Commit graph

6754 commits

Author SHA1 Message Date
Jouni Malinen
0489e8809d tests: WPS Enrollee PIN expiration on AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-22 19:01:34 +02:00
Jouni Malinen
0cf4d02670 tests: Increase hostapd ctrl_iface test coverage
This tests various error conditions and less commonly used operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-22 19:01:33 +02:00
Jouni Malinen
1d4fe3bcbc Remove unnecessary parameter validation
This is dead code since this helper function is always called with
non-NULL pointer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-22 16:25:28 +02:00
Arif Hussain
94b84bc725 P2P: Avoid unsafe pre-configured channel as channel preference
Do not select pre-configured channel as operating channel preference if
it is unavailable maybe due to interference or possible known
co-existence constraints, and try to select random available channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-22 10:20:08 +02:00
Dmitry Shmidt
d3c9c35f32 Add freq= parameter to 'set pno' command
This allows channels-to-be-scanned to be specified for PNO similarly to
the scan command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 23:56:46 +02:00
Tomasz Bursztyka
b998236543 dbus: Implement P2P Peers info IEs buffer getter
Since it declares providing such property, let's expose it relevantly.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:49:47 +02:00
Tomasz Bursztyka
c6f356f85b dbus: Export the peer's device address as a property
This could be useful in some cases.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:44:09 +02:00
Tomasz Bursztyka
442adfde3d dbus: Declare properly ServiceDiscoveryRequest method
It does return something: the reference of the request, as an integer,
which can be used then with ServiceDiscoveryCancelRequest to get
canceled.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:50 +02:00
Tomasz Bursztyka
890374118f dbus: Cancelling a service request always reply by an error
p2p_sd_cancel_request returns -1 in case of error, so does
wpas_p2p_sd_cancel_request.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:49 +02:00
Tomasz Bursztyka
13494c4478 dbus: Remove duplicate signal declaration
ServiceDiscoveryExternal is uselessly declared twice.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:49 +02:00
Pawel Kulakowski
513dcec656 Don't overwrite channel on hostapd config reload
There was possibility that the current channel in Beacon information
element was incorrectly set. This problem was easily observed when
primary and secondary channel were switched and then some of hostapd
settings (for example password) were changed using WPS External
Registrar. This caused hostapd_reload_config() function overwrite the
current channel information from config file.

This patch prevents this situation and does not allow to overwrite
channel and some other settings when config is reloaded.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-03-21 23:30:57 +02:00
Eduardo Abinader
5eae87a7d6 P2P: Fix GO failed interface init
Whenever an ongoing GO Neg has failed, due to interface init, the P2P
Device should cancel timeouts and issue wpas_p2p_group_formation_failed,
so the other peer detects faster group formation has failed.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-03-21 23:26:16 +02:00
Andrei Otcheretianski
c46235aaf0 wpa_supplicant: Fix radio_remove_interface
Remove pending radio works when an interface is removed from a radio.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-03-21 22:21:37 +02:00
Dmitry Shmidt
2ce7e4fd74 Android: Enable CONFIG_EAP_AKA_PRIME option
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 22:21:26 +02:00
Prameela Rani Garnepudi
95bf699f76 Add get_radio_name() driver wrapper for wpa_supplicant
Signed-off-by: Prameela Rani Garnepudi <prameela.g@samsung.com>
2014-03-21 22:20:38 +02:00
Guoqiang Liu
d06ecab344 D-Bus: Make p2p_no_group_iface configurable
Some old device need to set p2p_no_group_iface=1 to set up a P2P
connection, so add a D-Bus interface to configure it.

Signed-off-by: Guoqiang Liu <guoqiang.liu@archermind.com>
2014-03-21 22:17:57 +02:00
Jouni Malinen
8b6b6d8238 Fix hostapd.conf description of HT40+
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-21 20:04:01 +02:00
Jouni Malinen
20ff2642e1 WPS: Clear WPS data on init failure
It was possible for hapd->wps_beacon_ie and hapd->wps_probe_resp_ie to
be set if WPS initialization in hostapd failed after having set these
parameters (e.g., during UPnP configuration). In addition, many of the
other WPS configuration parameters that were allocated during the first
part of the initialization were not properly freed on error paths.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-21 13:23:23 +02:00
Jouni Malinen
d2a4005b3b tests: Verify Pre-authentication EAPOL status
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-21 12:56:48 +02:00
Jouni Malinen
910f16ca0e tests: EAP-SIM/AKA with protected result indication
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-21 12:56:48 +02:00
Jouni Malinen
f19e370e15 WPS: Do not advertise WPA/WPA2-Enterprise Auth Type Flags
While the device itself may support WPA/WPA2-Enterprise, enrollment of
credentials for EAP authentication is not supported through WPS. As
such, there is no need to claim support for these capabilities within
WPS information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-20 15:13:48 +02:00
Jouni Malinen
c37b02fcc4 tests: Authentication server using PKCS#12 file
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-20 00:16:00 +02:00
Jouni Malinen
2a6a2192b7 tests: Invalid ca_cert hash:// value
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-20 00:02:00 +02:00
Jouni Malinen
c61dca40a4 tests: TLS domain_suffix_match rejection due to incomplete label match
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-19 23:50:57 +02:00
Jouni Malinen
5c65e277a0 tests: Increase altsubject_match coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-19 23:46:53 +02:00
Jouni Malinen
1b5df9e591 nl80211: Do not indicate scan started event on scan_for_auth
The scan_for_auth workaround for cfg80211 missing a BSS entry for the
target BSS during authentication uses a single channel scan controlled
within driver_nl80211.c. This operation does not indicate
EVENT_SCAN_RESULTS to the upper layer code. However, it did report
EVENT_SCAN_STARTED and this resulted in the radio work protection code
assuming that an external program triggered a scan, but that scan never
completed. This resulted in all new radio work items getting stuck
waiting for this scan to complete.

Fix this by handling the scan_for_auth situation consistently within
driver_nl80211.c by filtering both the EVENT_SCAN_STARTED and
EVENT_SCAN_RESULTS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 22:48:44 +02:00
Jouni Malinen
bb2382619a HS 2.0R2: Clean up debug log during exit path
deinit_ctx() may print debug information, so do not call
wpa_debug_close_file() before deinit_ctx().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:40:04 +02:00
Jouni Malinen
48408fce2f HS 2.0R2: Do not mandate OCSP response for EST operations
OCSP validation is required only for the OSU operations and since the
EST server may use a different server certificate, it may not
necessarily support OCSP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:58 +02:00
Jouni Malinen
8f60293d3f HS 2.0R2: Do not use OSU cert validation for EST
There is no requirement for the EST server to use an OSU server
certificate, so do not require friendly name and icon hash matches for
EST cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:49 +02:00
Jouni Malinen
40bdceac88 HS 2.0R2: Configure OSU client trust root more consistently
Some of the code paths could have ended up ignoring CA file name from
command line due to overly complex way of setting ctx->ca_fname.
Configure this more consistently in osu_client.c as soon as the CA file
name has been determined.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:39 +02:00
Jouni Malinen
4d65deda7f HS 2.0R2: Clean up debug from libcurl
Do not truncate CURLINFO entries on first linefeed to get full IN/OUT
headers and data into debug log. Use wpa_hexdump_ascii() if any
non-displayable characters are included. Remove the separate header/data
debug dumps since all that information is now available from the debug
callback.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:35 +02:00
Jouni Malinen
f4e3860f8a Fix AP mode default TXOP Limit values for AC_VI and AC_VO
These were previous set to 3.0 and 1.5 ms which ended up using values 93
and 46 in 36 usec inits. However, the default values for these are
actually defined as 3.008 ms and 1.504 ms (94/47) and those values are
also listed in the hostapd.conf example.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-17 18:48:40 +02:00
Jouni Malinen
47bd94a09f TLS testing: Add new test cases for RSA-DHE primes
test-tls-4: Short 511-bit RSA-DHE prime
test-tls-5: Short 767-bit RSA-DHE prime
test-tls-6: Bogus RSA-DHE "prime" 15
test-tls-7: Very short 58-bit RSA-DHE prime in a long container
test-tls-8: Non-prime as RSA-DHE prime

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 12:43:49 +02:00
Jouni Malinen
f5bbb2f284 TLS client: Reject RSA-DHE prime if it shorter than 768 bits
Such short primes cannot really be considered secure enough for
authentication purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 12:43:37 +02:00
Jouni Malinen
817742f5aa TLS testing: Fix test_flags check for ApplData report
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 10:59:17 +02:00
Jouni Malinen
44bb91066b tests: wpa_supplicant MIB command
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 00:18:03 +02:00
Jouni Malinen
fb5c8cea95 tests: Supplicant-enforced PTK rekey
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 00:13:23 +02:00
Jouni Malinen
77b4a71180 tests: TDLS discovery
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 00:03:07 +02:00
Jouni Malinen
6ea231e6d4 tests: EAP TLS parameters using configuration blobs
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 23:52:43 +02:00
Jouni Malinen
1120e45232 Allow config blobs to be set through ctrl_iface
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 23:51:37 +02:00
Michal Kazior
c3722e1241 ACS: Fix VHT20
The center segment0 calculation for VHT20 ACS was incorrect. This caused
ACS to fail with: "Could not set channel for kernel driver".

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-03-15 19:04:31 +02:00
Jouni Malinen
c1cec68b93 tests: WPS AP PIN unlocking
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
4b727c5c26 tests: WPS AP configuration using external settings management
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
e8518757c9 tests: WPS PIN request file
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
7af87019ec tests: More HT40 co-ex scan cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
49b74430d9 Fix HT40 co-ex scan for some pri/sec channel switches
Secondary channel was compared incorrectly (-4/4 vs. actual channel
number) which broke matching neighboring 40 MHz BSSes and only the
no-beacons-on-secondary-channel rule was applied in practice. Once
sec_chan was fixed, this triggered another issue in this function where
both rules to switch pri/sec channels could end up getting applied in a
way that effectively canceled the switch.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
018ead4218 tests: VLAN with tagged interface
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
a424259a9b tests: AP using inactivity poll/disconnect
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
e59aa78240 tests: Go to listen state in go_neg_pin_authorized
Previusly, the responding device was left in p2p_find state as a
consequence of using discover_peer() if the peer was not already known.
This was not the sequence that was supposed to be used here. Go to
listen-only state when waiting for the peer to initiate a previously
authorized GO Negotiation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
55c11d40da tests: RSN pre-authentication
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00