Jouni Malinen [Sat, 31 Jan 2015 16:06:06 +0000 (18:06 +0200)]
tests: Make *_key_lifetime_in_memory more robust
It was possible for the GTK-found-in-memory case to be triggered due to
a retransmission of EAPOL-Key msg 3/4 especially when running test cases
under heavy load (i.e., timeout on hostapd due to not receiving the 4/4
response quickly enough). Make this false failure report less likely by
waiting a bit longer after the connection has been completed before
fetching the process memory.
Jouni Malinen [Sat, 31 Jan 2015 15:21:58 +0000 (17:21 +0200)]
Work around Linux packet socket regression
Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge:
respect RFC2863 operational state') from 2012 introduced a regression
for using wpa_supplicant with EAPOL frames and a station interface in a
bridge. Since it does not look like this regression is going to get
fixed any time soon (it is already two years from that commit and over
1.5 from a discussion pointing out the regression), add a workaround in
wpa_supplicant to avoid this issue.
The wpa_supplicant workaround uses a secondary packet socket to capture
all frames (ETH_P_ALL) from the netdev that is in a bridge. This is
needed to avoid the kernel regression. However, this comes at the price
of more CPU load. Some of this is avoided with use of Linux socket
filter, but still, this is less efficient than a packet socket bound to
the specific EAPOL ethertype. The workaround gets disabled
automatically, if the main packet socket interface on the bridge
interface turns out to be working for RX (e.g., due to an old kernel
version being used or a new kernel version having a fix for the
regression). In addition, this workaround is only taken into use for the
special case of running wpa_supplicant with an interface in a bridge.
Jouni Malinen [Fri, 30 Jan 2015 13:28:59 +0000 (15:28 +0200)]
tests: Fix tshark refactoring
Commit 2e1d7386e2766b57bc295702af543cc784a0d2be ('tests: Refactor tshark
running') added a helper function for running tshark. However, it did
not use the filter argument correctly, added an extra -Tfields on the
command line, and failed to use global variable. In practice, this ended
up disabling all the tshark sniffer checks. Fix that by using the filter
argument from the caller and marking the _tshark_filter_arg global.
Jouni Malinen [Thu, 29 Jan 2015 23:09:51 +0000 (01:09 +0200)]
Fix STA re-bind to another VLAN on reauthentication
Previously, the old VLAN ID could have been deleted before the STA was
bound to the new VLAN in case the RADIUS server changed the VLAN ID
during an association. This did not exactly work well with mac80211, so
reorder the operations in a way that first binds the STA to the new VLAN
ID and only after that, removes the old VLAN interface if no STAs remain
in it.
Jouni Malinen [Thu, 29 Jan 2015 20:31:41 +0000 (22:31 +0200)]
WPA auth: Disconnect STA if MSK cannot be fetched
Previously, it was possible for some corner cases to leave the WPA
authenticator state machine running if PMK could not be derived. Change
this to forcefully disconnect the STA to get more consistent behavior
and faster notification of the error.
Jouni Malinen [Wed, 28 Jan 2015 14:15:58 +0000 (16:15 +0200)]
EAP-PEAP server: Fix Phase 2 TLV length in error case
The payload length in a Phase 2 TLV message reporting error was not set
correctly. Fix this to not include the TLVs that are included only in
success case.
Bob Copeland [Tue, 27 Jan 2015 13:17:59 +0000 (08:17 -0500)]
mesh: Create new station entry on popen frames
Currently, there is a race in open mesh networks where mesh STA A
receives a beacon from B and sends a peering open frame to initiate
peering. STA B, having not yet received a beacon from A and thus
created the corresponding station entry, will ignore all such open
frames. If the beacon interval is sufficiently long then peering
will not succeed as a result.
In fact B can simply create the station entry when the popen is
received, as is done in Linux's in-kernel MPM, avoiding the issue.
Bob Copeland [Tue, 27 Jan 2015 13:17:58 +0000 (08:17 -0500)]
mesh: Always free the station if peering failed
Previously, we would only free the station entry if a peering close
frame was received (freeing the station entry causes the kernel to
start sending peer candidate events again when suitable beacons are
received, triggering peering or authentication to restart).
The end result is the same in any case regardless of close reason:
if we leave holding state then peering has started again, so go
ahead and remove the station in all cases.
Jouni Malinen [Tue, 27 Jan 2015 23:39:35 +0000 (01:39 +0200)]
tests: Pending EAP peer processing with VENDOR-TEST
This extends the VENDOR-TEST EAP method peer implementation to allow
pending processing case to be selected at run time. The
ap_wpa2_eap_vendor_test test case is similarly extended to include this
option as the second case for full coverage.
Jouni Malinen [Tue, 27 Jan 2015 23:26:14 +0000 (01:26 +0200)]
Simplify eapol_sm_notify_pmkid_attempt()
Drop the unneeded 'attempt' argument. This was originally used for
indicating an aborted PMKID caching attempt, but a fix in 2006 removed
the only such user and since that time, only attempt == 1 has been used.
Jouni Malinen [Tue, 27 Jan 2015 11:57:59 +0000 (13:57 +0200)]
OpenSSL: Implement aes_wrap() and aes_unwrap()
This replaces the implementation in aes-wrap.c and aes-unwrap.c with
OpenSSL AES_wrap_key() and AES_unwrap_key() functions when building
hostapd or wpa_supplicant with OpenSSL.
Jouni Malinen [Mon, 26 Jan 2015 15:40:22 +0000 (17:40 +0200)]
Ignore pmf=1 default if driver does not support PMF
Connection with a PMF enabled AP will fail if we try to negotiate PMF
while the local driver does not support this. Since pmf=1 does not
require PMF for a successful connection, it can be ignored in such a
case to avoid connectivity issues with invalid configuration. This makes
it somewhat easier to allow upper layer programs to use pmf=1 default
regardless of driver capabilities.
Jouni Malinen [Mon, 26 Jan 2015 23:50:02 +0000 (01:50 +0200)]
nl80211: Fix build with libnl 1.1
Commit 630b3230c86abf1976a39db596c51540e57e31c8 ('nl80211: Increase
netlink receive buffer size') added unconditional use of
nl_socket_set_buffer_size() which was not included in libnl 1.1. Fix use
of that old version by making this conditional on CONFIG_LIBNL20.
Jouni Malinen [Sun, 25 Jan 2015 14:49:18 +0000 (16:49 +0200)]
Preparations for variable length KCK and KEK
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.
Jouni Malinen [Fri, 23 Jan 2015 13:58:51 +0000 (15:58 +0200)]
tests: Group management frame cipher suites
This extends testing coverage of PMF group management cipher suites to
include all the cases supported by the driver (existing BIP =
AES-128-CMAC and the new BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256).
Jouni Malinen [Fri, 23 Jan 2015 14:47:53 +0000 (16:47 +0200)]
nl80211: Fix default group key management index configuration
The correct nl80211 flag for group key management cipher was set only
for BIP (AES-CMAC-128). The same flag needs to be used with the newer
ciphers BIP-CMAC-256, BIP-GMAC-128, and BIP-GMAC-256.
Adrian Nowicki [Thu, 15 Jan 2015 16:53:38 +0000 (17:53 +0100)]
wpa_gui: Sort frequency and signal numerically in the scan results dialog
Signal strength was sorted lexically rather than numerically, which
put "-100 dBm" before "-50 dBm" if sorted in descending order.
This change fixes that. It also treats frequency in the same
manner, preparing it for the IEEE 802.11ah.
Signed-off-by: Adrian Nowicki <adinowicki@gmail.com>
Jouni Malinen [Thu, 22 Jan 2015 22:52:56 +0000 (00:52 +0200)]
tests: Make ap_wps_er_pbc_overlap more robust
Reorder scanning in a way that allows the ER behavior to be more
predictable. The first Probe Request report is for a previously received
frame on the AP and this new sequence avoids leaving either of the PBC
test STAs to be that one.
Jouni Malinen [Thu, 22 Jan 2015 20:38:38 +0000 (22:38 +0200)]
tests: Make active scans more robust
This makes testing under very heavy load or under extensive kernel
debugging options more robust by allowing number of test cases to scan
multiple times before giving up on active scans. The main reason for
many of the related test failures is in Probe Response frame from
hostapd not getting out quickly enough especially when multiple BSSes
are operating.
Jouni Malinen [Thu, 22 Jan 2015 18:50:01 +0000 (20:50 +0200)]
Add passive_scan configuration parameter
This new wpa_supplicant configuration parameter can be used to force
passive scanning to be used for most scanning cases at the cost of
increased latency and less reliably scans. This may be of use for both
testing purposes and somewhat increased privacy due to no Probe Request
frames with fixed MAC address being sent out.
Jouni Malinen [Thu, 22 Jan 2015 13:55:36 +0000 (15:55 +0200)]
tests: P2P_SERV_DISC_CANCEL_REQ during query
This is a regression test case for a specific sequence that could result
in wpa_supplicant NULL dereference when a SD request is cancelled before
the SD Request TX status callback has been processed.
Ola Olsson [Tue, 20 Jan 2015 09:45:52 +0000 (10:45 +0100)]
P2P: Fix NULL pointer dereference with SD query cancellation
A NULL pointer crash was caused by commit 7139cf4a4f1fecfd03d0daff9bb33adb80cc3530 ('P2P: Decrement
sd_pending_bcast_queries when sd returns'). p2p->sd_query can be cleared
to NULL whenever a query is cancelled, even in case the request had
already been transmitted. As such, need to be prepared for the query not
remaining when processing TX status callback for the frame.
Jouni Malinen [Thu, 22 Jan 2015 11:51:15 +0000 (13:51 +0200)]
nl80211: Increase netlink receive buffer size
libnl uses a pretty small buffer (32 kB that gets converted to 64 kB) by
default. It is possible to hit that limit in some cases where operations
are blocked, e.g., with a burst of Deauthentication frames to hostapd
and STA entry deletion. Try to increase the buffer to make this less
likely to occur.
ASHUTOSH NARAYAN [Mon, 19 Jan 2015 01:45:02 +0000 (20:45 -0500)]
Interworking: Notify the ANQP parsing status
The ANQP verification/parsing is done only after the GAS_DONE indication
is sent over the control interface. This means that in case the ANQP
parsing fails there is no indication to the upper layers. Add an
ANQP-QUERY-DONE event that reports the status of the ANQP parsing.
ASHUTOSH NARAYAN [Mon, 19 Jan 2015 01:45:01 +0000 (20:45 -0500)]
HS20: Provide appropriate permission to the OSU related files
The icon files and the osu-providers.txt that are generated may not have
proper permission for external programs to access. Set the access
permissions to the same as the permissions for osu_dir.
ASHUTOSH NARAYAN [Mon, 19 Jan 2015 01:45:00 +0000 (20:45 -0500)]
HS20: Fix TrustRoot path for PolicyUpdate node in PPS MO
Incorrect TrustRoot path "PolicyUpdate/TrustRoot" was used. The
TrustRoot path is required to be "Policy/PolicyUpdate/TrustRoot" as
defined in Section 9.1 of Hotspot 2.0 (Release 2) specification. Fix the
path to "Policy/PolicyUpdate/TrustRoot".
ASHUTOSH NARAYAN [Mon, 19 Jan 2015 01:44:59 +0000 (20:44 -0500)]
HS20: Return result of cmd_sub_rem in hs20-osu-client
Previously, both failure and success cases used same return value 0.
Indicate failures differently to make hs20-osu-client return value more
useful for subscription remediation cases.
Eytan Lifshitz [Mon, 19 Jan 2015 04:56:43 +0000 (23:56 -0500)]
Avoid NULL string in printf on EAP method names in authenticator
In ieee802_1x_decapsulate_radius(), eap_server_get_name() may return
NULL, and it could be dereferenced depending on printf implementation.
Change it to return "unknown" instead for the case of no matching EAP
method found. This makes it easier for the callers to simply print this
in logs (which is the only use for this function).
Ilan Peer [Mon, 19 Jan 2015 01:44:12 +0000 (20:44 -0500)]
P2P: Stop p2p_listen/find on wpas_p2p_invite
Stop any ongoing P2P listen/find flow before starting invitation flow.
This was partially handled in p2p_invite() that called p2p_find(), but
this did not cleanly handle cases such as long_listen.
Ilan Peer [Mon, 19 Jan 2015 01:44:10 +0000 (20:44 -0500)]
P2P: Use the correct wpa_s interface to handle P2P state flush
A control interface call to flush the current state used the
current wpa_s to clear the P2P state even though it might not
be the interface controlling the P2P state.
Fix it by using the correct interface to flush the P2P state.
Ben Rosenfeld [Mon, 19 Jan 2015 01:44:08 +0000 (20:44 -0500)]
Move external_scan_running to wpa_radio
external_scan_running should be common to all interfaces that share a
radio. This fixes a case where external_scan_running was set on a single
interface, but did not block scan on other interfaces.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Ben [Mon, 19 Jan 2015 01:44:07 +0000 (20:44 -0500)]
Clear reattach flag in fast associate flow
Clear the reattach flags, in case a connection request did not trigger a
scan. This needs to be done to avoid leaving the reattach flag set for
the next scan operation which may not have anything to do with the
specific request that could have been optimized using the single-channel
single-SSID scan.
Jouni Malinen [Mon, 19 Jan 2015 18:10:00 +0000 (20:10 +0200)]
Retry scan-for-connect if driver trigger fails
This restores some of the pre-radio work behavior for scanning by
retrying scan trigger if the driver rejects it (most likely returning
EBUSY in case of nl80211-drivers). Retry is indicated in the
CTRL-EVENT-SCAN-FAILED event with "retry=1".
For manual scans (e.g., triggered through "SCAN" control interface
command), no additional retries are performed. In other words, if upper
layers want to retry, they can do so based on the CTRL-EVENT-SCAN-FAILED
event.
Jouni Malinen [Mon, 19 Jan 2015 17:34:00 +0000 (19:34 +0200)]
Add a test framework for various wpa_supplicant failure cases
For CONFIG_TESTING_OPTIONS=y builds, add a new test parameter than can
be used to trigger various error cases within wpa_supplicant operations
to make it easier to test error path processing. "SET test_failure
<val>" is used to set which operation fails. For now, 0 = no failures
and 1 = scan trigger fails with EBUSY. More operations can be added in
the future to extend coverage.
Jouni Malinen [Mon, 19 Jan 2015 16:35:59 +0000 (18:35 +0200)]
WPS: Re-fix an interoperability issue with mixed mode and AP Settings
Commit ce7b56afab8e6065e886b9471fa8071c8d2bd66b ('WPS: Fix an
interoperability issue with mixed mode and AP Settings') added code to
filter M7 Authentication/Encryption Type attributes into a single bit
value in mixed mode (WPA+WPA2) cases to work around issues with Windows
7. This workaround was lost in commit d7a15d5953beb47964526aa17b4dc2e9b2985fc1 ('WPS: Indicate current AP
settings in M7 in unconfigurated state') that fixed unconfigured state
values in AP Settings, but did not take into account the earlier
workaround for mixed mode.
Re-introduce filtering of Authentication/Encryption Type attributes for
M7 based on the current AP configuration. In other words, merge those
two earlier commits together to include both the earlier workaround the
newer fix.