thirdparty/hostap.git
16 hours agowpadebug: Allow WebView to parse and load clear text (HTTP) master pending
Purushottam Kushwaha [Wed, 12 Jun 2019 12:15:37 +0000 (17:45 +0530)]
wpadebug: Allow WebView to parse and load clear text (HTTP)

Recent Android version doesn't allow cleartext parsing by WebView by
default:

Error message: ERR_CLEARTEXT_NOT_PERMITTED.

To resolve this wpadebug need to have following updated under
application definition of AndroidManifest.xml
 - android:usesCleartextTraffic="true"

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
39 hours agoAvoid use of a shadowed local variable
Jouni Malinen [Tue, 18 Jun 2019 22:17:54 +0000 (01:17 +0300)]
Avoid use of a shadowed local variable

The same len variable can be used for both needs within
ieee802_1x_get_keys() to avoid compiler warning about use of shadowed
variable.

Fixes: 0ee6885dae04 ("macsec: Store EAP-Key-Name as eapSessionId")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agohostapd: Process OWE IE and update DH IE to the driver if needed
Liangwei Dong [Wed, 29 May 2019 09:11:48 +0000 (05:11 -0400)]
hostapd: Process OWE IE and update DH IE to the driver if needed

This implements the required functionality in hostapd to facilitate OWE
connection with the AP SME-in-driver cases. Stations can either send DH
IE or PMKID (in RSNE) (or both) in Association Request frame during the
OWE handshake. The drivers that use this offload mechanism do not
interpret this information and instead, pass the same to hostapd for
further processing. hostapd will either validate the PMKID obtained from
the STA or generate DH IE and further indicate the same to the driver.
The driver further sends this information in the Association Response
frame.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agonl80211: Introduce the interface to update new DH IE
Liangwei Dong [Mon, 20 May 2019 05:17:38 +0000 (10:47 +0530)]
nl80211: Introduce the interface to update new DH IE

This command/event interface can be used by SME based host drivers that
rely on user space (hostapd/wpa_supplicant) for DH IE
processing/generation. This interface facilitates the OWE connection
with host drivers by offloading DH IE processing to the user space
(hostapd/wpa_supplicant).

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agoHS 2.0: Skip credential without EAP method for roaming consortium match
Purushottam Kushwaha [Fri, 14 Jun 2019 07:50:01 +0000 (13:20 +0530)]
HS 2.0: Skip credential without EAP method for roaming consortium match

EAP method is required for a credential that matches configured
roaming_consortium with an Interworking AP. Hence skip credentials which
do not have EAP method specified for this match. This fixes an issue
where a credential that cannot work without EAP method from NAI Realms
information is selected first based on roaming consortium.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agotests: Specify EAP type in ap_hs20_set_profile_failures
Jouni Malinen [Fri, 14 Jun 2019 19:57:17 +0000 (22:57 +0300)]
tests: Specify EAP type in ap_hs20_set_profile_failures

Matching with roaming_consortium requires EAP type to be specified to
work for the connection. This test case was not really testing the
connection part, so this has not been much of an issue in the past, but
in preparation for the matching rules to start filtering out invalid
credential configurations from selection, the EAP type needs to be
explicitly set here.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agotests: WNM BSS Transition Management disabled
Jouni Malinen [Fri, 14 Jun 2019 18:45:09 +0000 (21:45 +0300)]
tests: WNM BSS Transition Management disabled

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agoWNM: Provide option to disable/enable BTM support in STA
Ankita Bajaj [Thu, 30 May 2019 14:14:55 +0000 (19:44 +0530)]
WNM: Provide option to disable/enable BTM support in STA

Add support to disable/enable BTM support using configuration and
wpa_cli command. This is useful mainly for testing purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agotests: sigma_dut server certificate validation with UOSC/TOD
Jouni Malinen [Wed, 12 Jun 2019 01:20:15 +0000 (04:20 +0300)]
tests: sigma_dut server certificate validation with UOSC/TOD

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agoOpenSSL: Report peer certificate before stopping due to validation issue
Jouni Malinen [Tue, 11 Jun 2019 22:23:23 +0000 (01:23 +0300)]
OpenSSL: Report peer certificate before stopping due to validation issue

This is needed to allow upper layer software to learn the hash of the
server certificate for allowing user to override trust root
configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agotests: EAP-TLS server certificate validation and TOD
Jouni Malinen [Tue, 11 Jun 2019 01:40:51 +0000 (04:40 +0300)]
tests: EAP-TLS server certificate validation and TOD

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agoReport TOD policy in peer certificate events
Jouni Malinen [Tue, 11 Jun 2019 01:39:57 +0000 (04:39 +0300)]
Report TOD policy in peer certificate events

Add tod=1 to CTRL-EVENT-EAP-PEER-CERT events if the peer certificate
includes the TOD policy in the X.509v3 Certificate Policies extension.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 days agoPass full struct to peer certificate callbacks
Jouni Malinen [Tue, 11 Jun 2019 01:20:18 +0000 (04:20 +0300)]
Pass full struct to peer certificate callbacks

This makes it easier to add new information to the callbacks without
having to modify each callback function type in EAPOL and EAP code every
time.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
7 days agotests: Add a server certificate with TOD policy
Jouni Malinen [Tue, 11 Jun 2019 00:13:46 +0000 (03:13 +0300)]
tests: Add a server certificate with TOD policy

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
7 days agotests: sigma_dut and DPPConfIndex,8
Jouni Malinen [Mon, 10 Jun 2019 22:04:19 +0000 (01:04 +0300)]
tests: sigma_dut and DPPConfIndex,8

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
7 days agowlantest: Allow duplicate frame processing after decryption failure
Jouni Malinen [Wed, 12 Jun 2019 19:23:30 +0000 (22:23 +0300)]
wlantest: Allow duplicate frame processing after decryption failure

If a sniffer capture does not include FCS for each frame, but may
included frames with invalid FCS, it would be possible for wlantest to
try to decrypt the first received frame and fail (e.g., due to CCMP MIC
mismatch) because that particular frame was corrupted and then ignore
the following retry of that frame as a duplicate even if that retry has
different payload (e.g., if its reception did not show corruption).

Work around this by skipping duplicate frame detection immediately
following a decryption failure.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
9 days agoTLS: Be more careful in X.509 Time parsing
Jouni Malinen [Sun, 9 Jun 2019 01:41:15 +0000 (04:41 +0300)]
TLS: Be more careful in X.509 Time parsing

sscanf() can apparently read beyond the end of the buffer even if the
maximum length of the integer is specified in the format string. Replace
this parsing mechanism with helper functions that use sscanf() with NUL
terminated string to avoid this.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15158
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
9 days agotests: Fix CFLAGS passing for new fuzzing tools
Jouni Malinen [Fri, 7 Jun 2019 20:57:02 +0000 (23:57 +0300)]
tests: Fix CFLAGS passing for new fuzzing tools

src/*/Makefile needs to allow additional CFLAGS values to be provided
from the calling Makefiles so that the clang command line arguments to
enable sanitizers consistently. In addition, it can be useful to be able
to provide CC, CFLAGS, and LDFLAGS from external setup while still
requesing LIBFUZZER=y build. Allow that by not overriding these
variables if they are already set.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
12 days agotests: Fix eapol-key-auth memory use for the callback pointer struct
Jouni Malinen [Fri, 7 Jun 2019 20:54:20 +0000 (23:54 +0300)]
tests: Fix eapol-key-auth memory use for the callback pointer struct

This struct needs to remain valid through the lifetime of the
authenticator state machine, so move it to the context struct instead of
being a local stack variable inside the setup function that returns
before the actual test functionality is executed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agoAdd a QCA vendor attr to disable auto resume beacon reporting
Vamsi Krishna [Mon, 27 May 2019 08:52:10 +0000 (14:22 +0530)]
Add a QCA vendor attr to disable auto resume beacon reporting

The driver automatically starts beacon reporting if it pauses the beacon
reporting for any reason other than disconnection. In specific cases,
userspace may not want the beacon reporting to be automatically resumed
after a pause. Add interface support for userspace to specify driver not
to start beacon reporting automatically after a pause.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agoInterworking: Print HESSID in debug messages
Jouni Malinen [Wed, 5 Jun 2019 18:09:57 +0000 (21:09 +0300)]
Interworking: Print HESSID in debug messages

This makes it easier to understand ANQP queries needed during
Interworking network selection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agotests: Skip mesh_link_probe if kernel support not present
Jouni Malinen [Mon, 3 Jun 2019 17:30:51 +0000 (20:30 +0300)]
tests: Skip mesh_link_probe if kernel support not present

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agotests: MACsec with hostapd
Jouni Malinen [Mon, 3 Jun 2019 14:49:55 +0000 (17:49 +0300)]
tests: MACsec with hostapd

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agotests: Shorter TX/RX test frame support for hostapd
Jouni Malinen [Mon, 3 Jun 2019 14:48:47 +0000 (17:48 +0300)]
tests: Shorter TX/RX test frame support for hostapd

wpa_supplicant already included support for this, but hostapd
DATA_TEST_* commands did not yet have support for using a shorter test
frame. This is needed for MACsec testing.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agoRADIUS server: Add EAP-Key-Name into Access-Accept
Jouni Malinen [Mon, 3 Jun 2019 14:28:50 +0000 (17:28 +0300)]
RADIUS server: Add EAP-Key-Name into Access-Accept

If the EAP Session-ID is available, add it into Access-Accept
(EAP-Key-Name attribute). This is needed for MACsec.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agomacsec_linux: Hook QCA driver wrapper for hostapd MACsec
Jouni Malinen [Mon, 3 Jun 2019 13:20:57 +0000 (16:20 +0300)]
macsec_linux: Hook QCA driver wrapper for hostapd MACsec

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agomacsec: Do not change eapol_version for non-MACsec cases in hostapd
Jouni Malinen [Mon, 3 Jun 2019 17:00:57 +0000 (20:00 +0300)]
macsec: Do not change eapol_version for non-MACsec cases in hostapd

It is safer to maintain the old EAPOL version (2) in EAPOL frames that
are not related to MACsec and only update the version to 3 for the
MACsec specific cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agomacsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd
leiwei [Fri, 24 May 2019 08:53:32 +0000 (16:53 +0800)]
macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd

Signed-off-by: leiwei <leiwei@codeaurora.org>
2 weeks agomacsec: Export eapSessionId
leiwei [Fri, 24 May 2019 08:53:32 +0000 (16:53 +0800)]
macsec: Export eapSessionId

Signed-off-by: leiwei <leiwei@codeaurora.org>
2 weeks agomacsec: Store EAP-Key-Name as eapSessionId
leiwei [Fri, 24 May 2019 08:53:32 +0000 (16:53 +0800)]
macsec: Store EAP-Key-Name as eapSessionId

Signed-off-by: leiwei <leiwei@codeaurora.org>
2 weeks agomacsec: Note that MKA takes care of EAPOL-MKA processing
leiwei [Fri, 24 May 2019 08:53:32 +0000 (16:53 +0800)]
macsec: Note that MKA takes care of EAPOL-MKA processing

Signed-off-by: leiwei <leiwei@codeaurora.org>
2 weeks agomacsec_qca: Hook QCA driver wrapper for hostapd MACsec
leiwei [Fri, 24 May 2019 03:24:46 +0000 (11:24 +0800)]
macsec_qca: Hook QCA driver wrapper for hostapd MACsec

Signed-off-by: leiwei <leiwei@codeaurora.org>
2 weeks agomacsec: Add configuration parameters for hostapd
leiwei [Fri, 24 May 2019 07:26:46 +0000 (15:26 +0800)]
macsec: Add configuration parameters for hostapd

Signed-off-by: leiwei <leiwei@codeaurora.org>
2 weeks agotests: Fix EAP-FAST protocol testing with older OpenSSL library versions
Jouni Malinen [Mon, 3 Jun 2019 17:25:56 +0000 (20:25 +0300)]
tests: Fix EAP-FAST protocol testing with older OpenSSL library versions

Looks like the previous fix for a newer OpenSSL versions broke
functionality with older versions that did not seem to like @SECLEVEL=0
in the cipher list. Make that addition conditional on OpenSSL version to
work with both versions.

Fixes: e87e6f609bb1 ("tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agoHS 2.0 client: Ignore generated/copied files in work directory
Jouni Malinen [Mon, 3 Jun 2019 11:09:33 +0000 (14:09 +0300)]
HS 2.0 client: Ignore generated/copied files in work directory

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agotests: Fix ap-mgmt 'make clean'
Jouni Malinen [Mon, 3 Jun 2019 10:51:41 +0000 (13:51 +0300)]
tests: Fix ap-mgmt 'make clean'

The binary name had not been updated for the new tool.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agotests: Fix wpas_ap_async_fail false negative by using common finalizer
Masashi Honma [Thu, 30 May 2019 08:05:55 +0000 (17:05 +0900)]
tests: Fix wpas_ap_async_fail false negative by using common finalizer

wpas_ap_async_fail fails with this message.

---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2 weeks agotests: Fix nfc_wps_handover_5ghz false negative by using common finalizer
Masashi Honma [Thu, 30 May 2019 08:05:54 +0000 (17:05 +0900)]
tests: Fix nfc_wps_handover_5ghz false negative by using common finalizer

nfc_wps_handover_5ghz fails with this message.

---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2 weeks agotests: Fix dfs_cac_restart_on_enable false negative by using common finalizer
Masashi Honma [Thu, 30 May 2019 08:05:53 +0000 (17:05 +0900)]
tests: Fix dfs_cac_restart_on_enable false negative by using common finalizer

dfs_cac_restart_on_enable fails with this message.

---------------
START dfs_cac_restart_on_enable 1/1
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
FAIL dfs_cac_restart_on_enable 3.037694 2019-05-28 01:35:07.548390
failed tests: dfs_cac_restart_on_enable
---------------

This patch fixes the false negative.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2 weeks agotests: New style fuzzing tool for EAP-AKA peer processing
Jouni Malinen [Sun, 2 Jun 2019 14:02:57 +0000 (17:02 +0300)]
tests: New style fuzzing tool for EAP-AKA peer processing

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tool for EAP-SIM peer processing
Jouni Malinen [Sun, 2 Jun 2019 13:38:17 +0000 (16:38 +0300)]
tests: New style fuzzing tool for EAP-SIM peer processing

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tool for X.509 certificate parsing
Jouni Malinen [Sun, 2 Jun 2019 10:17:31 +0000 (13:17 +0300)]
tests: New style fuzzing tool for X.509 certificate parsing

This is a newer version of tests/test-x509 tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tools for TLS client/server
Jouni Malinen [Sun, 2 Jun 2019 10:03:58 +0000 (13:03 +0300)]
tests: New style fuzzing tools for TLS client/server

These are newer versions of tests/test-tls tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: Build test for new fuzzer tools
Jouni Malinen [Sat, 1 Jun 2019 13:37:53 +0000 (16:37 +0300)]
tests: Build test for new fuzzer tools

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tools for EAPOL-Key frame processing
Jouni Malinen [Sat, 1 Jun 2019 14:20:12 +0000 (17:20 +0300)]
tests: New style fuzzing tools for EAPOL-Key frame processing

These are newer versions of tests/test-eapol tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tool for EAPOL frame processing (supplicant)
Jouni Malinen [Sat, 1 Jun 2019 13:46:21 +0000 (16:46 +0300)]
tests: New style fuzzing tool for EAPOL frame processing (supplicant)

This is a newer version of tests/eapol-fuzzer tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tool for ASN.1 parser
Jouni Malinen [Sat, 1 Jun 2019 13:32:56 +0000 (16:32 +0300)]
tests: New style fuzzing tool for ASN.1 parser

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tool for P2P frame processing
Jouni Malinen [Sat, 1 Jun 2019 13:15:35 +0000 (16:15 +0300)]
tests: New style fuzzing tool for P2P frame processing

This is a newer version of tests/p2p-fuzzer tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tool for AP Management frame processing
Jouni Malinen [Sat, 1 Jun 2019 12:46:18 +0000 (15:46 +0300)]
tests: New style fuzzing tool for AP Management frame processing

This is a newer version of tests/ap-mgmt-fuzzer tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tool for JSON parser
Jouni Malinen [Sat, 1 Jun 2019 12:26:30 +0000 (15:26 +0300)]
tests: New style fuzzing tool for JSON parser

This is a newer version of tests/test-json tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: New style fuzzing tool for wpa_supplicant WNM handling
Jouni Malinen [Sat, 1 Jun 2019 11:53:24 +0000 (14:53 +0300)]
tests: New style fuzzing tool for wpa_supplicant WNM handling

This is a newer version of tests/wnm-fuzzer tool as the initial step in
creating a more uniform set of fuzzing tools that can be used with both
libFuzzer and afl-fuzz.

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agotests: Fix test-eapol fuzzing tool
Jouni Malinen [Sat, 1 Jun 2019 14:00:21 +0000 (17:00 +0300)]
tests: Fix test-eapol fuzzing tool

Update the tool to use the current API for WPA authenticator functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2 weeks agoAdd QCA vendor attributes for configuring Spectral DMA debug
Shiva Krishna Pittala [Mon, 13 May 2019 13:45:11 +0000 (19:15 +0530)]
Add QCA vendor attributes for configuring Spectral DMA debug

Add the following vendor attributes under the enum
qca_wlan_vendor_attr_spectral_scan to support the configuration of
Spectral DMA debug.

  1. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_RING_DEBUG
Enable/disable debug of the Spectral DMA ring
  2. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG
Enable/disable debug of the Spectral DMA buffers

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agoAdd QCA vendor attributes for agile spectral scan
Edayilliam Jayadev [Mon, 8 Apr 2019 10:15:46 +0000 (15:45 +0530)]
Add QCA vendor attributes for agile spectral scan

Add QCA vendor attributes to spectral scan related vendor commands to
support agile spectral scan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agotests: EAP-SIM with external GSM auth and anonymous identity
Jouni Malinen [Fri, 31 May 2019 13:45:05 +0000 (16:45 +0300)]
tests: EAP-SIM with external GSM auth and anonymous identity

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agoEAP-SIM/AKA: Add support for anonymous@realm
Hai Shalom [Wed, 29 May 2019 03:30:41 +0000 (20:30 -0700)]
EAP-SIM/AKA: Add support for anonymous@realm

SIM-based EAP authentication with IMSI encryption requires a special EAP
Identity response: anonymous@realm. Then the server sends AKA-Identity
request which is answered with the encrypted IMSI. Add logic that
indicates if the special anonymous identity is used. Otherwise, this
field is used for storing the pseudonym.

Test: Connect to Carrier Wi-Fi, verify correct behavior from captures
Test: Connect to non IMSI encrypted EAP-AKA AP, verify pseudonym usage
Signed-off-by: Hai Shalom <haishalom@google.com>
2 weeks agoSAE: Do not send PMKID to the driver if PMKSA caching is disabled
Srinivas Dasari [Thu, 16 May 2019 09:31:14 +0000 (15:01 +0530)]
SAE: Do not send PMKID to the driver if PMKSA caching is disabled

External auth status to the driver includes the PMKID derived as part of
SAE authentication, but this is not valid if PMKSA caching is disabled.
Drivers might not be expecting PMKID when it is not valid. Do not send
the PMKID to the driver in such cases.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2 weeks agoSAE: Send external auth failure status to driver
Srinivas Dasari [Thu, 16 May 2019 09:21:36 +0000 (14:51 +0530)]
SAE: Send external auth failure status to driver

wpa_supplicant prepares auth commit request as part of the external
authentication (first SAE authentication frame), but it fails to get
prepared when wpa_supplicant is started without mentioning the SAE
password in configuration. Send this failure status to the driver to
make it aware that the external authentication has been aborted by
wpa_supplicant.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2 weeks agoSAE: Fix external_auth status in driver-SME STA case with AP SME support
Ashok Kumar [Fri, 24 May 2019 11:50:58 +0000 (17:20 +0530)]
SAE: Fix external_auth status in driver-SME STA case with AP SME support

A driver that uses internal AP SME may need to be able to use the
external_auth status operation in station mode, so do not skip this
solely based on drv->device_ap_sme; instead, use that condition only
when operating in AP mode.

Fix external_auth status in non SME case.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2 weeks agoP2P: Send Action frame regardless if p2p_scan in progress
Hu Wang [Fri, 26 Apr 2019 09:03:24 +0000 (17:03 +0800)]
P2P: Send Action frame regardless if p2p_scan in progress

With radio work design, send Action frame request will be queued and
wait for p2p-scan to finish, so there is no need to delay send_action.

This change revisits the logic (added before the radio work framework)
in below commits:

3f9285f P2P: Delay send_action call if p2p_scan is in progress
f44ae20 P2P: Drop pending TX frame on new p2p_connect
9d562b7 P2P: Add p2p_unauthorize command
63a965c P2P: Fix after_scan_tx processing during ongoing operations
9a58e52 P2PS: Callback to create pending group after sending PD Response
3433721 P2P: Continue p2p_find after sending non-success Invitation Response

Signed-off-by: Hu Wang <huw@codeaurora.org>
2 weeks agoP2P: Force p2p-send-action as the next radio work to execute
Sunil Dutt [Thu, 9 May 2019 11:26:45 +0000 (16:56 +0530)]
P2P: Force p2p-send-action as the next radio work to execute

This increases the priority of the p2p-send-action radio work, i.e., the
radio work used for transmitting potentially offchannel P2P Action
frames by marking it as the next radio work to execute. This is to avoid
the delay in transmissions due to already queued offchannel radio work
items in the queue. In particular, this means not having to wait for a
pending p2p-scan radio work to be executed before the new P2P Action
frame can be transmitted. This helps in avoiding timeouts on the peer
device when a P2P Action frames is received during other activity on the
device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agoP2P: Reject p2p-send-action work while other one is pending
Sunil Dutt [Thu, 9 May 2019 11:05:03 +0000 (16:35 +0530)]
P2P: Reject p2p-send-action work while other one is pending

The previous implementation rejects the p2p-send-action work while there
is already one in progress (wpas_send_action_cb() has already been
called for it to start operation). Enhance the same to also consider any
p2p-send-action works pending in the radio work (i.e., waiting for that
wpas_send_action_cb() call).

This is considering the current behaviour of P2P to handle the state
corresponding to respective Action frame transmission:
pending_action_state. If a new P2P Action frame transmission is queued
while there is another one already in the queue, the transmit status of
the first frame is wrongly intepreted by the P2P state machine which has
already scheduled/queued another frame for transmission.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2 weeks agoOCE: Use RSSI of actual BSS which rejected association
Ankita Bajaj [Wed, 22 May 2019 06:59:45 +0000 (12:29 +0530)]
OCE: Use RSSI of actual BSS which rejected association

If an AP rejects association due to low RSSI, then RSSI of the BSS from
which association reject is received shall be used for calculating RSSI
threshold at which STA can try connecting back to that BSS later. In
case of SME offload, the current_bss might not have been set before
receiving association completion, so fetch the BSS entry based on the
BSSID provided in the driver event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
3 weeks agotests: Fix ap-mgmt-fuzzer build configuration to match libap.a
Jouni Malinen [Wed, 29 May 2019 10:49:21 +0000 (13:49 +0300)]
tests: Fix ap-mgmt-fuzzer build configuration to match libap.a

Missing CONFIG_AIRTIME_POLICY=y made the offset of struct
hostapd_iface::prev_wmm different between libap.a and ap-mgmt-fuzzer.o
which resulted in odd fuzzing failures due to a memcpy to
ctx.iface->prev_wmm ending up writing on top of the ctx.hapd and in
particular, on top of ctx.hapd.iface pointer.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15013
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15014
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15015
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15017
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15019
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15020
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
3 weeks agotests: Add more wait around tcpdump capture processes for proxyarp
Jouni Malinen [Tue, 28 May 2019 17:06:55 +0000 (20:06 +0300)]
tests: Add more wait around tcpdump capture processes for proxyarp

It looks like the previously used sleep time was not sufficient to allow
capturing the frames from wlan0/wlan1/wlan2 to start and complete so
that all the necessary frames can be checked. This was the case
especially with UML time-travel=inf-cpu.

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agoAP: Consider regulatory limitation when filling WMM element
Haim Dreyfuss [Wed, 3 Apr 2019 16:07:53 +0000 (19:07 +0300)]
AP: Consider regulatory limitation when filling WMM element

In case the current channel has regulatory WMM limitations, take them
into account when filling the WMM element. Also check if the new WMM
element is different from the previous one and if so change the
parameter_set_count to imply stations to look into it.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
3 weeks agonl80211: Add regulatory wmm_limit to hostapd_channel_data
Haim Dreyfuss [Wed, 3 Apr 2019 16:07:51 +0000 (19:07 +0300)]
nl80211: Add regulatory wmm_limit to hostapd_channel_data

ETSI EN 301 893 v2.1.1 (2017-05) standard defines a new channel access
mechanism that all devices (WLAN and LAA) need to comply with.
In previous versions the device was allowed by ETSI to implement
802.11 channel access mechanism based on a set of priority classes
which are taken from 802.11. According of the new standard there
might be some exceptions which require ETSI countries to follow
more restrictive rules. In such a case the AP's wmm IE need to
comply with ETSI limitation. To be able to do so the regulatory
domain passes the new limitation values if needed.
Implement this, by storing it and use it to calculate the new
WMM parameters.

This commit adds determination of regulator limitations to
NL80211_CMD_GET_WIPHY processing so that the information is available
for upper layer implementation to use later when constructing WMM
element.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
3 weeks agotests: Update regulatory for FI to allow new regdb rules
Andrei Otcheretianski [Wed, 3 Apr 2019 15:17:18 +0000 (18:17 +0300)]
tests: Update regulatory for FI to allow new regdb rules

Recent regdb enabled UNII 3 in Finland. Change the
mbo_supp_oper_classes_fi test accordingly to accept either the previous
or the current value to be reported.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
3 weeks agotests: Make pmksa_cache_preauth_auto more robust
Jouni Malinen [Tue, 28 May 2019 14:14:33 +0000 (17:14 +0300)]
tests: Make pmksa_cache_preauth_auto more robust

It is fine for the station to associate with either AP in this test
case, so do not force AP side connection check with apdev[0].

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agotests: Mesh link probing
Jouni Malinen [Tue, 28 May 2019 12:29:58 +0000 (15:29 +0300)]
tests: Mesh link probing

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agowpa_supplicant: Add support to probe mesh link to given peer
Pradeep Kumar Chitrapu [Mon, 29 Apr 2019 18:42:58 +0000 (11:42 -0700)]
wpa_supplicant: Add support to probe mesh link to given peer

Inject an Ethernet frame to a given peer bypassing next_hop lookup in
mpath table. Optional payload is expected to be hexdump without 0x.

usage:
wpa_cli -i <dev> mesh_link_probe <peer MAC> [payload=<hexdump of payload>]

example:
wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff payload=aabb
wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff

Signed-off-by: Pradeep Kumar chitrapu <pradeepc@codeaurora.org>
3 weeks agonl80211: Add support to probe specific mesh link by injecting frames
Pradeep Kumar Chitrapu [Mon, 29 Apr 2019 18:42:57 +0000 (11:42 -0700)]
nl80211: Add support to probe specific mesh link by injecting frames

Add support for injecting frames to a given mesh peer, bypassing the
mpath table lookup using PROBE_MESH_LINK command. This helps to send
data frames over unexercised direct mesh path, which is not selected as
next_hop node. This can be helpful in measuring link metrics.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
3 weeks agoSync with mac80211-next.git include/uapi/linux/nl80211.h
Jouni Malinen [Tue, 28 May 2019 11:30:04 +0000 (14:30 +0300)]
Sync with mac80211-next.git include/uapi/linux/nl80211.h

This brings in nl80211 definitions as of 2019-04-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agonl80211: Update freq only when CSA completes
Johannes Berg [Wed, 8 May 2019 05:30:38 +0000 (07:30 +0200)]
nl80211: Update freq only when CSA completes

In the case of the ap_csa_disable test, I frequently see
failures due to the kernel *not* having switched, but the
CSA-STARTED event having been processed, and thus the
frequency having been updated already.

This is wrong at least for AP mode, the frequency we store
for this case internally in nl80211 should only be updated
when the channel switch completes, otherwise we end up in
a situation where the switch is aborted and the kernel is
thus on the old channel, but the internal information has
been updated and every subsequent mgmt-frame TX fails due
to being tagged with the wrong channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
3 weeks agotests: PEM encoded ca_cert blob
Jouni Malinen [Tue, 28 May 2019 10:47:15 +0000 (13:47 +0300)]
tests: PEM encoded ca_cert blob

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agoOpenSSL: Allow ca_cert_blob in PEM format
Santtu Lakkala [Mon, 27 May 2019 07:06:28 +0000 (10:06 +0300)]
OpenSSL: Allow ca_cert_blob in PEM format

GnuTLS backend already accepts CA cert blobs in both DER and PEM
formats. Implement similar trial-and-error handling in OpenSSL backend.

Signed-off-by: Santtu Lakkala <santtu.lakkala@jolla.com>
3 weeks agotests: uml: Request non-raw serial ports
Johannes Berg [Sun, 26 May 2019 20:16:20 +0000 (22:16 +0200)]
tests: uml: Request non-raw serial ports

When the serial ports are set into raw mode on stdio (fd:0,fd:1)
then Ctrl-C is sort of passed through, but not effective. Request
non-raw mode to avoid that and let us cancel test execution with
Ctrl-C properly (both in parallel-vm.py and vm-run.sh cases).

Note that this requires a currently out-of-tree patch, but so
does the virtual time. If the patch is not applied, the command
line argument is ignored.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
3 weeks agoAP: add station with basic rates configuration
Johannes Berg [Tue, 28 May 2019 09:14:07 +0000 (11:14 +0200)]
AP: add station with basic rates configuration

When a new station is added, let it have some supported rates
(they're empty without this change), using the basic rates
that it must support to connect.

This, together with the kernel-side changes for client-side,
lets us finish the complete auth/assoc handshake with higher
rates than the mandatory ones, without any further config.

However, the downside to this is that a broken station that
doesn't check the basic rates are supported before it tries
to connect will possibly not get any response to its auth
frame.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
3 weeks agotests: Fix status fetching loop in macsec_psk_ns with UML
Jouni Malinen [Mon, 27 May 2019 21:02:14 +0000 (00:02 +0300)]
tests: Fix status fetching loop in macsec_psk_ns with UML

time-travel=inf-cpu needs bit more wait before being able to fetch the
STATUS* items after initial connection request.

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agotests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL
Jouni Malinen [Mon, 27 May 2019 21:01:01 +0000 (00:01 +0300)]
tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL

Need to drop OpenSSL security level to 0 for ADH-AES128-SHA to work with
the latest library version.

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agotests: Fix sae_anti_clogging_during_attack with UML time-travel=inf-cpu
Jouni Malinen [Mon, 27 May 2019 20:00:20 +0000 (23:00 +0300)]
tests: Fix sae_anti_clogging_during_attack with UML time-travel=inf-cpu

Need to add short break to allow time-travel=inf-cpu case to allow the
connection events to be processed.

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agotests: Give more time in ap_wpa2_psk_ext_delayed_ptk_rekey for UML
Jouni Malinen [Mon, 27 May 2019 19:53:53 +0000 (22:53 +0300)]
tests: Give more time in ap_wpa2_psk_ext_delayed_ptk_rekey for UML

Waiting for exactly one second for a one second timeout with
time-travel=inf-cpu is not exactly robust, so increase that wait to be
able to see the last EAPOL-Key TX attempt from hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agotests: Fix ap_wpa2_eap_status loop with UML time-travel=inf-cpu
Jouni Malinen [Mon, 27 May 2019 19:22:07 +0000 (22:22 +0300)]
tests: Fix ap_wpa2_eap_status loop with UML time-travel=inf-cpu

Busy loop for waiting is not going to work with time-travel=inf-cpu, so
need to something a bit more explicit to wait for the wpa_supplicant
process to proceed while not fully breaking the idea of this test case
to iteration through large number of STATUS-VERBOSE commands to hit
different states.

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agotests: Use time-travel=inf-cpu with UML
Jouni Malinen [Mon, 27 May 2019 19:21:25 +0000 (22:21 +0300)]
tests: Use time-travel=inf-cpu with UML

This is the current proposed way of configuring virtual time.

Signed-off-by: Jouni Malinen <j@w1.fi>
3 weeks agoHE: Make the basic NSS/MCS configurable
John Crispin [Mon, 20 May 2019 07:55:04 +0000 (09:55 +0200)]
HE: Make the basic NSS/MCS configurable

Add a config option to allow setting a custom Basic NSS/MCS set. As a
default we use single stream HE-MCS 0-7.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Verify supported capabilities
John Crispin [Mon, 20 May 2019 07:55:09 +0000 (09:55 +0200)]
HE: Verify supported capabilities

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Enable channel switch similarly to VHT
John Crispin [Mon, 20 May 2019 07:55:09 +0000 (09:55 +0200)]
HE: Enable channel switch similarly to VHT

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Enable DFS similarly to VHT
John Crispin [Mon, 20 May 2019 07:55:09 +0000 (09:55 +0200)]
HE: Enable DFS similarly to VHT

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Enable ACS similarly to VHT
John Crispin [Mon, 20 May 2019 07:55:09 +0000 (09:55 +0200)]
HE: Enable ACS similarly to VHT

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Disable HE on channel 14
John Crispin [Mon, 20 May 2019 07:55:09 +0000 (09:55 +0200)]
HE: Disable HE on channel 14

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Handle HE capability in neighbor DB
John Crispin [Mon, 20 May 2019 07:55:09 +0000 (09:55 +0200)]
HE: Handle HE capability in neighbor DB

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Pass in HE information into hostapd_set_freq_params()
John Crispin [Mon, 20 May 2019 07:55:09 +0000 (09:55 +0200)]
HE: Pass in HE information into hostapd_set_freq_params()

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agonl80211: Share VHT channel configuration for HE
John Crispin [Mon, 20 May 2019 07:55:09 +0000 (09:55 +0200)]
nl80211: Share VHT channel configuration for HE

Set operating channel bandwidth and center frequencies using the same
attributes for VHT and HE.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Add AP mode MLME/SME handling for HE stations
John Crispin [Mon, 20 May 2019 07:55:05 +0000 (09:55 +0200)]
HE: Add AP mode MLME/SME handling for HE stations

Process HE information in (Re)Association Request frames and add HE
elements into (Re)Association Response frames when HE is enabled in the
BSS.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Fix HE Capabilities element variable length encoding
John Crispin [Mon, 20 May 2019 07:55:10 +0000 (09:55 +0200)]
HE: Fix HE Capabilities element variable length encoding

The HE Capibilities element has dynamic size due to the variable length
and optional fields at the end. Mask out the channel width capabilities
that are less than the configured. Only add the MCS/NSS sets for the
announced channel widths and also add the PPET elements.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Fix HE Capabilities indication from driver
John Crispin [Mon, 20 May 2019 07:55:10 +0000 (09:55 +0200)]
HE: Fix HE Capabilities indication from driver

The PPE Thresholds information in the end of the HE Capabilities element
is optional and of variable length. struct he_ppe_threshold was not
really used correctly for encoding this, so remove it and just reserve
enough space for the information.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Add HE channel management configuration options
John Crispin [Mon, 20 May 2019 07:55:08 +0000 (09:55 +0200)]
HE: Add HE channel management configuration options

These are symmetric with the VHT ones.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Add helpers for getting the channel width parameters
John Crispin [Mon, 20 May 2019 07:55:07 +0000 (09:55 +0200)]
HE: Add helpers for getting the channel width parameters

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Remove vht_ prefix from acs_adjust_vht_center_freq()
John Crispin [Mon, 20 May 2019 07:55:07 +0000 (09:55 +0200)]
HE: Remove vht_ prefix from acs_adjust_vht_center_freq()

This is used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
3 weeks agoHE: Remove vht_ prefix from seg0/seg1_idx in DFS
John Crispin [Mon, 20 May 2019 07:55:07 +0000 (09:55 +0200)]
HE: Remove vht_ prefix from seg0/seg1_idx in DFS

These are used for both VHT and HE, so remove the misleading prefix.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>