Commit graph

15514 commits

Author SHA1 Message Date
Jouni Malinen
76162b1828 TLS: Fix bounds checking in certificate policy parser
The recent addition of the X.509v3 certificatePolicies parser had a
copy-paste issue on the inner SEQUENCE parser that ended up using
incorrect length for the remaining buffer. Fix that to calculate the
remaining length properly to avoid reading beyond the end of the buffer
in case of corrupted input data.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20363
Fixes: d165b32f38 ("TLS: TOD-STRICT and TOD-TOFU certificate policies")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-28 14:21:03 +02:00
Jouni Malinen
703c2b6457 DPP: Example script for NFC bootstrapping method
This Python script is an example on how nfcpy can be used to drive an
NFC Device to perform DPP bootstrapping operations over DPP (tag with
NFC URI and negotiated connection handover).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-27 21:58:45 +02:00
Jouni Malinen
db1aa8f19f tests: DPP bootstrapping via NFC negotiated handover
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-27 20:36:09 +02:00
Jouni Malinen
566972fd6f DPP: Show selected negotiation channel in DPP_BOOTSTRAP_INFO
Make the selected channel available for upper layer software to use,
e.g., when starting DPP listen operation during NFC negotiated
connection handover.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-27 20:36:09 +02:00
Jouni Malinen
5e287724ee DPP: NFC negotiated connection handover
Add new control interface commands "DPP_NFC_HANDOVER_REQ own=<id>
uri=<URI>" and "DPP_NFC_HANDOVER_SEL own=<id> uri=<URI>" to support NFC
negotiated connection handover. These commands are used to report a DPP
URI received from a peer NFC Device in Handover Request and Handover
Select messages. The commands return peer bootstrapping information ID
or FAIL on failure. The returned ID is used similarly to any other
bootstrapping information to initiate DPP authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-27 20:36:09 +02:00
Jouni Malinen
2bbe6ad3aa DPP: Helper function for bootstrapping URI generation
The new dpp_gen_uri() helper function can be used to build the
bootstrapping URI from locally stored information. This can be used to
make it easier to update the URI, e.g., for NFC negotiated connection
handover cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-27 20:36:09 +02:00
Jouni Malinen
f5b7b24912 tests: Fix eap_proto_ttls_errors with CONFIG_TLS=internal
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 17:09:50 +02:00
Jouni Malinen
12da39b389 crypto: Allow up to 10 fragments for hmac_sha*_vector()
This increases the limit of how many data fragments can be supported
with the internal HMAC implementation. The previous limit was hit with
some FT use cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 17:04:54 +02:00
Jouni Malinen
07dd83dd77 tests: Check for domain_suffix_match in HS 2.0 PPS MO testing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 16:56:06 +02:00
Jouni Malinen
362889638b tests: Check for TLS EC support in build
These test cases need to be skipped with CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 16:54:07 +02:00
Jouni Malinen
0c00679b15 tests: Check for TLS library capabilities in sigma_dut test cases
These test cases cannot be run with CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 16:50:20 +02:00
Jouni Malinen
d165b32f38 TLS: TOD-STRICT and TOD-TOFU certificate policies
Add parsing of certificate policies for TOD-STRICT and TOD-TOFU when
using CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 16:44:49 +02:00
Jouni Malinen
31a3d4c234 tests: Recognize more test SKIP reasons
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 16:03:31 +02:00
Jouni Malinen
5bf51d38b0 tests: Fix DPP capability checking to avoid failures in non-DPP build
"finally" handler should not trigger a new exception when trying to
clear state for non-DPP builds. In addition, couple of checks for DPP
capability in the build were missing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 13:40:56 +02:00
Jouni Malinen
4c0af8ad6c tests: Check SAE capability in build more consistently
Use a helper function for this and add checks for number of test cases
that were missing this. This gets rid of undesired FAIL results
(converts them to SKIP) for test runs where the station do not support
SAE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 13:40:56 +02:00
Jouni Malinen
cd66b8295c TLS: Fix a typo in a debug message
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 12:50:44 +02:00
Ashish Kumar Dhanotiya
a629409047 Add vendor interface QCA_NL80211_VENDOR_SUBCMD_REQUEST_SAR_LIMITS_EVENT
This commit introduces the vendor event
QCA_NL80211_VENDOR_SUBCMD_REQUEST_SAR_LIMITS_EVENT.
Host drivers can request user space application to set SAR power
limits with this event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 20:48:14 +02:00
Vamsi Krishna
0ecf735631 Add new QCA vendor attribute to set thermal level
Add a new QCA vendor attribute to set thermal level to the driver from
userspace. The driver/firmware takes actions requested by userspace to
mitigate high temperature such as throttling TX etc. The driver may
choose the level of throttling and other actions for various thermal
levels set by userspace.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 20:45:35 +02:00
Jouni Malinen
f28853fbc4 tests: OWE PTK derivation workarounds
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:47:41 +02:00
Jouni Malinen
8b138d2826 OWE: PTK derivation workaround in STA mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround=1 network parameter can be used
to enable older behavior mainly for testing purposes. There is no impact
to group 19 behavior, but if enabled, this will make group 20 and 21
cases use SHA256-based PTK derivation which will not work with the
updated OWE implementation on the AP side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:47:41 +02:00
Jouni Malinen
65a44e849a OWE: PTK derivation workaround in AP mode
Initial OWE implementation used SHA256 when deriving the PTK for all OWE
groups. This was supposed to change to SHA384 for group 20 and SHA512
for group 21. The new owe_ptk_workaround parameter can be used to enable
workaround for interoperability with stations that use SHA256 with
groups 20 and 21. By default, only the appropriate hash function is
accepted. When workaround is enabled (owe_ptk_workaround=1), the
appropriate hash function is tried first and if that fails, SHA256-based
PTK derivation is attempted. This workaround can result in reduced
security for groups 20 and 21, but is required for interoperability with
older implementations. There is no impact to group 19 behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:47:41 +02:00
Jouni Malinen
bd50805e40 OWE: Select KDF hash algorithm based on the length of the prime
Previous implementation was hardcoding use of SHA256 PMK-to-PTK
derivation for all groups. Replace that with hash algorithm selection
based on the length of the prime similarly to the way this was done for
other derivation steps in OWE.

This breaks backwards compatibility when using group 20 or 21; group 19
behavior remains same.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:47:16 +02:00
Jouni Malinen
10bdce692d Fix a typo in an example configuration file comment
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:08:12 +02:00
Jouni Malinen
0d445cd394 Fix a typo in a comment
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:08:10 +02:00
Jouni Malinen
ce26f0086c Fix coloc_intf_reporting config param in hostapd in non-OWE builds
This has nothing to do with OWE and parsing of this value was not
supposed to be within an ifdef CONFIG_OWE block.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-24 00:08:10 +02:00
Jouni Malinen
ca10117cd7 tests: Make ap_hs20_connect_no_full_match more robust
Explicitly clear cfg80211 scan cache to avoid issues with old BSS
entries from previous test cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-23 16:54:45 +02:00
Vamsi Krishna
1011c79900 Do not enable HT/VHT for 6 GHz band 20 MHz width channels also
The previous commit had a rebasing issue that ended up covering only the
center_segment0 != 0 case. These were supposed to apply for all 6 GHz
band cases.

Fixes: 0bfc04b8d0 ("Do not enable HT/VHT when operating in 6 GHz band")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-23 16:10:41 +02:00
Vamsi Krishna
d0e116f61f Enhance get_mode() to return correct hw_mode with 6 GHz support
The 5 GHz channels are stored in one hw_features set with mode
HOSTAPD_MODE_IEEE80211A while the 6 GHz channels will need to be stored
in a separate hw_features set (but with same mode
HOSTAPD_MODE_IEEE80211A) due to possibility of different HT/VHT/HE
capabilities being available between the 5 GHz and 6 GHz bands.

Iterate through all hw_features sets and check and match the band of
channel supported by the hw_features set while getting the hw_features
set in get_mode(). This allows both the 5 GHz and 6 GHz channels to be
found and correct capabilities to be used in cases where the driver
reports different capability values between 5 and 6 GHz channels.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-23 15:48:51 +02:00
Chaitanya Tata
4658eb77d6 Remove deprecated text for ap_scan=0
Users might be tempted to try ap_scan=0 for offloading scan,
ap_selection and, WPA to driver. Update the text to reflect that this is
deprecated.

Jouni confirmed deprecation in
https://www.spinics.net/lists/hostap/msg06482.html

Signed-off-by: Chaitanya Tata <chaitanya.tata@bluwireless.com>
2020-01-21 18:17:07 +02:00
Jouni Malinen
2be278696b tests: Allow more time for sigma_dut sta_associate commands
The previously used timeout of two seconds did not allow more than a
single scan attempt and that could fail every now and then. Make these
more robust by increasing the timeout to 10 seconds which allows another
scan attempt to be completed similarly to the most non-sigma_dut test
cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-21 13:22:57 +02:00
Jouni Malinen
5e32fb0170 SAE: Use Anti-Clogging Token Container element with H2E
IEEE P802.11-REVmd was modified to use a container IE for anti-clogging
token whenver H2E is used so that parsing of the SAE Authentication
frames can be simplified.

See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-21 13:13:56 +02:00
Jouni Malinen
e36a5894d0 SAE: Use H2E whenever Password Identifier is used
IEEE P802.11-REVmd was modified to require H2E to be used whenever
Password Identifier is used with SAE.

See this document for more details of the approved changes:
https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-21 13:13:56 +02:00
Jouni Malinen
6a673d0fb0 tests: Remove mesh SAE Password Identifier test cases for now
IEEE P802.11-REVmd was modified to require H2E to be used whenever
Password Identifier is used with SAE. Since wpa_supplicant and mac80211
do not yet support SAE H2E in mesh, Password Identifier cannot be used
in mesh cases. Remove the test cases that verified this behavior for now
to allow H2E to be required per updated REVmd definition. These test
cases will be restored once H2E is fully functionality in mesh cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-21 13:00:20 +02:00
Jouni Malinen
c56b7a2fdf SAE: Mark sae_derive_pt_ecc() static
This function is not used outside sae.c.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-21 00:35:16 +02:00
Jouni Malinen
6ce883de69 tests: SAE anti clogging (forced, H2E)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-20 21:17:46 +02:00
Jouni Malinen
29dd0b3164 SAE H2E: Check H2E-only BSS membership selector only if SAE is enabled
This BSS membership selector has impact only for SAE functionality, so
ignore it when configured not to use SAE. This allows WPA-PSK connection
to and AP that advertises WPA-PSK and SAE while requiring H2E for SAE.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-20 21:17:28 +02:00
Johannes Berg
f124367afb tests: parallel-vm: allow running without curses
Allow running without curses, in which case the log is simply written to
stdout instead of a file. This is useful for automated (but parallel)
testing. Note that in most cases, you'd want to specify --debug, and so
I added a .rstrip() there on the lines to clean that up a bit.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-01-20 21:17:24 +02:00
Johannes Berg
4ee5a50358 trace: Handle binutils bfd.h breakage
Some things in bfd.h that we use were renamed, and in the case of
bfd_get_section_vma() a parameter was dropped. Work around this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-01-20 21:17:21 +02:00
Daniel Golle
fa308a6496 hostapd: Fix a typo in sample configuration
'assocition' -> 'association'

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-20 19:09:52 +02:00
Jouni Malinen
961eb08723 tests: Flush scan results in more Hotspot 2.0 test cases
This makes testing of INTERWORKING_CONNECT more robust.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-10 22:55:44 +02:00
Jouni Malinen
447ce4813a tests: Opportunistic Wireless Encryption transition mode disabled on STA
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-10 20:37:41 +02:00
Hai Shalom
d20365db17 EAP-SIM/AKA peer: Add support for EAP Method prefix
Add support for EAP method prefix in the anonymous identity
used during EAP-SIM/AKA/AKA' authentication when encrypted IMSI
is used. The prefix is a single character that indicates which
EAP method is required by the client.

Signed-off-by: Hai Shalom <haishalom@google.com>
2020-01-10 19:16:13 +02:00
Jouni Malinen
991e6b9e79 tests: Call stop_sigma_dut() in more failure cases
Some of the sigma_dut test cases were not yet using try/finally to
ensure stop_sigma_dut() gets called. That could result in not logging
all failure reasons in the log and getting stuck with being unable to
start new sigma_dut processes after failed test cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-10 00:44:07 +02:00
Jouni Malinen
f0b6b23fe3 tests: Enable sigma_dut debug log for all test cases
There is no point in having to enable this separately for each test case
since the debug details are always useful if something fails.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-10 00:21:15 +02:00
Jouni Malinen
a04c153b9f tests: Verify that sigma_dut is functional after startup
There is no point in continuing the test ase if sigma_dut is not in
functional state.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-10 00:04:43 +02:00
Jouni Malinen
fb0f13fbf8 tests: Log sigma_dut stdout/stderr separately for each command
This makes logs easier to understand and this may also help in running
over buffer space and getting stuck with sigma_dut termination.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 23:31:29 +02:00
Vamsi Krishna
4bf78a79d0 ACS: Populate channel config from external ACS per documented behavior
Based on the now documented seg0/seg1 values from offloaded ACS, there
is a mismatch between the driver interface and internal hostapd use.

The value of segment0 field in ACS results is the index of the channel
center frequency for 20 MHz, 40 MHz, and 80M Hz channels. The value is
the center frequency index of the primary 80 MHz segment for 160 MHz and
80+80 MHz channels.

The value of segment1 field in ACS results is zero for 20 MHz, 40 MHz,
and 80 MHz channels. The value is the index of the channel center
frequency for 160 MHz channels and the center frequency index of the
secondary 80 MHz segment for 80+80 MHz channels.

However, in struct hostapd_config, for 160 MHz channels, the value of
the segment0 field is the index of the channel center frequency of 160
MHz channel and the value of the segment1 field is zero. Map the values
from ACS event into hostapd_config fields accordingly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 20:22:12 +02:00
Vamsi Krishna
fe1552d93c ACS: Update documentation of external ACS results event parameters
Update the documentation with values to be sent for seg0 and seg1 fields
in external ACS result event for 20 MHz, 40 MHz, 80 MHz, 160 MHz, and
80+80 MHz channels. These values match the changes done to definitions
of seg0 and seg1 fields in the IEEE 802.11 standard.

This vendor command had not previously been documented in this level of
detail and had not actually been used for the only case that could have
two different interpretation (160 MHz) based on which version of IEEE
802.11 standard is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 20:12:14 +02:00
Vamsi Krishna
881177201a 6 GHz: Fix Channel Width value for 80+80 in 6 GHZ Operation Info field
The Channel Width field value is 0 for 20 MHz, 1 for 40 MHz, 2 for 80
MHz, and 3 for both 160 MHz and 80+80 MHz channels. The 80+80 MHz case
was not addressed previously correctly since it cannot be derived from
seg0 only.

The Channel Center Frequency Segment 0 field value is the index of
channel center frequency for 20 MHz, 40 MHz, and 80 MHz channels. The
value is the center frequency index of the primary 80 MHz segment for
160 MHz and 80+80 MHz channels.

The Channel Center Frequency Segment 1 field value is zero for 20 MHz,
40 MHz, and 80 MHz channels. The value is the index of the channel
center frequency for 160 MHz channel and the center frequency index of
the secondary 80 MHz segment for 80+80 MHz channels.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 17:43:28 +02:00
Jouni Malinen
b4fe37c4fa Silence compiler warning in no-NEED_AP_MLME builds
Make the dummy hostapd_hw_mode_txt() wrapper return "UNKNOWN" instead of
NULL to avoid a warning from a debug printf using %s with NULL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 12:44:08 +02:00