Commit graph

9272 commits

Author SHA1 Message Date
Johannes Berg
fd77e594a4 hwsim tests: vm: read a config file from $HOME
The vm-config in the subdirectory is less useful as it
will get removed by "git clean" and similar, so read a
config file from ~/.wpas-vm-config in addition.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-01-14 17:08:04 +02:00
Johannes Berg
fe8691248d hwsim tests: add a hwsim controller module
The controller module allows adding/destroying radios on the fly
with the recent hwsim changes.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-01-14 17:08:04 +02:00
Jouni Malinen
c48414af8f P2P: Limit join-a-group scans based on SSID from invitation
If we already know the SSID of the P2P group we are trying to join, use
that SSID to limit scan responses and BSS selection since we do not
really look for any other network in this case. In addition, this can
fix cases where the peer has just changed its SSID (e.g., started a new
group) and there may be multiple BSS entries for the same BSSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-13 21:39:06 +02:00
Jouni Malinen
7559ad7af6 tests: Double the connection timeout for EAP cases
It looks like slow virtual machines may have issues to complete some EAP
authentication cases (e.g., EAP-EKE in ap_ft_eap) within the 10 second
timeout under load. Double the timeout to avoid incorrect test failures.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-13 20:47:01 +02:00
Jouni Malinen
c57c1ed6b3 tests: Clear data from ongoing scan on reset()
It was possible for the previous test case to leave unexpected BSS or
P2P peer table entries if a scan was in progress when the FLUSH command
was used. This could result in test failures, e.g., when running
discovery_dev_type_go followed by discovery_group_client where a P2P
peer was discovered on another channel at the end of the former test
case from a scan that was running durign the FLUSH operation that was
supposed to remove all P2P peers. This could result in
discovery_group_client failing due to dev[2] trying to send the
discoverability frame on incorrect channel (the one learned in the
previous test case) since discover_peer() skipped a new device
discovery. Fix this by running FLUSH operation again if a pending scan
operation is detected during the first FLUSH operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-13 20:26:22 +02:00
Jouni Malinen
78f0c933e0 Flush secondary device types on FLUSH command
This makes it possible to clear previously configured secondary device
types.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 22:27:30 +02:00
Jouni Malinen
c70ebce0ba tests: P2P device discovery filtering on Device ID and Device Type
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 22:25:58 +02:00
Jouni Malinen
2b384109f2 P2P: Allow requested device type to be specified with p2p_find
This allows filtering of P2P peers that reply to the device discovery
Probe Request frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 20:01:19 +02:00
Jouni Malinen
d4c7a2b9e6 tests: EAP-TLS with OCSP
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 17:45:56 +02:00
Jouni Malinen
2d10eb0efd tests: PKCS#12 use for EAP-TLS
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 17:18:22 +02:00
Jouni Malinen
9f8994c623 tests: CA certificate in DER format
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 17:06:36 +02:00
Jouni Malinen
57be05e158 tests: Server certificate trust based on hash value
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 17:04:45 +02:00
Jouni Malinen
3b74982f93 tests: subject_match and altsubject_match
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 17:04:35 +02:00
Jouni Malinen
d9bb2821e7 Clear configuration blobs on FLUSH command
All te network blocks and credentials were already cleared, but
configurations blobs should also be cleared here, e.g., to get
more consistent behavior test cases using EAP-FAST PACs.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
53a6f06a0b tests: EAP-FAST
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
c60ba9f7ab Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
7185e16a91 EAP-FAST peer: Make debug clearer on missing pac_file configuration
EAP-FAST requires pac_file to be configured, so make it clearer from the
debug output if missing configuration parameter was the reason for
EAP-FAST initialization failing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 10:25:58 +02:00
Jouni Malinen
c075f040a1 tests: Verify all implemented EAP-pwd groups
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 09:08:54 +02:00
Jouni Malinen
dccafedb9a tests: Include vendor extension in WPS M1
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 23:37:13 +02:00
Jouni Malinen
1013a57654 tests: WPS AP using fragmented WPS IE
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 23:22:45 +02:00
Jouni Malinen
9ba1fcb056 tests: WPS 2.0 AP rejecting WEP configuration
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 23:08:26 +02:00
Jouni Malinen
33de4f2d7a tests: External password storage
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 22:32:12 +02:00
Jouni Malinen
7b88b64cd3 EXT PW: Fix hash return in password fetching
The hash return buffer was previously left uninitialized in case
externally stored password ("password=ext:...") was used. This could
result in MSCHAPv2 failure if that uninitialized memory happened to be
something else than zero.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 22:32:12 +02:00
Jouni Malinen
08081ad8ef hostapd: Skip full AP configuration validation on SET command
It is possible for the configuration to be temporarily invalid when
adding a new AP through SET commands followed by ENABLE. Avoid this
issue by using less strict validation on SET commands and perform full
configuration validation only on ENABLE. Use cases with configuration
file maintain their previous behavior, i.e., full validation after the
file has been read.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 20:23:56 +02:00
Jouni Malinen
f19ee5b7f7 tests: Hidden SSID
In addition, add the earlier tests in the new test_ssid.py file that was
forgotten from the previous commit
d78f33030d.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 20:23:56 +02:00
Arik Nemtsov
1785d2e912 P2P: Wait on GO Negotiation Confirm transmit
This reverts commit 792c8877c3
('P2P: Send GO Negotiation Confirm without wait').

Some drivers rely on the wait period for sending packets on the
off-channel. If the wait value is small, there's a race condition where
the driver ROC might complete before the packet was sent out. This
doesn't impede other drivers, as the wait is cancelled when a
Tx-completion arrives from the remote peer.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
2014-01-07 16:28:44 +02:00
Eyal Shapira
472fa2168a P2P: Cancel action frame offchan wait after recv GO Neg Conf
The missing call to scan_action_done() may keep us off-channel for 250
ms following sending GO Negotiation Response. In case the operating
channel is different from this channel and we're GO, a race could lead
to start beaconing while off-channel. This could potentially cause the
Beacon frames to go out on incorrect channel with some drivers.

Signed-hostap: Eyal Shapira <eyal@wizery.com>
2014-01-07 16:12:03 +02:00
Jouni Malinen
bfdc2a3172 bsd: Fix NULL pointer dereference on error path
The error path in bsd_init() on struct bsd_driver_data allocation was
jumping to location where drv is dereferenced. That will crash and it is
easier to just return from the function since no cleanup steps are
needed in this case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 15:58:01 +02:00
Masashi Honma
38bbd06ecf bsd: Prepare event buffer on init process
Currently these three steps runs for each event.
1. get buffer size via system
2. allocate a memory for event
3. free the memory

The wpa_supplicant receives 4 events from boot to be connected.
So this patch prepare the event buffer at the init process.

I have tested wpa_supplicant on NetBSD 6.1.2.
But I could not tested hostapd because I do not have AP enabled device.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2014-01-07 15:56:06 +02:00
Ben Greear
3043b4f455 nl80211: Document how to configure for libnl 2.0 and 3.2
Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com>

Signed-hostap: Ben Greear <greearb@candelatech.com>
2014-01-07 15:35:14 +02:00
Jouni Malinen
8697cbc0f8 tests: Make ap_wps_er_add_enrollee less likely to fail
WPS-ER-AP-REMOVE event from the ER is sent before HTTP UNSUBSCRIBE has
been completed. As such, it was possible for the following scan
validation step to be started before the AP has had a chance to react to
the ER status change. Makes this less likely to fail by waiting 200 ms
before starting the last scan.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 15:20:30 +02:00
Jouni Malinen
a06b1070d8 tests: P2P_REJECT to reject GO Negotiation Request frames
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
2db832b1e6 tests: Negative test case for P2P group formation with incorrect PIN
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
95fb2db242 P2P: Reject group formation on WPS provisioning failure
There is no need to wait for the 15 second group formation timeout to
clear the state if WPS failure is detected during P2P group formation.
Allow the WPS exchange steps (WSC_NACK and EAP-Failure) to be completed
and remove the group to get rid of the extra wait.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
6fc61e180e Fix TX status processing during AP mode shutdown in wpa_supplicant
A TX status event could be received after the AP interface has already
been deinitialized. This needs to check for NULL pointer before trying
to indicate the event to AP functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
675b1f891b tests: p2p_client_list on persistent GO
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
90a545ccba nl80211: Clean up netlink parsing and debug prints
This makes the RTM_NEWLINK, RTM_DELLINK, and operstate debug messages
easier to understand.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
b6a9590b34 Interworking: Keep up to two pending GAS_REQUEST responses
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
090b8e3d14 Update copyright notices for the new year 2014
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Andrei Otcheretianski
991aa9c73f nl80211: Move CS supported flag to wpa_driver_capa
Replace channel_switch_supported flag of the
wpa_driver_nl80211_data by WPA_DRIVER_FLAGS_AP_CSA inside
wpa_driver_capa.flags. It makes more sense and also can
be accessed by wpa_supplicant.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-01-07 10:45:12 +02:00
Jouni Malinen
a36158befe tests: Add get_driver_status for Hostapd
This is identical to the same command in WpaSupplicant class.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
f0cbb986ff Add DRIVER-STATUS command for hostapd
This is just like the same command in wpa_supplicant, i.e., "hostapd_cli
status driver" can be used to fetch information about the driver status
and capabilities.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
fa0ddb1484 tests: MSCHAPv2 password as hash value
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
e745c811ef tests: Verify EAP vendor test
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
d0ce105068 tests: Verify EAP-PEAP/EAP-TLS
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
f10ba3b2fc tests: Negative test cases with incorrect EAP password
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
188ebcd07b EAP-IKEv2 peer: Fix a memory leak in notify round
The plaintext notification needs to be freed after encryption.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
a190189d22 Remove PEAPv2 support
PEAPv2 implementation was not fully completed and there does not seem to
be any deployments of PEAPv2 nor any clear sign of such showing up in
the future either. As such, there is not much point in maintaining this
implementation in hostapd/wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
6daf5b9c1c tests: Add more EAP fragmentation tests
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
16a19ddae8 EAP-pwd peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-pwd fragmentation limit instead of always using the
hardcoded value of 1020.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00