Jouni Malinen [Mon, 26 Dec 2016 15:53:07 +0000 (17:53 +0200)]
tests: Make hostapd_oom_wpa2_psk catch cases more robustly
For some reason, a potential OOM in hostapd_config_read_wpa_psk() and
hostapd_derive_psk() were missed in --codecov runs during the main
iteration loop. Cover these specific cases with separate instances to
avoid missing coverage.
Jouni Malinen [Mon, 26 Dec 2016 10:09:53 +0000 (12:09 +0200)]
tests: Remove src/common/cli.c from code coverage report
This file is used only by hostapd_cli and wpa_cli and neither of those
are currently included in code coverage reporting. Avoid dropping the
coverage numbers by code that cannot be reached due to not being
included in the programs that are covered.
Jouni Malinen [Sat, 24 Dec 2016 23:09:06 +0000 (01:09 +0200)]
tests: Fix p2p_autogo_pref_chan_not_in_regulatory with new regdb
5745 MHz was added as an allowed short range device range in
wireless-regdb for DE which made this test case fail. Fix it for now by
using SE instead of DE for the second part of the test case.
Jouni Malinen [Sat, 24 Dec 2016 22:47:01 +0000 (00:47 +0200)]
tests: Fix mesh_open_vht_160 skipping
It is possible for wireless-regdb to include a 160 MHz channel, but with
DFS required. This test case need the regulatory information to allow
160 MHz channel without DFS. Fix false failures by skipping the test if
this exact combination is not found.
Jouni Malinen [Sat, 24 Dec 2016 22:38:52 +0000 (00:38 +0200)]
tests: Fix peerkey_sniffer_check with newer Wireshark version
Wireshark renamed eapol.keydes.key_info to
wlan_rsna_eapol.keydes.key_info and that broke this test case when
upgrading Wireshark. Fix this by trying to use both the new and the old
name.
Jouni Malinen [Sat, 24 Dec 2016 22:15:58 +0000 (00:15 +0200)]
tests: Fix eap_fast_tlv_nak_oom and eap_fast_proto_phase2
Something broke eap_fast_tlv_nak_oom when moving from Ubuntu 14.04 to
16.04. OpenSSL.SSL.Connection() state_string() returns None in these
cases and the debug log prints for that were causing the case to fail.
For now, work around this by checking whether the state string is None
before trying to print it.
Sunil Dutt [Fri, 16 Dec 2016 12:50:15 +0000 (18:20 +0530)]
mesh: Show [MESH] flag in print_bss_info()
This was previously done for SCAN_RESULTS, but the BSS control interface
command did not show a similar flag. In addition, change "WPA2" to "RSN"
for mesh BSS to be consistent with the SCAN_RESULTS output.
Mikael Kanstrup [Wed, 21 Dec 2016 10:27:16 +0000 (11:27 +0100)]
hostapd_cli: Add missing command help descriptions
Some commands are missing help description making them not show up in
the list of supported commands. Add command help description for all
missing commands.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Joel Cunningham [Mon, 19 Dec 2016 22:34:24 +0000 (16:34 -0600)]
Fix wpa_cipher_to_alg() return type
wpa_cipher_to_alg() returns enumerated values from enum wpa_alg and all
uses of the return value treat it as enum wpa_alg (by either assigning
it to a variable of type enum wpa_alg or passing to a function that
expects enum wpa_alg).
This commit updates the return value to match the expected usage
(enum wpa_alg) rather than int. This ensures the return value is
of the proper type and eliminates the following compiler warnings:
ARM RVCT (2.2):
'Warning: #188-D: enumerated type mixed with another type'
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
Joel Cunningham [Mon, 19 Dec 2016 20:22:53 +0000 (14:22 -0600)]
wpa_supplicant: Add BSS CURRENT control interface command
This commit extends the BSS commands to include "BSS CURRENT" as a way
to get the current BSS without having to walk the BSS list matching
against BSSID+SSID returned from the STATUS command.
This returns the BSS stored in wpa_s->current_bss.
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
Jouni Malinen [Wed, 21 Dec 2016 10:23:15 +0000 (12:23 +0200)]
OpenSSL: Make sure local certificate auto chaining is enabled
Number of deployed use cases assume the default OpenSSL behavior of auto
chaining the local certificate is in use. BoringSSL removed this
functionality by default, so we need to restore it here to avoid
breaking existing use cases.
Jouni Malinen [Wed, 21 Dec 2016 10:06:21 +0000 (12:06 +0200)]
OpenSSL: Remove SSL_{CTX_,}_clear_options ifdefs
This simplifies the implementation since the SSL_clear_options() and
SSL_CTX_clear_options() are available in all supported versions of
OpenSSL. These were previously needed with older (now obsolete) versions
of OpenSSL, but the ifdefs were missed when removing the more explicit
version macro based backwards compatibility sections.
Jouni Malinen [Tue, 20 Dec 2016 22:18:03 +0000 (00:18 +0200)]
P2P: Do not use wait_time for SD Response TX without fragmentation
The full SD Response frame is not going to be followed by another Action
frame from the peer, so remove the 200 ms wait time from the offchannel
TX command in that case. This avoids leaving a 200 ms lock on the radio
to remain on the channel unnecessarily.
Jouni Malinen [Mon, 19 Dec 2016 23:30:09 +0000 (01:30 +0200)]
Fix race condition between AssocResp callback and 4addr event
It is apparently possible for the NL80211_CMD_UNEXPECTED_4ADDR_FRAME
event to be delivered to hostapd before the NL80211_CMD_FRAME_TX_STATUS
event for (Re)Association Response frame. This resulted in the 4-address
WDS mode not getting enabled for a STA. This could occur in particular
when operating under heavy load and the STA is reconnecting to the same
AP in a sequence where Deauthentication frame is followed immediately by
Authentication frame and the driver event processing gets delayed due to
removal of the previous netdev taking time in the middle of this
sequence.
Fix this by recording a pending item for 4-address WDS enabling if the
NL80211_CMD_UNEXPECTED_4ADDR_FRAME event would have been dropped due to
incompleted association and then process this pending item if the TX
status for the (Re)Association Response frame is received and it shows
that the frame was acknowledged.
Jouni Malinen [Mon, 19 Dec 2016 20:47:07 +0000 (22:47 +0200)]
tests: Disable HT in ap_wds_sta_wep
HT cannot be used with WEP-only network, so don't try to do that here.
This get rids of some unnecessary Beacon frame updates during
disassociation/association and can make the test case a bit more robust.
eap_proxy: Add support for SIM state change indication from eap_proxy
This registers a new callback to indicate change in SIM state. This
helps to do some clean up (more specifically pmksa_flush) based on the
state change of the SIM. Without this, the reconnection using the cached
PMKSA could happen though the SIM is changed.
Currently eap_proxy_sim_state corresponds to only SIM_STATE_ERROR. This
can be further extended.
Jouni Malinen [Mon, 19 Dec 2016 20:14:07 +0000 (22:14 +0200)]
eap_proxy: Fix eap_proxy_init() prototype to use const eapol_cb
The eapol_cb structure was made const and that change resulted in a
compilation warning/error if CONFIG_EAP_PROXY=<name> is enabled in the
wpa_supplicant build configuration. Fix this by updating the function
prototype to match the change.
Note: This results in a change needed to external eap_proxy_*.c
implementations to match the change.
Amit Purwar [Mon, 19 Dec 2016 10:12:30 +0000 (15:42 +0530)]
D-Bus: Add 'freq' option to P2P Find method to specify starting channel
This allows user to start P2P Find/Scan on a particular frequency and
then move to scanning social channels. This support is already present
on control socket.
Signed-off-by: Amit Purwar <amit.purwar@samsung.com>
Jouni Malinen [Sun, 18 Dec 2016 18:28:10 +0000 (20:28 +0200)]
tests: RSN AP and PeerKey between two STAs with sniffer check
The previous PeerKey test cases did not actually verify in any way that
the SMK and STK exchanges were completed since mac80211 does not support
setting the key from STK. Use a sniffer check to confirm that the
exchanges complete to avoid PeerKey regressions like the ones fixed in
the last couple of commits.
Jouni Malinen [Sun, 18 Dec 2016 17:56:05 +0000 (19:56 +0200)]
PeerKey: Fix STK 4-way handshake regression
Commit c93b7e18885b07bf198e230019185b50ed622d9f ('RSN: Check result of
EAPOL-Key frame send request') forgot to update two PeerKey users of
EAPOL-Key TX functions. That resulted in STK handshake failing since
message 2/4 and 4/4 TX calls were assumed to have failed when the return
value was changed from 0 to a positive value for success case. This
resulted in not updating nonce information properly and hitting
following error when processing STK 4-way handshake message 3/4:
RSN: INonce from message 1 of STK 4-Way Handshake differs from 3 of STK
4-Way Handshake - drop packet (src=<addr>)
Jouni Malinen [Sun, 18 Dec 2016 17:07:29 +0000 (19:07 +0200)]
PeerKey: Fix EAPOL-Key processing
Commit 6d014ffc6e654e7e802263c55ce568df153a1e1c ('Make struct
wpa_eapol_key easier to use with variable length MIC') forgot to update
number of EAPOL-Key processing steps for SMK and STK exchanges and broke
PeerKey. Fix this by updating the Key Data field pointers to match the
new style with variable length Key MIC field.
Mikael Kanstrup [Tue, 6 Dec 2016 07:26:50 +0000 (16:26 +0900)]
Android: Add p2p_add_cli_chan=1 option
Add p2p_add_cli_chan=1 option to p2p_supplicant.conf to allow Wi-Fi P2P
operating as P2P client on passive scan channels.
In addition, add p2p_add_cli_chan=1 option to wpa_supplicant.conf to
have consistency in P2P channel list. There is a case where P2P channel
list is updated with different channels from p2p0 and wlan0.
Jouni Malinen [Sat, 17 Dec 2016 15:19:34 +0000 (17:19 +0200)]
FILS: Separate FILS realm configuration from ERP domain
The new hostapd configuration parameter fils_realm=<realm> can now be
used to configure one or more FILS realms to advertise for ERP domains
when using FILS. This replaces the use of erp_domain=<domain> parameter
for the FILS use case.
Jouni Malinen [Sat, 17 Dec 2016 10:27:49 +0000 (12:27 +0200)]
Update various definitions based on IEEE Std 802.11-2016
This updates definitions for Status Codes, Reason Codes,
Information Element IDs, Action frame categories, Public Action
codes, Protected Dual of Public Action codes, Advertisement
Protocol ID, and ANQP info IDs based on IEEE Std 802.11-2016.
Jouni Malinen [Thu, 15 Dec 2016 12:10:17 +0000 (14:10 +0200)]
tests: Fix FST scanning for non-FST APs
The sta2.scan() calls were performing full scan of all channels and
reporting only the BSS entry that happened to be the first one in the
wpa_supplicant list. This is problematic since it is possible that the
target AP was not found and incorrect BSS was selected and used for
setting scan_freq which made the connection fail. Furthermore, there is
no need to use full scan for these test cases, so use a single channel
scan instead.
Jouni Malinen [Wed, 14 Dec 2016 14:38:44 +0000 (16:38 +0200)]
Fix preauth_test build by updating add_pmkid/remove_pmkid callbacks
Commit c579312736163d8d038542408daaefad9659815d ('Add
PMKSA-CACHE-ADDED/REMOVED events to wpa_supplicant') added new arguments
to these callback functions, but forgot to update the implementations in
preauth_test.c.
Jouni Malinen [Wed, 14 Dec 2016 14:32:05 +0000 (16:32 +0200)]
tests: Make p2p_ext_vendor_elem_go_neg_conf more robust
Use P2P listen mode on dev[1] to speed up GO Negotiation and explicitly
wait for successfully completed GO Negotiation to make the failure cases
clearer. Previously, it was possible for the GO Negotiation to fail and
execution to go to the tshark check even when no GO Negotiation Confirm
frame was sent.
Jouni Malinen [Wed, 14 Dec 2016 10:45:37 +0000 (12:45 +0200)]
tests: Use longer timeout in p2p_go_neg_auth_result()
It is possible for the P2P-GROUP-STARTED event to get delayed more than
one second especially when the GO Negotiation responder becomes the P2P
Client and the system is heavily loaded. Increase the default timeout
for the expected success case from 1 to 5 seconds to avoid failing test
cases that would have succeeded if given a bit more time to complete the
exchange.
Jouni Malinen [Tue, 13 Dec 2016 17:39:34 +0000 (19:39 +0200)]
tests: Make dbus_p2p_go_neg_init more robust
It was apparently possible to get a propertiesChanged event from an
earlier test case with an empty Groups property. That ended up this case
exiting immediately before running through the steps and consequently,
failing due to missed operations. Make this less likely to happen by
accepting the Groups property emptying event only after a group has been
added for a peer first.
Jouni Malinen [Tue, 13 Dec 2016 13:49:22 +0000 (15:49 +0200)]
Make Beacon IEs available in wpa_supplicant BSS command
This makes both the Probe Response and Beacon frame IEs available to
upper layers if scan results include both IE sets. When the BSS command
mask includes WPA_BSS_MASK_BEACON_IE, a new beacon_ie=<hexdump> entry
will be included in output if the BSS entry has two separate sets of IEs
(ie=<hexdump> showing the Probe Response frame contents and
beacon_ie=<hexdump> the Beacon rame contents).
Jouni Malinen [Tue, 13 Dec 2016 13:47:50 +0000 (15:47 +0200)]
tests: Make ap_track_sta_no_probe_resp more robust
Check whether the unexpected BSS entry is based on having received a
Beacon frame instead of Probe Response frame. While this test case is
using a huge beacon_int value, it is still possible for mac80211_hwsim
timing to work in a way that a Beacon frame is sent. That made this test
case fail in some rare cases. Fix this by ignoring the BSS entry if it
is based on Beacon frame instead of Probe Response frame.
Jouni Malinen [Tue, 13 Dec 2016 13:25:52 +0000 (15:25 +0200)]
mesh: Fix channel configuration in pri/sec switch case
If 20/40 MHz co-ex scan resulted in switching primary and secondary
channels, mesh setup failed to update the frequency parameters for
hostapd side configuration and that could result in invalid secondary
channel configuration preventing creating of the mesh network. This
could happen, e.g., when trying to set up mesh on 5 GHz channel 36 and
co-ex scan finding a BSS on channel 40. Switching the pri/sec channels
resulted in hostapd code trying to check whether channel 32 is
available. Fix this by swapping the channels for hostapd configuration
when needed.
Jouni Malinen [Tue, 13 Dec 2016 13:09:15 +0000 (15:09 +0200)]
Make debug print clearer for AP/mesh mode secondary channel issues
If the secondary channel was not found at all, no debug print was shown
to indicate that the channel was rejected due to that problem. Print a
clearer message indicating which channel was behind the reason to reject
channel configuration as unsuitable for AP mode.
Jouni Malinen [Tue, 13 Dec 2016 11:57:39 +0000 (13:57 +0200)]
tests: Remove pmk_r1_push parameter from ap_ft_local_key_gen
Local key generation for FT-PSK does not use the AP-to-AP protocol and
as such, setting pmk_r1_push=1 is a bit confusing here since it gets
ignored in practice. Remove it to keep the test case easier to
understand.
Jouni Malinen [Tue, 13 Dec 2016 11:03:52 +0000 (13:03 +0200)]
tests: Clear scan cache at the end of ap_wps_per_station_psk_failure
It was possible for ap_wps_per_station_psk_failure to leave behind scan
entries with active PBC mode if cfg80211 BSS table. This could result in
a following test case failing due PBC overlap. Fix this by clearing the
cfg80211 BSS table explicitly.
This was found with the following test case sequence:
ap_wps_per_station_psk_failure autogo_pbc
Jouni Malinen [Mon, 12 Dec 2016 21:47:04 +0000 (23:47 +0200)]
External persistent storage for PMKSA cache entries
This adds new wpa_supplicant control interface commands PMKSA_GET and
PMKSA_ADD that can be used to store PMKSA cache entries in an external
persistent storage when terminating a wpa_supplicant process and then
restore those entries when starting a new process. The previously added
PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing
the external storage with the memory-only volatile storage within
wpa_supplicant.
"PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to
a specific network profile. The network_id of the current profile is
available with the STATUS command (id=<network_id). In addition, the
network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The
output of the PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds>
<akmp> <opportunistic>
<network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration
in seconds> <akmp> <opportunistic>
(i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET
output data; however, the reauth_time and expiration values need to be
updated by decrementing them by number of seconds between the PMKSA_GET
and PMKSA_ADD commands)
This functionality is disabled be default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be
noted that this allows any process that has access to the wpa_supplicant
control interface to use PMKSA_ADD command to fetch keying material
(PMK), so this is for environments in which the control interface access
is restricted.
Avichal Agarwal [Mon, 12 Dec 2016 11:38:48 +0000 (17:08 +0530)]
P2P: Set p2p_persistent_group=1 at the time of reading disabled=2
Configuration file network block with disabled=2 is used for storing
information about a persistent group, so p2p_persitent_group should be
updated according to this when creating a struct wpa_ssid instance. This
will end up using D-Bus persistent network object path for the network.
Jouni Malinen [Sun, 11 Dec 2016 22:58:00 +0000 (00:58 +0200)]
tests: Fix wpas_ap_acs after 5 GHz use
Work around the mac80211_hwsim limitation on channel survey by forcing
the last connection to be on 2.4 GHz band. Without this, wpas_ap_acs
would have failed to start the AP if the previous test case used the 5
GHz band.
vamsi krishna [Fri, 2 Dec 2016 08:54:39 +0000 (14:24 +0530)]
Remove MBO dependency from Supported Operating Classes element
Supported Operating Classes element and its use is define in the IEEE
802.11 standard and can be sent even when MBO is disabled in the build.
As such, move this functionality out from the CONFIG_MBO=y only mbo.c.
Sunil Dutt [Thu, 8 Dec 2016 13:28:42 +0000 (18:58 +0530)]
Add QCA vendor command definitions for IDs 61-73
This commit documents the QCA vendor commands 61-73 and the
corresponding definitions of the attributes. This set of commands were
previously reserved for QCA without documentation here.
projects / thirdparty / hostap.git / log
