCA vendor interface, wherever missing, add frequency
attributes to identify unique channel operation. In addition, add
comments to document some of the previously missed attributes/values.

Note: If both channel and frequency attributes are present in vendor
command/event and
(a) If both the driver and user-space application supports 6 GHz band
then channel related attributes are deprecated and use frequency
attributes.
(b) If either driver or user-space application or both doesn't
support 6 GHz band then use channel attributes.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
5 years agoAdd QCA vendor channel attribute to restart AP
Rajeev Kumar Sirasanagandla [Thu, 25 Jul 2019 15:37:02 +0000 (21:07 +0530)] 
Add QCA vendor channel attribute to restart AP

Add QCA_WLAN_VENDOR_ATTR_SAP_CONFIG_CHANNEL attribute in
enum qca_wlan_vendor_attr_sap_config to use with vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_SAP_CONFIG.

This new attribute is used to restart AP on given channel.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
5 years agoAdd QCA vendor command to configure ACS policy
Rajeev Kumar Sirasanagandla [Thu, 25 Jul 2019 15:24:43 +0000 (20:54 +0530)] 
Add QCA vendor command to configure ACS policy

Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_ACS_POLICY
with attributes enum qca_wlan_vendor_attr_acs_config and
enum qca_acs_dfs_mode to configure ACS policy.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
5 years agoAdd QCA vendor attributes to enhance roaming configuration
Srinivas Dasari [Tue, 6 Aug 2019 18:18:19 +0000 (23:48 +0530)] 
Add QCA vendor attributes to enhance roaming configuration

This enhances the existing vendor command QCA_NL80211_VENDOR_SUBCMD_ROAM
with the following configurations:
1. Set/get/clear roam control
2. Set/get the channels on which the roaming has to be triggered.
3. Set/get the roam scan period.
4. Configure the triggers for roaming.
5. Configure the candidate selection criteria.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoRename qca_wlan_vendor_attr_roam_subcmd to represent subcmds
Sunil Dutt [Tue, 6 Aug 2019 15:00:00 +0000 (20:30 +0530)] 
Rename qca_wlan_vendor_attr_roam_subcmd to represent subcmds

qca_wlan_vendor_attr_roam_subcmd is an enum associated with the
attribute QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD. It represents different
sub command values and these are not the attributes. Hence, rename the
enum to qca_wlan_vendor_roaming_subcmd. Accordingly, the members of this
enum are also renamed to suite the usage.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoDocument the attributes used by QCA_NL80211_VENDOR_SUBCMD_ROAM
Sunil Dutt [Tue, 6 Aug 2019 10:13:29 +0000 (15:43 +0530)] 
Document the attributes used by QCA_NL80211_VENDOR_SUBCMD_ROAM

This commit documents the attributes used by
QCA_NL80211_VENDOR_SUBCMD_ROAM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoClear external eapSuccess setting in driver-authorized cases
Jouni Malinen [Wed, 7 Aug 2019 08:51:44 +0000 (11:51 +0300)] 
Clear external eapSuccess setting in driver-authorized cases

The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not
cover the case where eapol_sm_notify_eap_success(TRUE) had been called
based on offloaded 4-way handshake and driver notification of
authorization in wpa_supplicant_event_port_authorized(). This could
result in eapSuccess and altSuccess state machine variables being left
TRUE when roaming to another BSS and that results in EAP failure if the
following roaming case does not get fully authorized through the driver
offload.

Fix this by clearing eapSuccess/altSuccess when processing a new
association (including roaming) event and also when disconnecting from
the network.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoThe master branch is now used for v2.10 development
Jouni Malinen [Wed, 7 Aug 2019 14:51:53 +0000 (17:51 +0300)] 
The master branch is now used for v2.10 development

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agoPreparations for v2.8 release hostap_2_9
Jouni Malinen [Wed, 7 Aug 2019 13:25:25 +0000 (16:25 +0300)] 
Preparations for v2.8 release

Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Check wait_event argument type
Jouni Malinen [Wed, 7 Aug 2019 09:41:12 +0000 (12:41 +0300)] 
tests: Check wait_event argument type

It was clearly too easy to get unexpected behavior by accidentially
passing in a string instead of a list of strings to these functions, so
enforce the correct type to notice such issues automatically.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Fix ap_vht_csa_vht40 to use list of events with wait_event()
Jouni Malinen [Wed, 7 Aug 2019 09:56:43 +0000 (12:56 +0300)] 
tests: Fix ap_vht_csa_vht40 to use list of events with wait_event()

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Fix concurrent_autogo_crossconnect to use list of events with wait_event()
Jouni Malinen [Wed, 7 Aug 2019 09:55:50 +0000 (12:55 +0300)] 
tests: Fix concurrent_autogo_crossconnect to use list of events with wait_event()

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Fix ap_vht_csa_vht40_disable to use list of events with wait_event()
Jouni Malinen [Wed, 7 Aug 2019 09:55:07 +0000 (12:55 +0300)] 
tests: Fix ap_vht_csa_vht40_disable to use list of events with wait_event()

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Fix eap_proto_otp to use list of events with wait_event()
Jouni Malinen [Wed, 7 Aug 2019 09:44:50 +0000 (12:44 +0300)] 
tests: Fix eap_proto_otp to use list of events with wait_event()

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Fix hostapd.wait_sta()
Jouni Malinen [Wed, 7 Aug 2019 09:34:24 +0000 (12:34 +0300)] 
tests: Fix hostapd.wait_sta()

wait_event() expects a list of events instead of a single event name.
The previous implementation of wait_sta() did not really wait for
AP-STA-CONNECT; instead, it returned the next event from hostapd
regardless of what that event was.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoSet the default scan IEs on interface restart
Sunil Dutt [Tue, 6 Aug 2019 16:04:21 +0000 (21:34 +0530)] 
Set the default scan IEs on interface restart

Previously, these default scan IEs were set only when parameter values
changed and during the interface initialization, which can get lost in
the driver on an interface restart. Hence, also set these IEs on an
interface restart notification even when there has been no change in the
values since the last update to the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Additional EAP-TEAP coverage
Jouni Malinen [Tue, 6 Aug 2019 22:12:48 +0000 (01:12 +0300)] 
tests: Additional EAP-TEAP coverage

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoEAP-TEAP peer: Fix fragmentation of final message
Jouni Malinen [Tue, 6 Aug 2019 22:11:54 +0000 (01:11 +0300)] 
EAP-TEAP peer: Fix fragmentation of final message

Need to update methodState/decision when completing transmission of
fragmented last Phase 2 message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Additional EAP-SAKE local error case coverage
Jouni Malinen [Tue, 6 Aug 2019 21:10:26 +0000 (00:10 +0300)] 
tests: Additional EAP-SAKE local error case coverage

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Additional EAP-GPSK local error case coverage
Jouni Malinen [Tue, 6 Aug 2019 21:04:45 +0000 (00:04 +0300)] 
tests: Additional EAP-GPSK local error case coverage

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Additional EAP-EKE local error case coverage
Jouni Malinen [Tue, 6 Aug 2019 20:59:06 +0000 (23:59 +0300)] 
tests: Additional EAP-EKE local error case coverage

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: DPP Controller RX error cases
Jouni Malinen [Tue, 6 Aug 2019 18:02:12 +0000 (21:02 +0300)] 
tests: DPP Controller RX error cases

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: DPP TCP failure cases
Jouni Malinen [Tue, 6 Aug 2019 15:28:34 +0000 (18:28 +0300)] 
tests: DPP TCP failure cases

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Remove openssl header files from code coverage report
Jouni Malinen [Tue, 6 Aug 2019 10:21:56 +0000 (13:21 +0300)] 
tests: Remove openssl header files from code coverage report

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agowolfssl: Avoid void pointer arithmetic
Jouni Malinen [Mon, 5 Aug 2019 21:54:28 +0000 (00:54 +0300)] 
wolfssl: Avoid void pointer arithmetic

This is a compiler specific extension and not compliant with the C
standard.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoSAE: Fix order_len for FFC groups
Jouni Malinen [Mon, 5 Aug 2019 13:52:20 +0000 (16:52 +0300)] 
SAE: Fix order_len for FFC groups

The KCK, PMK, and PMKID derivation fix broke SAE key derivation for all
FFC groups. Fix that by setting sae->tmp->order_len for FFC groups (it
was only set for ECC groups).

Fixes: ac734a342ed1 ("SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Wait after rekeying a bit before running connectivity test
Jouni Malinen [Mon, 5 Aug 2019 10:49:15 +0000 (13:49 +0300)] 
tests: Wait after rekeying a bit before running connectivity test

The AP side may not have had enough time to configure the new TK into
the driver if the connectivity test is started immediately after the
station side event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Wait for AP side connection event before disconnecting
Jouni Malinen [Mon, 5 Aug 2019 10:47:08 +0000 (13:47 +0300)] 
tests: Wait for AP side connection event before disconnecting

This makes the test cases more robust especially when testing with UML
time travel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoDPP: Indicate authentication success on ConfReqRX if needed
Jouni Malinen [Mon, 5 Aug 2019 10:31:14 +0000 (13:31 +0300)] 
DPP: Indicate authentication success on ConfReqRX if needed

It is possible to receive the Configuration Request frame before having
seen TX status for the Authentication Confirm. In that sequence, the
DPP-AUTH-SUCCESS event would not be indicated before processing the
configuration step and that could confuse upper layers that follow the
details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS
when receiving the Configuration Request since the Enrollee/Responser
has clearly receive the Authentication Confirm even if the TX status for
it has not been received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: Wait for AP-STA-CONNECT before running connectivity test
Jouni Malinen [Sun, 4 Aug 2019 12:16:46 +0000 (15:16 +0300)] 
tests: Wait for AP-STA-CONNECT before running connectivity test

When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.

Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.

Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Close pyrad server sockets explicitly
Jouni Malinen [Sun, 4 Aug 2019 20:50:56 +0000 (23:50 +0300)] 
tests: Close pyrad server sockets explicitly

This helps in avoiding issues with another test case trying to bind to
the same UDP port and failing due to the previous use by pyrad still
being open. This showed up with failures in radius_ipv6 when it followed
a test case like eap_proto_tls with suitable set of test cases between
them.

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agoOpenSSL: Handle EVP_PKEY_derive() secret_len changes for ECDH
Jouni Malinen [Sun, 4 Aug 2019 12:03:08 +0000 (15:03 +0300)] 
OpenSSL: Handle EVP_PKEY_derive() secret_len changes for ECDH

It looks like EVP_PKEY_derive() may change the returned length of the
buffer from the initial length determination (NULL buffer) to the
fetching of the value. Handle this by updating the secret length based
on the second call instead of the first one. This fixes some cases where
ECDH result has been used with extra data (zeros in the end) with OWE or
FILS PFS.

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agoDPP: Use a common helper function for ECDH operations
Jouni Malinen [Sun, 4 Aug 2019 09:10:20 +0000 (12:10 +0300)] 
DPP: Use a common helper function for ECDH operations

This replaces the separately implemented ECDH operations with a single
helper function to avoid code duplication. In addition, this introduces
a workaround for strange OpenSSL behavior where the first
EVP_PKEY_derive(NULL) call to learn the size of the output shared secret
returns unexpectedly large buffer (72 octets when expected 32 octets for
group 19). It is not known what is causing this, but such behavior seems
to be showing up every now and then at least when running hwsim test
cases under UML and apparently mainly (only?) in the sigma_dut
controller cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Check against all zero PMKIDs in sae_groups
Jouni Malinen [Sat, 3 Aug 2019 14:04:01 +0000 (17:04 +0300)] 
tests: Check against all zero PMKIDs in sae_groups

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agoSAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24
Jouni Malinen [Sat, 3 Aug 2019 14:00:39 +0000 (17:00 +0300)] 
SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24

IEEE Std 802.11-2016 is not exactly clear on the encoding of the bit
string that is needed for KCK, PMK, and PMKID derivation, but it seems
to make most sense to encode the (commit-scalar + peer-commit-scalar)
mod r part as a bit string by zero padding it from left to the length of
the order (in full octets).

The previous implementation used the length of the prime (in full
octets). This would work for KCK/PMK, but this results in deriving all
zero PMKIDs for the groups where the size of the order is smaller than
the size of the prime. This is the case for groups 22, 23, and 24.
However, those groups have been marked as being unsuitable for use with
SAE, so this fix should not really have a practical impact anymore.
Anyway, better fix it and document this clearly in the implementation
taken into account the unclarity of the standard in this area.

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agotests: Update SAE suitable_groups list to match implementation
Jouni Malinen [Sat, 3 Aug 2019 13:32:14 +0000 (16:32 +0300)] 
tests: Update SAE suitable_groups list to match implementation

Remove the groups that use Brainpool curves from the test case so that
this matches the updated implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agoOpenSSL: Fix crypto_bignum_to_bin() with padlen == 0
Jouni Malinen [Sat, 3 Aug 2019 13:28:02 +0000 (16:28 +0300)] 
OpenSSL: Fix crypto_bignum_to_bin() with padlen == 0

The earlier change to add support for BN_bn2binpad() and
BN_bn2bin_padded() broke this function for cases where no padding is
used (padlen == 0). Those would have always failed after the changes and
the function would return -1. There are no such cases in the current
hostap.git, so this did not have any real issues, but anyway, better fix
this function to match its documentation.

Fixes: 1e237903f5b5 ("OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available")
Signed-off-by: Jouni Malinen <j@w1.fi>
5 years agonl80211: Use separate flag for 4-way handshake offload
Arend van Spriel [Mon, 1 Jul 2019 22:13:49 +0000 (00:13 +0200)] 
nl80211: Use separate flag for 4-way handshake offload

Commit d896874f8689 ("nl80211: Indicate 802.1X 4-way handshake offload
in connect") used the req_key_mgmt_offload flag to indicate to the
driver that it should offload the 802.1X handshake. However, this field
was existing and used for a different offload API. This causes
wpa_supplicant to send a connect request without the WANT_1X_HS flag and
the subsequent set-pmk is rejected causing the connection to fail. Fix
that by introducing a new flag req_handshake_offload so the offloads are
no longer entangled.

Fixes: d896874f8689 ("nl80211: Indicate 802.1X 4-way handshake offload in connect")
Reported-by: Stefan Wahren <wahrenst@gmx.net>
Tested-by: Stefan Wahren <wahrenst@gmx.net>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
5 years agotests: Make scan_bss_expiration_count more robust with UML
Jouni Malinen [Thu, 1 Aug 2019 12:44:22 +0000 (15:44 +0300)] 
tests: Make scan_bss_expiration_count more robust with UML

Test case sequence "persistent_group_channel scan_bss_expiration_count"
was failing with UML when using time travel. This seemed to be because
there was no explicit wait to confirm that the AP has been fully
disabled before running the next scan. Work around this by verifying
that hostapd has terminated the BSS and waiting a bit after that before
proceeding.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agotests: hostapd eap_sim_id options
Jouni Malinen [Thu, 1 Aug 2019 07:46:07 +0000 (10:46 +0300)] 
tests: hostapd eap_sim_id options

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoEAP-SIM/AKA server: Allow pseudonym/fast reauth to be disabled
Jouni Malinen [Wed, 31 Jul 2019 21:02:02 +0000 (00:02 +0300)] 
EAP-SIM/AKA server: Allow pseudonym/fast reauth to be disabled

The new hostapd configuration option eap_sim_id can now be used to
disable use of pseudonym and/or fast reauthentication with EAP-SIM,
EAP-AKA, and EAP-AKA'.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoEAP-SIM/AKA: Do not allow anonymous@realm "pseudonym" to be cleared
Jouni Malinen [Wed, 31 Jul 2019 19:33:04 +0000 (22:33 +0300)] 
EAP-SIM/AKA: Do not allow anonymous@realm "pseudonym" to be cleared

If the EAP-SIM/AKA server does not provide a new pseudonym and the
locally configured "pseudonym" in anonymous_identity is actually an
anonymous identitity instead of a real EAP-SIM/AKA pseudonym, do not
clear the anonymous_identity network profile parameter. This is needed
to avoid forgetting the anonymous identity when going through
EAP-SIM/AKA authentication and then reverting back to using IMSI-based
(e.g., encrypted) identity.

Fixes: 4df4133917ab ("EAP-SIM/AKA: Add support for anonymous@realm")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years agoD-Bus: Demote timeout/flush messages to MSG_MSGDUMP
Brian Norris [Wed, 31 Jul 2019 01:09:33 +0000 (18:09 -0700)] 
D-Bus: Demote timeout/flush messages to MSG_MSGDUMP

We intentionally don't emit property-changed signals on every property
update -- for "less timing critical" messages we delay up to 5
milliseconds waiting to see if we can batch them together. When the
timer hits, we emit the signal anyway and (potentially) log this
message. This amounts to effectively tracing every property update,
which can be quite excessive.

Lower this to MSGDUMP, so MSG_DEBUG can remain slightly more sane.

Signed-off-by: Brian Norris <briannorris@chromium.org>
5 years agotests: Fix ap_vht160_no_dfs false negative by using common finalizer
Masashi Honma [Thu, 27 Jun 2019 05:44:52 +0000 (14:44 +0900)] 
tests: Fix ap_vht160_no_dfs false negative by using common finalizer

ap_vht160_no_dfs fails with this message:

---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba7732354ed3dfe0aa9715dc4c0746e3336
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
5 years agotests: Fix wep_ht_vht false negative by using common finalizer
Masashi Honma [Thu, 27 Jun 2019 05:44:51 +0000 (14:44 +0900)] 
tests: Fix wep_ht_vht false negative by using common finalizer

wep_ht_vht fails with this message:

---------------
wlan0: Country code not reset back to 00: is SE
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba7732354ed3dfe0aa9715dc4c0746e3336
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
5 years agotests: Fix ap_wps_conf_5ghz false negative by using common finalizer
Masashi Honma [Thu, 27 Jun 2019 05:44:50 +0000 (14:44 +0900)] 
tests: Fix ap_wps_conf_5ghz false negative by using common finalizer

ap_wps_conf_5ghz fails with this message:

---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba7732354ed3dfe0aa9715dc4c0746e3336
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
5 years agotests: Fix ap_acs_vht160 false negative by using common finalizer
Masashi Honma [Thu, 27 Jun 2019 05:44:49 +0000 (14:44 +0900)] 
tests: Fix ap_acs_vht160 false negative by using common finalizer

ap_acs_vht160 fails with this message:

---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba7732354ed3dfe0aa9715dc4c0746e3336
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
5 years agotests: Fix ap_acs_vht40 false negative by using common finalizer
Masashi Honma [Thu, 27 Jun 2019 05:44:48 +0000 (14:44 +0900)] 
tests: Fix ap_acs_vht40 false negative by using common finalizer

ap_acs_vht40 fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba7732354ed3dfe0aa9715dc4c0746e3336
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
5 years agotests: Fix ap_acs_vht false negative by using common finalizer
Masashi Honma [Thu, 27 Jun 2019 05:44:47 +0000 (14:44 +0900)] 
tests: Fix ap_acs_vht false negative by using common finalizer

ap_acs_vht fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba7732354ed3dfe0aa9715dc4c0746e3336
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
5 years agotests: Fix ap_acs_5ghz_40mhz false negative by using common finalizer
Masashi Honma [Thu, 27 Jun 2019 05:44:46 +0000 (14:44 +0900)] 
tests: Fix ap_acs_5ghz_40mhz false negative by using common finalizer

ap_acs_5ghz_40mhz fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba7732354ed3dfe0aa9715dc4c0746e3336
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
5 years agotests: Fix ap_acs_5ghz false negative by using common finalizer
Masashi Honma [Thu, 27 Jun 2019 05:44:45 +0000 (14:44 +0900)] 
tests: Fix ap_acs_5ghz false negative by using common finalizer

ap_acs_5ghz fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba7732354ed3dfe0aa9715dc4c0746e3336
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
5 years agotests: Fix rrm_beacon_req_passive_scan_vht false negative by using common finalizer
Masashi Honma [Thu, 27 Jun 2019 05:44:44 +0000 (14:44 +0900)] 
tests: Fix rrm_beacon_req_passive_scan_vht false negative by using common finalizer

rrm_beacon_req_passive_scan_vht fails with this message:

---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba7732354ed3dfe0aa9715dc4c0746e3336
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
5 years agonl80211: Missing sysctl flags aren't fatal
Brian Norris [Tue, 16 Jul 2019 23:43:21 +0000 (16:43 -0700)] 
nl80211: Missing sysctl flags aren't fatal

The relevant flags were only added in Linux 4.6, so we shouldn't
complain because they're missing. Also, they're always missing if a
device is being removed (e.g., 'iw dev wlan0 del', or if the device is
in the process of resetting itself). So kill those 2 birds with 1 stone:
if we can't find the file, just silently skip it.

Also, we probably should *actually* propagate the error if we had a
write failure.

Signed-off-by: Brian Norris <briannorris@chromium.org>
5 years agotests: RADIUS request attributes
Jouni Malinen [Tue, 30 Jul 2019 16:58:43 +0000 (19:58 +0300)] 
tests: RADIUS request attributes

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>