Jouni Malinen [Sat, 28 Jan 2017 22:48:16 +0000 (00:48 +0200)]
tests: Skip rrm_link_measurement tests if kernel support is not available
rrm_link_measurement and rrm_link_measurement_oom test cases were
causing incorrect failures when executed with a kernel version that does
not modify mac80211_hwsim to support TX power insertion. Fix this by
checking for that capability and skipping the test cases if the kernel
does not support this.
Jouni Malinen [Sat, 28 Jan 2017 12:05:44 +0000 (14:05 +0200)]
Remove unused WLAN_CIPHER_SUITE_* definitions
This gets rid of an unnecessary duplication of the definitions since all
the code has now been moved to using the earlier RSN_CIPHER_SUITE_*
definitions.
Jouni Malinen [Sat, 28 Jan 2017 12:03:34 +0000 (14:03 +0200)]
Define all RSN_CIPHER_SUITE_* values
This adds the cipher suite selector values for ciphers that are not
really used with RSN, but are needed to be able to replace
WLAN_CIPHER_SUITE_* definitions with RSN_CIPHER_SUITE_*.
Jouni Malinen [Sat, 28 Jan 2017 10:36:13 +0000 (12:36 +0200)]
Remove unused WLAN_AKM_SUITE_* definitions
This gets rid of an unnecessary duplication of the definitions since all
the code has now been moved to using the earlier RSN_AUTH_KEY_MGMT_*
definitions.
Jouni Malinen [Fri, 27 Jan 2017 20:55:14 +0000 (22:55 +0200)]
Fix AKM suite selectors for FILS and Suite B
IEEE 802.11 standard defines the suite selectors in <OUI>:<subtype>
format where OUI uses hexadecimal format and subtype decimal format.
These WLAN_AKM_SUITE_* definitions ended up getting written incorrectly
by interpretting the decimal part as hexadecimal and as such, by having
an incorrect value. However, the older RSN_AUTH_KEY_MGMT_* values were
defined with correct values and those definitions were used in most
locations.
This commit fixes the AKM suite selector values in RADIUS WLAN-AKM-Suite
attribute for FILS and Suite B. In addition, the AKM values used in
nl80211 driver configuration (NL80211_ATTR_AKM_SUITES) are fixed for the
Suite B cases.
Sunil Dutt [Thu, 19 Jan 2017 14:31:06 +0000 (20:01 +0530)]
QCA vendor command to carry the reason for power save failure
This commit defines a QCA vendor command
QCA_NL80211_VENDOR_SUBCMD_CHIP_PWRSAVE_FAILURE that carries required
information leading to the power save failure. This will be an event
from the host driver.
vamsi krishna [Thu, 19 Jan 2017 09:43:44 +0000 (15:13 +0530)]
GAS: Cancel gas_query_timeout when AP responds with comeback delay
When AP responds with comeback delay for initial GAS query sent by STA,
gas_query_timeout should be cancelled to avoid GAS failures when
comeback delay is more than GAS_QUERY_TIMEOUT_PERIOD. The
gas_query_timeout is getting registered again when tx_status is received
for GAS comeback request.
QCA vendor command to enable host driver offload ACS to user space
This commit introduces the QCA vendor command and the attributes which
facilitate the host driver to use an external user space entity for
performing automatic channel selection.
Masashi Honma [Mon, 2 Jan 2017 10:32:07 +0000 (19:32 +0900)]
mesh: Add MESH_PMKSA_GET/ADD commands
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd260e15e7bf768a75cb0b799cc1db33a ('External persistent
storage for PMKSA cache entries') also.
The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.
The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>
Jouni Malinen [Sat, 14 Jan 2017 15:41:20 +0000 (17:41 +0200)]
D-Bus: Add GroupMgmt entry into the interface Capabilities dict
This can be used to determine whether the driver supports PMF and if so,
with which group management cipher suites. In addition, add the missing
pairwise and group cipher suite values to the documentation while adding
this new entry there as well.
Jouni Malinen [Sat, 14 Jan 2017 11:56:18 +0000 (13:56 +0200)]
RSN IBSS: Fix TK clearing on Authentication frame RX
When wpa_supplicant was processing a received Authentication frame (seq
1) from a peer STA for which there was already a TK configured to the
driver, debug log claimed that the PTK gets cleared, but the actual
call to clear the key was actually dropped due to AUTH vs. SUPP set_key
selection. Fix this by explicitly clearing the TK in case it was set
and an Authentication frame (seq 1) is received.
This fixes some cases where EAPOL-Key frames were sent encrypted using
the old key when a peer STA restarted itself and lost the key and had to
re-join the IBSS. Previously, that state required timing out the 4-way
handshake and Deauthentication frame exchange to recover.
Jouni Malinen [Sat, 14 Jan 2017 11:54:02 +0000 (13:54 +0200)]
tests: Disable HT in ibss_rsn to avoid a strange issue with mac80211
When fixing the TK clearing on Authentication frame RX, an issue in
getting unicast frames through after re-joining the IBSS was hit. It is
not exactly clear why this happens, but the unicast frame from the STA
that re-joined the network gets lost in the frame reorder buffer of the
STA that remains in the network.
For now, this disables HT to avoid a strange issue with mac80211
frame reordering during the final test_connectivity() call. Once that is
figured out, these disable_ht=1 calls should be removed from the test
case.
Relational operators (==) have higher precedence than the ternary
conditional in C. The last_subtype check for association/reassociation
was broken due to incorrect assumption about the precedence. Fix this by
adding parenthesis around the ternary conditional.
The previous implementation worked for Association Request frames by
accident since WLAN_FC_STYPE_ASSOC_REQ happens to have value 0 and when
the last receive frame was an Association Request frame, the
sta->last_subtype == reassoc check was true and non-zero
WLAN_FC_STYPE_REASSOC_REQ was interpreted as true. However, this was
broken for Reassociation Request frame. reassoc == 1 in that case could
have matched received Association Response frame (subtype == 1), but
those are not received in AP mode and as such, this did not break other
behavior apart from not being able to drop duplicated Reassociation
Request frames.
Jouni Malinen [Fri, 13 Jan 2017 22:05:47 +0000 (00:05 +0200)]
tests: Fix peerkey_sniffer_check with tshark 1.10.6
It looks like the previous mechanism for catching older tshark versions
for EAPOL-Key key info field was not sufficient. Fix that to cover the
version used in Ubuntu 14.04.
Jouni Malinen [Fri, 13 Jan 2017 19:06:21 +0000 (21:06 +0200)]
FILS: Fix PMK and PMKID derivation from ERP
This adds helper functions for deriving PMK and PMKID from ERP exchange
in FILS shared key authentication as defined in IEEE Std 802.11ai-2016,
12.12.2.5.2 (PMKSA key derivation with FILS authentication). These
functions is used to fix PMK and PMKID derivation which were previously
using the rMSK directly as PMK instead of following the FILS protocol to
derive PMK with HMAC from nonces and rMSK.
Dedy Lansky [Tue, 27 Dec 2016 09:25:00 +0000 (11:25 +0200)]
nl80211: Don't register for Beacon frames for IEEE 802.11ad AP
Beacon frames are not supported in IEEE 802.11ad network (DMG-beacons
used instead). To allow hostapd to manage IEEE 802.11ad AP with
device_ap_sme disabled, skip nl80211_register_beacons() for IEEE
802.11ad AP.
Jouni Malinen [Mon, 9 Jan 2017 15:56:46 +0000 (17:56 +0200)]
Assign additional vendor specific elements for early HE testing
These elements can be used for pre-standard publication testing of HE
before P802.11ax draft assigns the element ID extension. The payload of
these vendor specific elements is defined by the latest P802.11ax draft.
Please note that the draft is still work in progress and the element
payload is subject to change.
Johannes Berg [Wed, 11 Jan 2017 08:44:07 +0000 (09:44 +0100)]
tests: Add a test for mesh forwarding
Add a new test that tests connectivity between two stations that
can't reach each other directly in the mesh, but need forwarding
on another station to talk to each other.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Fri, 13 Jan 2017 10:01:20 +0000 (12:01 +0200)]
nl80211: Set NL80211_ATTR_IFACE_SOCKET_OWNER for connect and associate
This allows kernel to force disconnection if something kills the
wpa_supplicant process in a manner that does not allow proper cleanup to
be performed. The association is not supposed to be allowed to continue
after process has ended since there are number of operations that
wpa_supplicant may need to do during the association.
Jouni Malinen [Thu, 12 Jan 2017 10:24:08 +0000 (12:24 +0200)]
Fix country code in wpa_supplicant AP mode Country element
country[2] needs to be set to ' ' instead of left to '\0' for the case
where wpa_supplicant sets up AP mode operations and includes the Country
element. Currently, this would be only for DFS channels. Without this,
the Beacon frames would go out with incorrect third octet in the country
code.
Jouni Malinen [Sun, 8 Jan 2017 16:28:47 +0000 (18:28 +0200)]
tests: Add DRIVER_EVENT SCAN_RES for scan result testing
This control interface command can be used to inject scan results from
test scripts to make it easier to test various scan result processing
operations.
Jouni Malinen [Sun, 8 Jan 2017 10:17:58 +0000 (12:17 +0200)]
bgscan: Deliver beacon loss event to bgscan modules
This adds a call to the notify_beacon_loss() callback functions when
beacon loss is detected. In addition, a new CTRL-EVENT-BEACON-LOSS event
is made available through the wpa_supplicant control interface.
Jouni Malinen [Sun, 8 Jan 2017 10:08:04 +0000 (12:08 +0200)]
nl80211: More complete processing of connection quality monitor events
This adds processing of beacon loss events and generation of an internal
EVENT_BEACON_LOSS event based on them for wpa_supplicant processing. In
addition, number of consecutively lost (not acknowledged) packets is now
reported and TXE events are noted in the debug log.
Jouni Malinen [Sat, 7 Jan 2017 21:44:09 +0000 (23:44 +0200)]
Make "SET" behavior more consistent for dot11RSNA parameters
These parameters are global configuration parameters for wpa_supplicant
and the special control interface SET command handlers for them were
preventing the configuration update. Make this more consistent by
updating the configuration parameter as well since that is what all the
other SET <global config param> commands do.
Jouni Malinen [Sat, 7 Jan 2017 21:35:48 +0000 (23:35 +0200)]
Make "SET non_pref_chan .." behavior more consistent
non_pref_chan is a global configuration parameter for wpa_supplicant and
the special control interface SET command handler for it was preventing
the configuration update. Make this more consistent by updating the
configuration parameter as well since that is what all the other SET
<global config param> commands do.
Jouni Malinen [Sat, 7 Jan 2017 21:20:35 +0000 (23:20 +0200)]
Fix cert_in_cb parsing in wpa_supplicant.conf
Commit 483dd6a5e0069d0646505c26a5194eda15472858 ('Include peer
certificate always in EAP events') added this wpa_supplicant global
configuration parameter, but forgot to add the actual parsing of it, so
there was no way of setting the value.
Jouni Malinen [Sat, 7 Jan 2017 20:23:13 +0000 (22:23 +0200)]
Send BEACON-REQ-TX-STATUS event only for beacon reports
Check the action TX status callback contents more thoroughly and report
the BEACON-REQ-TX-STATUS event only if the Measurement Type indicates
beacon report.
Jouni Malinen [Sat, 7 Jan 2017 16:17:59 +0000 (18:17 +0200)]
RRM: Document Link Measurement Report frame construction steps
Add a comment to note which fields are expected to be updated by the
driver. In addition, reorder subfield writing to match the order in
which the fields are in the frame.
Jouni Malinen [Sat, 7 Jan 2017 15:47:12 +0000 (17:47 +0200)]
tests: Fix rrm_beacon_req_passive_ap_channels to use passive scan
The request from the AP was encoded incorrectly for this test case and
an active scan was requested instead of the passive one that was
supposed to be used here.
ieee80211_chan_to_freq() is not really meant for conversion of 20 MHz
primary channel numbers for wider VHT channels, so handle those as
special cases here for now.
Jouni Malinen [Sat, 7 Jan 2017 10:04:43 +0000 (12:04 +0200)]
RRM: Move wpabuf_resize() call into wpas_rrm_report_elem()
wpabuf_resize() can handle the initial allocation of a wpabuf and all
the other callers of wpas_rrm_report_elem() were already using a pointer
to a pointer and a wpabuf_resize() call. Simplify this by resizing the
wpabuf (if needed) within wpas_rrm_report_elem() instead of having to
calculate the needed size in all the callers. Thsi is also fixing one of
the allocation sizes to use the correct size instead of a size of a
struct that has nothing to do with the allocation (but is larger than
the needed five octets, so does not break anything).
Jouni Malinen [Sat, 7 Jan 2017 10:12:22 +0000 (12:12 +0200)]
tests: Prepare rrm_beacon_req_passive_no_match_oom for code change
Replace the TEST_ALLOC function wpas_beacon_rep_no_results with an
earlier function in the backtrace and wpabuf_resize() in preparation to
a code change that allows the compiler to optimize out
wpas_beacon_rep_no_results().
Jouni Malinen [Sat, 7 Jan 2017 09:52:18 +0000 (11:52 +0200)]
RRM: Remove unnecessary cb check
There is only a single caller for wpas_rrm_send_neighbor_rep_request()
and it unconditionally uses a callback function, so cb cannot be NULL
here and there is no need for additional complexity and extra code size
to check for it explicitly.
Dedy Lansky [Mon, 26 Dec 2016 19:00:51 +0000 (21:00 +0200)]
AP: Skip authentication/deauthentication phase for DMG/IEEE 802.11ad
Authentication and Deauthentication frames are not used in DMG/IEEE
802.11ad networks. For DMG/IEEE 802.11ad the following was implemented:
Upon receiving association request, allocate the sta object and
initialize it as if authentication took place. Upon receiving
disassociation, deallocate the sta object.
ap_sta_disassociate/ap_sta_deauthenticate/ap_sta_disconnect all use
disassociation instead of deauthentication. In driver_nl80211,
i802_sta_deauth() is routed to i802_sta_disassoc().
Dedy Lansky [Tue, 20 Dec 2016 15:04:43 +0000 (17:04 +0200)]
AP: Do not look for supported rates in DMG/IEEE 802.11ad
Supported Rates element is not present in DMG/IEEE 802.11ad frames. Make
copy_supp_rates() immediately return with success if hardware mode is
IEEE 802.11ad.
nl80211: Zero num_modes if nl80211_get_hw_feature_data() fails
It was possible that nl80211_get_hw_feature_data() function would return
NULL when num_modes is not set to zero. This might result in a later crash
when accessing hw.modes. This may be reproduced with hwsim oom tests, for
example, dbus_connect_oom.
Fix that by zeroing num_modes if NULL is returned.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Avraham Stern [Thu, 29 Dec 2016 09:37:58 +0000 (11:37 +0200)]
tests: Use group control interface for GO commands in autogo_chan_switch
The channel switch command is intended for the GO interface, but
it was not sent on the group control interface. For configurations
that use a separate interface for P2P groups, this will fail the test.
Fix this by sending the channel switch command on the group control
interface and waiting for the channel switch event on the group
control interface.
eap_proxy: On SIM error flush PMKSAs only for SIM/AKA/AKA' networks
Previously, SIM state change with SIM_STATE_ERROR cleared all PMKSA
entries (including non-SIM networks). Limit this to networks which use
SIM-based authentication methods to avoid unnecessarily removal of PMKSA
entries.
projects / thirdparty / hostap.git / log
