Commit graph

14025 commits

Author SHA1 Message Date
Jouni Malinen
3a833d95b3 wpaspy: Convert to/from str to bytes as needed for python3
The control interface commands use mostly ASCII or UTF-8 strings, so
convert input/output to strings/bytes as needed for the socket
operations with python3.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-04 12:26:33 +02:00
Masashi Honma
04fa9fc7fd tests: Decode Popen() output values for python3
Explicit conversion to str is needed here for python3 compatibility.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-04 12:26:33 +02:00
Jouni Malinen
45b0b88f80 tests: Decode command execution output to a str for python3
Need to convert from bytes to str to allow the following string
operations to work with python3.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-02 12:51:13 +02:00
Jouni Malinen
58be42b264 tests: Remove trailing semicolons from python code
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-02 12:10:53 +02:00
Masashi Honma
9c06eda01c tests: Use python3 compatible libraries
This patch is made by using 2to3 command with some modifications.

$ find . -name *.py | xargs 2to3 -f imports -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-02 12:03:04 +02:00
Jouni Malinen
2974633d0c tests: Remove unused import statements
These were not used at all and caused unnecessary operations and in some
cases, compatibility issues with python3.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-02 11:35:13 +02:00
Masashi Honma
bc664dfc09 tests: python3 requires a raw string due to the backslash
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-02 11:35:05 +02:00
Jouni Malinen
b198d281b0 tests: Enable ERP testing with PEAP
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-02 00:06:04 +02:00
Jouni Malinen
d05dda61d8 PEAP: Explicitly clear temporary keys from memory when using CMK
The case of PEAPv0 with crypto binding did not clear some of the
temporary keys from stack/heap when those keys were not needed anymore.
Clear those explicitly to avoid unnecessary caching of keying material.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-02 00:01:29 +02:00
Jouni Malinen
4e1cd3468e EAP-PEAP: Derive EMSK and use 128-octet derivation for MSK
Derive EMSK when using EAP-PEAP to enable ERP. In addition, change the
MSK derivation for EAP-PEAP to always derive 128 octets of key material
instead of the 64 octets to cover just the MSK. This is needed with the
PRF used in TLS 1.3 since the output length is mixed into the PRF
context.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-01 23:52:28 +02:00
Johannes Berg
a2674fd902 tests: wpasupplicant: Refactor code duplication in wait_global_event()
This code is identical to the wait_event() code, except for the
mon/global_mon instance. Create a _wait_event() function that
encapsulates this, and use it for both.

While at it, fix the bug in wait_global_event() where in the case
of not having a global_mon it always returns None.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-01 23:02:43 +02:00
Johannes Berg
8bdefe511c tests: vm-run: Create a symlink to the latest logs
This is useful when running a test multiple times, looking at
log output etc. to not have to pick out the right directory
each and every time.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-01 23:00:42 +02:00
Jouni Malinen
d8c20ec591 DPP: Clear dpp_listen_freq on remain-on-channel failure
If the DPP_LISTEN command failed due to the driver rejecting the
remain-on-channel request, wpa_s->dpp_listen_freq was left set to the
requested listen frequency and this resulted in the next DPP_LISTEN for
the same frequency reporting "DPP: Already listening on .." even when
the driver was not really listening on that frequency. Fix this by
clearing wpa_s->dpp_listen_freq in the error case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-30 12:28:43 +02:00
Purushottam Kushwaha
59fa205388 P2P: Allow the avoid channels for P2P discovery/negotiation
The avoid channels are notified through
QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY allow minimal traffic, so
enhance the P2P behavior accordingly by considering these avoid
frequencies for P2P discovery/negotiation as long as they are not in
disallowed frequencies list.

Additionally, do not return failure when none of social channels are
available as operation channel, rather, mark the op_channel/op_reg_class
to 0 as this would anyway get selected during the group formation in
p2p_prepare_channel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-30 12:15:19 +02:00
Jouni Malinen
0c1e29fd30 tests: WNM-Sleep Mode Request bounds checking for empty contents
The wnm_sleep_mode_proto test case was already covering number of
invalid WNM-Sleep Mode Request frame cases, but it was missing the
shortest possible case with a missing Dialog Token field. Add that as a
regression test case for bounds checking in
ieee802_11_rx_wnmsleep_req().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-28 15:05:09 +02:00
Jouni Malinen
e34cd9f06e WNM: Fix WNM-Sleep Mode Request bounds checking
ieee802_11_rx_wnmsleep_req() might have been called for a short frame
that has no more payload after the Public Action field, i.e., with len
== 0. The bounds checking for the payload length was done only for the
information elements while the one octet Dialog Token field was read
unconditionally. In the original implementation, this could have
resulted in reading one octet beyond the end of the received frame data.

This case has not been reachable after the commit e0785ebbbd ("Use
more consistent Action frame RX handling in both AP mode paths"), but it
is better to address the specific issue in ieee802_11_rx_wnmsleep_req()
as well for additional protection against accidential removal of the
check and also to have something that can be merged into an older
version (pre-v2.7) if desired. The comments below apply for such older
versions where the case could have been reachable.

Depending on driver interface specific mechanism used for fetching the
frame, this could result in reading one octet beyond the end of a
stack/hash buffer or reading an uninitialized octet from within a
buffer. The actual value that was read as the Dialog Token field is not
used since the function returns immediately after having read this value
when there is no information elements following the field.

This issue was initially added in commit d32d94dbf4 ("WNM: Add
WNM-Sleep Mode implementation for AP") (with CONFIG_IEEE80211V=y build
option) and it remained in place during number of cleanup and fix
changes in this area and renaming of the build parameter to
CONFIG_WNM=y. The impacted function was not included in any default
build without one of the these optional build options being explicitly
enabled. CONFIG_WNM=y is still documented as "experimental and not
complete implementation" in hostapd/defconfig. In addition, commit
114f2830d2 ("WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0
case") made this function exit before the impact read if WNM-Sleep Mode
support was not explicitly enabled in runtime configuration
(wnm_sleep_mode=1 in hostapd.conf). Commit e0785ebbbd ("Use more
consistent Action frame RX handling in both AP mode paths") made this
code unreachable in practice.

Add an explicit check that the frame has enough payload before reading
the Dialog Token field in ieee802_11_rx_wnmsleep_req().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-28 14:58:17 +02:00
Jouni Malinen
a18d58f47c tests: EAP-TLS and server reloading CRL from ca_cert
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-27 18:48:16 +02:00
Jared Bents
159a7fbdea crl_reload_interval: Add CRL reloading support
This patch adds a new flag 'crl_reload_interval' to reload CRL
periodically. This can be used to reload ca_cert file and the included
CRL information on every new TLS session if difference between the last
reload and the current time in seconds is greater than
crl_reload_interval.

This reloading is used for cases where check_crl is 1 or 2 and the CRL
is included in the ca_file.

Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
2019-01-27 18:45:07 +02:00
Jouni Malinen
0eb34f8f28 tests: WPA2-PSK AP with PSK from a file (keyid and reload)
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-26 17:52:04 +02:00
Michal Kazior
83c8608132 AP: Add wpa_psk_file reloading in runtime
The wpa_psk_file can now be modified and hostapd can be told to re-read
it with the control interface RELOAD_WPA_PSK command:

 $ hostapd_cli reload_wpa_psk

It must be noted special care must be taken if WPS is configured
(wps_state=2, eap_server=1) because WPS appends PMKs to the
wpa_psk_file.

Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-26 17:52:04 +02:00
Michal Kazior
ec5c39a557 AP: Allow identifying which passphrase station used with wpa_psk_file
It is now possible to optionally specify keyid for
each wpa_psk_file entry:

 keyid=something 00:00:00:00:00:00 secretpassphrase

When station connects and the passphrase it used
has an associated keyid it will be appended to the
AP-STA-CONNECTED event string:

 wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something

It's also possible to retrieve it through the control interface:

 $ hostapd_cli all_sta
 Selected interface 'ap0'
 00:36:76:21:dc:7b
 ...
 keyid=something

New hostapd is able to read old wpa_psk_file. However, old hostapd will
not be able to read the new wpa_psk_file if it includes keyids.

Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-26 17:52:04 +02:00
Michal Kazior
b08c9ad0c7 AP: Expose PMK outside of wpa_auth module
This doesn't change any behavior on its own. It's going to be used to
expose per-station keyids and allow reloading passphrases in runtime.

Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-26 17:52:04 +02:00
Masashi Honma
1699309378 tests: Modify pmksa_cache test sets for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 13:15:40 +02:00
Masashi Honma
26b91346b9 tests: Modify ocv test sets for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 13:15:32 +02:00
Masashi Honma
255f3846a9 tests: ap_eap test requires more memory in VM
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 13:05:44 +02:00
Masashi Honma
26b0c29042 tests: Python3 does not allow mixed indentation
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 13:04:38 +02:00
Masashi Honma
00a41ed986 tests: Remove deprecated statement for python3 compatibility
This patch is made by using 2to3 command.

find . -name *.py | xargs 2to3 -f future -w -n

This was not really needed in this file for python2 compatibility.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 13:03:49 +02:00
Masashi Honma
e6b283f758 tests: Use int instead of long for python3 compatibility
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f long -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 13:02:50 +02:00
Masashi Honma
e1bb41bfde tests: Use python3 compatible raise statement
This patch is made by using 2to3 command.

find . -name *.py | xargs 2to3 -f raise -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 13:01:33 +02:00
Masashi Honma
8c851c2e36 tests: Use python3 compatible function attribute
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f funcattrs -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 13:00:03 +02:00
Masashi Honma
330f2dd6bb tests: Use python3 compatible range operation
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f xrange -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:56:02 +02:00
Masashi Honma
35d8c2545e tests: Use python3 compatible dict operation
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f dict -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:53:05 +02:00
Masashi Honma
89896c0008 tests: Use python3 compatible print statement
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f print -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:37:25 +02:00
Masashi Honma
bab493b904 tests: Use python3 compatible "except" statement
This patch is made by using 2to3 command.

$ find . -name *.py | xargs 2to3 -f except -w -n

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-26 12:11:35 +02:00
Daniel Golle
0dab477335 Write multi_ap_backhaul_sta to wpa_supplicant config
The network configration option multi_ap_backhaul_sta was added without
adding it to wpa_config_write_network(). Hence the value of this option
was not included when writing the configuration file. Fix this by
including it in wpa_config_write_network().

Fixes: 5abc7823b ("wpa_supplicant: Add Multi-AP backhaul STA support")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-01-24 00:27:12 +02:00
Lubomir Rintel
98251c6f21 dbus: Document more possible BSS/RSA/KeyMgmt values
This is probably not ideal, since it would be better if it ended up
being autogenerated somehow, but at least it's somewhat of an
improvement.

Also added a comment that encourages keeping the docs in sync.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-01-24 00:24:09 +02:00
Lior David
1e591df063 Check supported types in wpas_mac_addr_rand_scan_set()
When setting scan with randomized MAC, check the requested scan type
against supported types, to ensure callers will not set an unsupported
type, since this can cause scan/connect failures later. It is better to
do this in wpas_mac_addr_rand_scan_set() instead of control interface
specific code to apply the constraint on all possible interfaces using
this setting.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-01-24 00:21:34 +02:00
Lior David
c85249aa15 Fix test compilation error related to sme_event_unprot_disconnect()
sme_event_unprot_disconnect() is only defined with CONFIG_IEEE80211W, so
the CONFIG_TESTING_OPTIONS command UNPROT_DEAUTH can be defined only
with builds that enable IEEE 802.11w support.

Signed-off-by: Lior David <liord@codeaurora.org>
2019-01-24 00:21:28 +02:00
Jouni Malinen
6de2a80940 tests: SAE and password identifier (exclusively)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-24 00:20:49 +02:00
Jouni Malinen
42d308635f SAE: Advertise Password Identifier use
Support the new Extended Capabilities field bits 81 and 82 to indicate
whether SAe Password Identifiers are in use.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-24 00:20:49 +02:00
Jouni Malinen
59c6930641 HS 2.0 server: Command line option to fetch the version information
This can be used to report automatically generated version strings from
the SPP server.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-24 00:20:44 +02:00
Jouni Malinen
2d1762fa4a HS 2.0 server: Alternative subrem updateNode for certificate credentials
The new subrem field in the users database can now be used to issue an
alternative subscription remediation updateNode for clients using
certificate credentials. The data file for this case is similar to the
policy update files, but it starts with the managementTreeURI value in
the first line.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-23 01:03:46 +02:00
Jouni Malinen
d97cf2a117 HS 2.0 server: Use noMOUpdate in client certificate subrem
There is no point in trying to update the Credential node with the
existing contents in case of subscription remediation using a client
certificate instead of a username/password credential, so use the
noMOUpdate in that case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-22 23:31:06 +02:00
Jouni Malinen
13a200a92a FILS: Remove notes about experimental implementation
The standard amendment has been published and there has been sufficient
amount of interoperability testing for FILS to expect the protocol not
to be changed anymore, so remove the notes claiming this to be
experimental and not suitable for production use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-22 13:33:48 +02:00
Jouni Malinen
ad171ccd82 tests: Update README to refer to parallel-vm.py
parallel-vm.sh was removed earlier.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-22 13:27:31 +02:00
Lubomir Rintel
86d4e05374 dbus: Expose support of SAE key management in BSS properties
This is going to be useful for NetworkManager and likely others.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-01-22 13:26:12 +02:00
Masashi Honma
3e949655cc Revert "mesh: Apply channel attributes before setup interface"
This reverts commit 2564184440.

Commit 2564184440 ("mesh: Apply channel attributes before setup
interface") triggers some channel configurations to result in leaking
memory. This seems to be caused by hapd->started not getting set when
going through a callback to start hostapd operation (e.g., when using
HT40 coex scan) due to hostapd_setup_bss() not getting called. This
results in hostapd_free_hapd_data() not clearing allocated
hapd->wpa_auth. This can be reproduced with the hwsim test case
mesh_secure_ocv_mix_legacy.

A more complete cleanup of the pending mesh patch for DFS support seems
to be needed to fix this properly, so the best approach for now is to
revert this patch and bring it back once rest of the mesh changes are
ready to be applied.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-01-21 23:43:12 +02:00
Ian Archer
9758b08bcf hostapd: Add support for setting pbss option from config file
There is currently no support for setting hostapd_bss_config.pbss from a
config file, i.e., it was used only based on automatic logic in
wpa_supplicant. This patch adds a key naturally called "pbss" which can
be used to set it.

Cc: Antony King <antony.king@bluwirelesstechnology.com>
Signed-off-by: Brendan Jackman <brendan.jackman@bluwirelesstechnology.com>
2019-01-21 12:35:59 +02:00
Amit Khatri
cc0f24196b D-Bus: Fix P2P Flush method to clear pending Action frames
If we call p2p_flush from ctrl_iface, before calling p2p_flush() it
calls wpas_p2p_stop_find(). Add the same call to the matching D-Bus
method to clear all pending operations.

Signed-off-by: Amit Khatri <amit7861234@gmail.com>
2019-01-21 12:30:17 +02:00
stonez
fff8da8ace Add a vendor attribution to transfer EVM information
This new QCA vendor attribute indicates the EVM value in netlink.

Signed-off-by: stonez <stonez@codeaurora.org>

:100644 100644 ad5dac2... ede4fc8... M	src/common/qca-vendor.h
2019-01-21 12:28:05 +02:00