Commit graph

15184 commits

Author SHA1 Message Date
Jouni Malinen
c6ab7b55a6 tests: FT RKH parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
5916637cf2 tests: FT PMK-R0/R1 expiration
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
6379bd6acf tests: Server checking CRL with check_crl_strict=0
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
698a0067c9 Fix check_crl_strict documentation
The OpenSSL error codes used here were for certificates, not CRLs. Fix
that to refer to CRL being expired or not yet valid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
ce30a79a14 tests: private_key_passwd2 in hostapd configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
09839cab75 tests: Additional hostapd configuration parser coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-11 16:37:48 +03:00
Jouni Malinen
aa8ea7abc9 tests: Additional dpp_controller parsing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 18:45:37 +03:00
Jouni Malinen
161f1d5d7c tests: Additional sae_password parsing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 18:37:54 +03:00
Jouni Malinen
3bfa7f798b tests: Additional tls_flags coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 17:22:32 +03:00
Jouni Malinen
8d231c5e3b tests: Additional operator_icon parsing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 17:06:40 +03:00
Jouni Malinen
a32f4c226d tests: Additional osu_nai2 parsing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 17:04:27 +03:00
Jouni Malinen
c805a7aeb7 tests: Additional venue_url parsing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 17:02:10 +03:00
Jouni Malinen
95b493dc40 tests: Additional eap_user_file parsing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 16:35:11 +03:00
Jouni Malinen
3d276ba530 tests: Additional vlan_file parsing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-10 16:16:29 +03:00
Rajeev Kumar Sirasanagandla
485dd425ba Add QCA vendor command for avoid frequency feature
Add vendor command QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT
and attribute qca_wlan_vendor_attr_avoid_frequency_ext to send structured
avoid frequency data.

This new command is alternative to existing command
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY since existing command is
using stream of bytes instead of structured data using vendor attributes.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:24 +03:00
Rajeev Kumar Sirasanagandla
6ae1247bfa Update QCA vendor attributes for 6 GHz band support
As a part of P802.11ax amendment, 6 GHz band operation is added.

Since the 6 GHz channel numbers are overlapping with existing 2.4 GHz
and 5 GHz channel numbers, use frequency to identify unique channel
operation instead of channel number. Channel frequency is unique across
bands.

In the existing QCA vendor interface, wherever missing, add frequency
attributes to identify unique channel operation. In addition, add
comments to document some of the previously missed attributes/values.

Note: If both channel and frequency attributes are present in vendor
command/event and
(a) If both the driver and user-space application supports 6 GHz band
then channel related attributes are deprecated and use frequency
attributes.
(b) If either driver or user-space application or both doesn't
support 6 GHz band then use channel attributes.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:24 +03:00
Rajeev Kumar Sirasanagandla
aa23ece3de Add QCA vendor channel attribute to restart AP
Add QCA_WLAN_VENDOR_ATTR_SAP_CONFIG_CHANNEL attribute in
enum qca_wlan_vendor_attr_sap_config to use with vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_SAP_CONFIG.

This new attribute is used to restart AP on given channel.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:23 +03:00
Rajeev Kumar Sirasanagandla
85508ecf67 Add QCA vendor command to configure ACS policy
Add a QCA vendor sub command QCA_NL80211_VENDOR_SUBCMD_ACS_POLICY
with attributes enum qca_wlan_vendor_attr_acs_config and
enum qca_acs_dfs_mode to configure ACS policy.

Signed-off-by: Rajeev Kumar Sirasanagandla <rsirasan@codeaurora.org>
2019-08-09 19:52:23 +03:00
Srinivas Dasari
2395fdb67b Add QCA vendor attributes to enhance roaming configuration
This enhances the existing vendor command QCA_NL80211_VENDOR_SUBCMD_ROAM
with the following configurations:
1. Set/get/clear roam control
2. Set/get the channels on which the roaming has to be triggered.
3. Set/get the roam scan period.
4. Configure the triggers for roaming.
5. Configure the candidate selection criteria.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 23:52:06 +03:00
Sunil Dutt
1425caac28 Rename qca_wlan_vendor_attr_roam_subcmd to represent subcmds
qca_wlan_vendor_attr_roam_subcmd is an enum associated with the
attribute QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD. It represents different
sub command values and these are not the attributes. Hence, rename the
enum to qca_wlan_vendor_roaming_subcmd. Accordingly, the members of this
enum are also renamed to suite the usage.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 18:45:08 +03:00
Sunil Dutt
f131196319 Document the attributes used by QCA_NL80211_VENDOR_SUBCMD_ROAM
This commit documents the attributes used by
QCA_NL80211_VENDOR_SUBCMD_ROAM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 18:45:04 +03:00
Jouni Malinen
b0b25c5bbc Clear external eapSuccess setting in driver-authorized cases
The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not
cover the case where eapol_sm_notify_eap_success(TRUE) had been called
based on offloaded 4-way handshake and driver notification of
authorization in wpa_supplicant_event_port_authorized(). This could
result in eapSuccess and altSuccess state machine variables being left
TRUE when roaming to another BSS and that results in EAP failure if the
following roaming case does not get fully authorized through the driver
offload.

Fix this by clearing eapSuccess/altSuccess when processing a new
association (including roaming) event and also when disconnecting from
the network.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 19:24:06 +03:00
Jouni Malinen
fa1d5ec182 The master branch is now used for v2.10 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-07 17:51:53 +03:00
Jouni Malinen
ca8c2bd28a Preparations for v2.8 release
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.7 and v2.8.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-07 16:25:25 +03:00
Jouni Malinen
d1fb06c947 tests: Check wait_event argument type
It was clearly too easy to get unexpected behavior by accidentially
passing in a string instead of a list of strings to these functions, so
enforce the correct type to notice such issues automatically.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 12:57:22 +03:00
Jouni Malinen
12c5c2404e tests: Fix ap_vht_csa_vht40 to use list of events with wait_event()
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 12:57:22 +03:00
Jouni Malinen
0e2605b948 tests: Fix concurrent_autogo_crossconnect to use list of events with wait_event()
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 12:57:22 +03:00
Jouni Malinen
79b44113ec tests: Fix ap_vht_csa_vht40_disable to use list of events with wait_event()
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 12:57:22 +03:00
Jouni Malinen
d371f0cbbf tests: Fix eap_proto_otp to use list of events with wait_event()
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 12:57:22 +03:00
Jouni Malinen
c4a9610e8f tests: Fix hostapd.wait_sta()
wait_event() expects a list of events instead of a single event name.
The previous implementation of wait_sta() did not really wait for
AP-STA-CONNECT; instead, it returned the next event from hostapd
regardless of what that event was.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 12:36:36 +03:00
Sunil Dutt
3263fca289 Set the default scan IEs on interface restart
Previously, these default scan IEs were set only when parameter values
changed and during the interface initialization, which can get lost in
the driver on an interface restart. Hence, also set these IEs on an
interface restart notification even when there has been no change in the
values since the last update to the driver.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 11:43:12 +03:00
Jouni Malinen
aeb7ab8edb tests: Additional EAP-TEAP coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 01:19:00 +03:00
Jouni Malinen
d776bf8c66 EAP-TEAP peer: Fix fragmentation of final message
Need to update methodState/decision when completing transmission of
fragmented last Phase 2 message.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 01:11:54 +03:00
Jouni Malinen
9b2b99c550 tests: Additional EAP-SAKE local error case coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 00:10:26 +03:00
Jouni Malinen
3948417305 tests: Additional EAP-GPSK local error case coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-07 00:04:45 +03:00
Jouni Malinen
83d5e334b1 tests: Additional EAP-EKE local error case coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-06 23:59:06 +03:00
Jouni Malinen
b4928ff9cb tests: DPP Controller RX error cases
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-06 21:02:12 +03:00
Jouni Malinen
161490906a tests: DPP TCP failure cases
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-06 20:22:44 +03:00
Jouni Malinen
d137275131 tests: Remove openssl header files from code coverage report
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-06 13:21:56 +03:00
Jouni Malinen
1c7e61a35a wolfssl: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-06 13:12:37 +03:00
Jouni Malinen
7122a02fa5 SAE: Fix order_len for FFC groups
The KCK, PMK, and PMKID derivation fix broke SAE key derivation for all
FFC groups. Fix that by setting sae->tmp->order_len for FFC groups (it
was only set for ECC groups).

Fixes: ac734a342e ("SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 16:52:20 +03:00
Jouni Malinen
d22f090245 tests: Wait after rekeying a bit before running connectivity test
The AP side may not have had enough time to configure the new TK into
the driver if the connectivity test is started immediately after the
station side event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 13:49:15 +03:00
Jouni Malinen
f13de00b89 tests: Wait for AP side connection event before disconnecting
This makes the test cases more robust especially when testing with UML
time travel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 13:47:08 +03:00
Jouni Malinen
422e73d623 DPP: Indicate authentication success on ConfReqRX if needed
It is possible to receive the Configuration Request frame before having
seen TX status for the Authentication Confirm. In that sequence, the
DPP-AUTH-SUCCESS event would not be indicated before processing the
configuration step and that could confuse upper layers that follow the
details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS
when receiving the Configuration Request since the Enrollee/Responser
has clearly receive the Authentication Confirm even if the TX status for
it has not been received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 13:31:14 +03:00
Jouni Malinen
938c6e7b3d tests: Wait for AP-STA-CONNECT before running connectivity test
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.

Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.

Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
752e7a33e8 tests: Close pyrad server sockets explicitly
This helps in avoiding issues with another test case trying to bind to
the same UDP port and failing due to the previous use by pyrad still
being open. This showed up with failures in radius_ipv6 when it followed
a test case like eap_proto_tls with suitable set of test cases between
them.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
d001fe31ab OpenSSL: Handle EVP_PKEY_derive() secret_len changes for ECDH
It looks like EVP_PKEY_derive() may change the returned length of the
buffer from the initial length determination (NULL buffer) to the
fetching of the value. Handle this by updating the secret length based
on the second call instead of the first one. This fixes some cases where
ECDH result has been used with extra data (zeros in the end) with OWE or
FILS PFS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-04 15:03:08 +03:00
Jouni Malinen
29ef1c5ee4 DPP: Use a common helper function for ECDH operations
This replaces the separately implemented ECDH operations with a single
helper function to avoid code duplication. In addition, this introduces
a workaround for strange OpenSSL behavior where the first
EVP_PKEY_derive(NULL) call to learn the size of the output shared secret
returns unexpectedly large buffer (72 octets when expected 32 octets for
group 19). It is not known what is causing this, but such behavior seems
to be showing up every now and then at least when running hwsim test
cases under UML and apparently mainly (only?) in the sigma_dut
controller cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-04 12:10:20 +03:00
Jouni Malinen
48e999e9a5 tests: Check against all zero PMKIDs in sae_groups
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-03 17:04:01 +03:00
Jouni Malinen
ac734a342e SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24
IEEE Std 802.11-2016 is not exactly clear on the encoding of the bit
string that is needed for KCK, PMK, and PMKID derivation, but it seems
to make most sense to encode the (commit-scalar + peer-commit-scalar)
mod r part as a bit string by zero padding it from left to the length of
the order (in full octets).

The previous implementation used the length of the prime (in full
octets). This would work for KCK/PMK, but this results in deriving all
zero PMKIDs for the groups where the size of the order is smaller than
the size of the prime. This is the case for groups 22, 23, and 24.
However, those groups have been marked as being unsuitable for use with
SAE, so this fix should not really have a practical impact anymore.
Anyway, better fix it and document this clearly in the implementation
taken into account the unclarity of the standard in this area.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-03 17:00:39 +03:00