Commit graph

8291 commits

Author SHA1 Message Date
Jouni Malinen
e438fb0d3a tests: Move AES-128 EAX mode test cases into hwsim framework
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:24:42 +02:00
Jouni Malinen
6c33962dd1 tests: Additional OMAC1-AES module test coverage
This verifies couple of corner cases with short vector entries in the
OMAC1-AES implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:15:23 +02:00
Jouni Malinen
304d40e904 tests: Move OMAC1-AES test cases into hwsim module tests
This makes sure the test cases are executed automatically with rest of
the hwsim tests.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 16:02:08 +02:00
Jouni Malinen
942b75468d tests: Add module tests for AES-SIV
This moves the AES-SIV test case from tests/test-aes.c to be part of
wpa_supplicant module testing framework with a new
src/crypto/crypto_module_tests.c component. In addition, the second test
vector from RFC 5297 is also included for additional coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 15:50:53 +02:00
Jouni Malinen
f6ebbcf62a AES-SIV: Make aes_s2v() static
This function is not used outside aes-siv.c. In addition, include the
aes_siv.h header to make sure that functions get declared consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 15:22:36 +02:00
Jouni Malinen
dcf8fbc058 nl80211: Simplify event processing error paths
These are practically unreachable code since cfg80211 fills in the
required attributes or does not send the event. Keep the checks in
place, but minimize the extra code in wpa_supplicant/hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 13:40:07 +02:00
Jouni Malinen
38751d8bd5 nl80211: Remove cfg80211 state mismatch workaround for authentication
cfg80211 dropped support for tracking BSS authentication state and
setting NL80211_BSS_STATUS_AUTHENTICATED in 'cfg80211: stop tracking
authenticated state' three years ago (starting in Linux 3.4). As such,
this workaround code in wpa_supplicant cannot be reached anymore. There
is no real need for maintaining it for older kernels either, since there
are other ways of detecting and working around state mismatches with the
actual authentication operations failing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 12:21:12 +02:00
Jouni Malinen
64ae244763 nl80211: Check support for rekey offload on first use
While there is no explicit driver capability advertisement for this in
nl80211, the EOPNOTSUPP response can be interpreted as a clear
indication of NL80211_CMD_SET_REKEY_OFFLOAD not being supported. Check
for that and don't try to offload keys again if the driver has not use
for them.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-05 12:00:09 +02:00
Jouni Malinen
8aeb6e3dbc tests: MAC_RAND_SCAN with valid and invalid arguments
This verifies that random MAC address is used as requested in Probe
Request frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-04 23:06:58 +02:00
Ilan Peer
8b48e32006 wpa_cli: Add MAC address randomization in scan
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
fb375883f4 ctrl_iface: Add MAC address randomization in scan processing
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
56c76fa592 scan: Add MAC address randomization in scan handling
1. Supported MAC address randomization for scan.
2. Supported MAC address randomization for scheduled scan.
2. Supported MAC address randomization for pno.
4. Add functions to set and clear the MAC address randomization
   state variables.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
86056fea63 nl80211: Handle MAC address randomization in scan/sched_scan
1. Process supported driver capabilities.
2. Populate scan request with MAC address randomization data

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 23:06:31 +02:00
Ilan Peer
ff23ed221d driver: Add definitions for MAC address randomization in scan
1. Add parameters to the scan command to allow MAC address
   randomization during scan and scheduled scan.
2. Add capability bits to publish MAC address randomization support
   in scan and scheduled scan.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-04 21:46:38 +02:00
Jouni Malinen
5434f07c20 tests: TDLS channel switching
Verify correct behavior with invalid commands. In addition, allow minor
mac80211_hwsim modifications to be used to enable testing of the driver
interface to enable and disable channel switching.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-04 21:46:38 +02:00
Arik Nemtsov
7db53bb8c5 wpa_cli: Implement TDLS start/cancel channel switching commands
For the start operation, this includes appropriate parameters for
specifying channel and peer information. The cancel operation includes
peer information.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 21:46:37 +02:00
Arik Nemtsov
72b2605f15 nl80211: Pass TDLS channel-switch start/stop params to kernel
The kernel-driver/firmware are responsible for performing periodic
switches to the target channel with the given peer. Propagate all TDLS
channel switching related information to kernel.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 21:46:37 +02:00
Arik Nemtsov
6b90deae4d TDLS: Propagate enable/disable channel-switch commands to driver
The supplicant code does not try to control the actual channel of the
radio at any point. It simply passes the target peer and channel
parameters to the driver. It's the driver's responsibility to
periodically initiate TDLS channel-switch operations when TDLS
channel-switching is enabled.

Allow enable/disable operations to be invoked via the control interface.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 20:30:11 +02:00
Arik Nemtsov
d9d3b78c67 TDLS: Track TDLS channel switch prohibition in BSS
Mark an appropriate sm flag when TDLS switch is prohibited by the AP.
Populate the flag upon association with the AP.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 18:59:31 +02:00
Arik Nemtsov
4daa572925 TDLS: Add channel-switch capability flag
Propagate a driver TDLS channel-switch support bit from nl80211 to
TDLS code.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-01-04 18:59:31 +02:00
Jouni Malinen
ca16586afe Sync with wireless-testing.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2014-11-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-04 18:59:31 +02:00
Eliad Peller
41bf76447b tests: WMM-AC reassociation-to-same-BSS test
Make sure the tspecs are kept on reassociation to the same BSS.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:59:07 +02:00
Eliad Peller
bc32f830f4 tests: wmm_ac_status and roaming case with WMM-AC
Make sure the wmm_ac_status command reflects correctly the existing
tspecs after add_ts/del_ts commands. Add a new test to verify all tspecs
are removed on roaming (while FT is not used).

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:57:23 +02:00
Eliad Peller
8c42b36902 WMM AC: Reconfigure tspecs on reassociation to the same BSS
The specification requires the tspecs to be kept upon reassociation to
the same BSS. Save the last tspecs before such reassociation, and
reconfigure on the association notification.

Note that the current flow is not transparent to the user
(it is notified about deauth/reassoc and tspec removal/addition).

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:41:00 +02:00
Eliad Peller
677e7a9582 WMM AC: Do not fail on unknown IEs in Association Response
Some APs add their custom (vendor-specific) IEs to the Association
Response frame. Fail WMM AC initialization only if Association Response
frame IE parsing actually failed, i.e., ignore all unknown IEs.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:33:29 +02:00
Eliad Peller
fecc2bb5a8 WMM AC: Delete tspecs on roaming
In case of roaming, we don't get disassoc notification, but
still want to remove the existing tspecs.

Move the wmm_ac_notify_disassoc() call to the state change
function, which get called also on roaming.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:32:59 +02:00
Eliad Peller
20fe74561c WMM AC: Print user-priority in wmm_ac_status
The UP is important property of the tspec, so print it as well.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-01-04 18:31:18 +02:00
Avraham Stern
730a0d16bf nl80211: Always register management frames handler
If registering WMM-AC ADDTS response action frame or WMM-AC DELTS
action frame fails, the management frame handler is not being
registered. This results with a segmentation fault when trying to
unsubscribe the handler when the interface is removed.
Fix it by always registering the handler and just returning a negative
value to note that the action frame could not be registered.

This fixes an issue introduced in the commit
dfa8787833 ('nl80211: Implement
add_ts/del_ts ops').

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-01-04 18:28:03 +02:00
Jouni Malinen
4e8f31e2ef doc: Extend driver.h documentation
This documents some more parts of the driver wrapper interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-03 18:24:20 +02:00
Jouni Malinen
421cb6a98b doc: Add rule for generating _wpa_supplicant.eps
Commit 7c4e92115a ('Update Doxygen
documentation for new version') rename the PNG version of the image, but
forgot the EPS version for Latex.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-03 18:24:20 +02:00
Jouni Malinen
750904dd42 tests: Extend EAP key lifetime in memory to cover MSK and EMSK
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-03 15:49:57 +02:00
Jouni Malinen
5eb513c3ba doc: Disable Doxygen autolink support
The way autolink support is implementing in Doxygen is a bit
inconvenient with wpa_supplicant being recognized as something that
would always be linked to struct wpa_supplicant. In addition, number of
links were not really noticed automatically. To get this working more
robustly and without having to use the %wpa_supplicant workaround (which
had its own issues, e.g., with titles), disable autolinking and use
explicit \ref commands instead.

This is also updating some of the obsolete notes to point to correct
file names, etc. changes in the source code tree.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-03 15:44:35 +02:00
Jouni Malinen
bbd89bfca0 nl80211: Clear nlmsg payload with keys before freeing
This reduces the time possible keys could remain in heap memory. Couple
of the nl80211 messages include keys (TK for normal ciphers and
KCK/KEK/PMK for various offloading cases).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-03 01:15:34 +02:00
Jouni Malinen
f2535da879 nl80211: Note linux_set_iface_flags() failure in debug log
There was one final remaining linux_set_iface_flags() call that did not
check the result. This specific one does not really matter much, but
anyway, be more consistent by checking the result and log any error in
debug log. (CID 74146)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:56:04 +02:00
Jouni Malinen
ce8ca2f9a0 tests: Make wpas_mesh_max_peering more robust
The previous version was enabling all three stations at the same time
and left dev[1] and dev[2] competing on getting connected with dev[0]
that allowed only one pairing. This was not exactly robust and the pass
criteria depended on an extra event from either dev[1] or dev[2]. Fix
that by first connecting dev[0] and dev[1] and only after that, start
dev[2]. This allows proper validation of both the peering limit on
dev[0] and no extra event on dev[2].

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
29bac7cb89 tests: Make scan_hidden more robust under heavy CPU load
It is possible for the Probe Response frame wait to time out when active
scanning is used under heavy CPU load. Make this test case more robust
by trying multiple times before declaring the scan for a hidden SSID to
have failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
2ec82e67c1 tests: wpa_supplicant D-Bus interface
This adds new files with test cases to verify both the old and new
wpa_supplicant D-Bus interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
b0839232fa tests: Enable wpa_supplicant D-Bus support for hwsim tests
This allows automated testing of the wpa_supplicant D-Bus interface. The
instance controlling wlan0 registers with D-Bus if dbus-daemon was
started successfully. This is only used in VM testing, i.e., not when
run-tests.sh is used on the host system with D-Bus running for normal
system purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
fa0d99c4b2 doc: Document the D-Bus P2P extensions
P2P support was added to the wpa_supplicant D-Bus interface long time
ago, but there has been no attempt of documenting that interface so far.
This commit adds at least a list of new interfaces, methods, properties,
and signals. Some of the incorrect and/or strange parts of the interface
are also identified with bug/todo comments.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
2750d27ebc doc: Document D-Bus WPS property ConfigMethods
This was added a long time ago, but documentation update was forgotten.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
fd5768b620 doc: Document missing D-Bus Interface properties
CurrentAuthMode and DisconnectReason have been added a long time ago,
but documentation update was forgotten.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
6c45094c0c doc: Document D-Bus BSS properties WPS and Age
These have been added a long time ago, but documentation update was
forgotten.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
9f972b45ca doc: Add D-Bus documentation for Probe Request reporting
Commit 2d43d37ff2 ('DBus: Add ability to
report probe requests') added this capability, but forgot to document
it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
24a97d6ff2 doc: Fix D-Bus documentation for .Network Properties
This propertry is not read-only, i.e., it can also be used to change
configuration parameters for an existing network.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
d118a6b8c8 D-Bus: Fix WPS.Start method in AP/P2P GO mode
Previously, role="enrollee" was required to be used to allow the AP mode
WPS operation to be started. This is incorrect since the AP/GO will
operate in Registrar role. Fix this by ignoring the role parameter when
AP (including P2P GO) mode is enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
bd47d68035 WPS: Reject station-mode WPS operations when AP mode is enabled
Start of station-mode WPS PBC/PIN/Registrar/NFC operation would result
in the AP mode getting disabled. This can be particularly confusing for
the P2P GO case where the group would need to be stopped cleanly. As
such, it is better to reject these invalid operations rather than trying
to handle all corner cases needed to allow this to work robustly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
f47a562c73 D-Bus: Move NetworkRequest signal to correct registration array
This is an interface signal, not a global signal, so move it to the
current array for registering the signal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
afaa6d99a4 D-Bus: Remove registration of P2PStateChanged signal
This signal is not generated anywhere, so there is no point in claiming
it to be available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
1a4efde5bd D-Bus: Make P2P Group Passphrase property getter available for P2P Client
There is no need to limit this property based on the role of the device
in the group, so return the passphrase if it is available. It will be
available in GO role and it may be available in P2P Client role based on
whether the peer GO provided it during the WPS provisioning step.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00
Jouni Malinen
20e1d81e09 D-Bus: Fix P2P Group PSK property getter
This was returning a byte array of the pointer to the PSK, not the
actual PSK, due to incorrect use of
wpas_dbus_simple_array_property_getter(). In addition, there is no need
to limit this property based on the role of the device in the group, so
return the PSK if it is available (which it will be for both GO and P2P
Client roles).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-02 22:50:27 +02:00