Commit graph

7677 commits

Author SHA1 Message Date
Jouni Malinen
48408fce2f HS 2.0R2: Do not mandate OCSP response for EST operations
OCSP validation is required only for the OSU operations and since the
EST server may use a different server certificate, it may not
necessarily support OCSP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:58 +02:00
Jouni Malinen
8f60293d3f HS 2.0R2: Do not use OSU cert validation for EST
There is no requirement for the EST server to use an OSU server
certificate, so do not require friendly name and icon hash matches for
EST cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:49 +02:00
Jouni Malinen
40bdceac88 HS 2.0R2: Configure OSU client trust root more consistently
Some of the code paths could have ended up ignoring CA file name from
command line due to overly complex way of setting ctx->ca_fname.
Configure this more consistently in osu_client.c as soon as the CA file
name has been determined.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:39 +02:00
Jouni Malinen
4d65deda7f HS 2.0R2: Clean up debug from libcurl
Do not truncate CURLINFO entries on first linefeed to get full IN/OUT
headers and data into debug log. Use wpa_hexdump_ascii() if any
non-displayable characters are included. Remove the separate header/data
debug dumps since all that information is now available from the debug
callback.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:35 +02:00
Jouni Malinen
f4e3860f8a Fix AP mode default TXOP Limit values for AC_VI and AC_VO
These were previous set to 3.0 and 1.5 ms which ended up using values 93
and 46 in 36 usec inits. However, the default values for these are
actually defined as 3.008 ms and 1.504 ms (94/47) and those values are
also listed in the hostapd.conf example.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-17 18:48:40 +02:00
Jouni Malinen
47bd94a09f TLS testing: Add new test cases for RSA-DHE primes
test-tls-4: Short 511-bit RSA-DHE prime
test-tls-5: Short 767-bit RSA-DHE prime
test-tls-6: Bogus RSA-DHE "prime" 15
test-tls-7: Very short 58-bit RSA-DHE prime in a long container
test-tls-8: Non-prime as RSA-DHE prime

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 12:43:49 +02:00
Jouni Malinen
f5bbb2f284 TLS client: Reject RSA-DHE prime if it shorter than 768 bits
Such short primes cannot really be considered secure enough for
authentication purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 12:43:37 +02:00
Jouni Malinen
817742f5aa TLS testing: Fix test_flags check for ApplData report
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 10:59:17 +02:00
Jouni Malinen
44bb91066b tests: wpa_supplicant MIB command
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 00:18:03 +02:00
Jouni Malinen
fb5c8cea95 tests: Supplicant-enforced PTK rekey
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 00:13:23 +02:00
Jouni Malinen
77b4a71180 tests: TDLS discovery
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 00:03:07 +02:00
Jouni Malinen
6ea231e6d4 tests: EAP TLS parameters using configuration blobs
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 23:52:43 +02:00
Jouni Malinen
1120e45232 Allow config blobs to be set through ctrl_iface
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 23:51:37 +02:00
Michal Kazior
c3722e1241 ACS: Fix VHT20
The center segment0 calculation for VHT20 ACS was incorrect. This caused
ACS to fail with: "Could not set channel for kernel driver".

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-03-15 19:04:31 +02:00
Jouni Malinen
c1cec68b93 tests: WPS AP PIN unlocking
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
4b727c5c26 tests: WPS AP configuration using external settings management
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
e8518757c9 tests: WPS PIN request file
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
7af87019ec tests: More HT40 co-ex scan cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
49b74430d9 Fix HT40 co-ex scan for some pri/sec channel switches
Secondary channel was compared incorrectly (-4/4 vs. actual channel
number) which broke matching neighboring 40 MHz BSSes and only the
no-beacons-on-secondary-channel rule was applied in practice. Once
sec_chan was fixed, this triggered another issue in this function where
both rules to switch pri/sec channels could end up getting applied in a
way that effectively canceled the switch.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
018ead4218 tests: VLAN with tagged interface
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
a424259a9b tests: AP using inactivity poll/disconnect
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
e59aa78240 tests: Go to listen state in go_neg_pin_authorized
Previusly, the responding device was left in p2p_find state as a
consequence of using discover_peer() if the peer was not already known.
This was not the sequence that was supposed to be used here. Go to
listen-only state when waiting for the peer to initiate a previously
authorized GO Negotiation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
55c11d40da tests: RSN pre-authentication
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
8a9a3b34dd tests: WDS STA mode
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
5bdac4abce Remove unused STA entry information
previous_ap and last_assoc_req were not really used for anything
meaninful, so get rid of them to reduce the size of per-STA memory
allocation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 09:57:10 +02:00
Jouni Malinen
d05ff96012 tests: SAE mixed network and forced anti-clogging
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 09:38:30 +02:00
Jouni Malinen
06eaa23341 tests: PeerKey attempt with unknown peer
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 00:47:06 +02:00
Jouni Malinen
c9d9ee94e5 Fix hostapd_add_iface error path to deinit partially initialized BSS
It was possible for the control interface and some of the BSS setup to
be left partially initialized in failure cases while the BSS structures
were still freed. Fix this by properly cleaning up anything that may
have passed initialization successfully before freeing memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:46 +02:00
Jouni Malinen
6829da39e6 Fix external radio_work deinit path
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:46 +02:00
Jouni Malinen
8dd9f9cdde Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:45 +02:00
Manish Bansal
67d39cfb32 P2P: Do not create another group interface on NFC Token enable
If a group interface is present and the command was issued on the group
interface, enable the token for that interface instead of creating a new
one.

Signed-off-by: Manish <manish.bansal@broadcom.com>
2014-03-14 21:58:45 +02:00
Paul Stewart
6aa1cd4e06 wpa_supplicant: Apply VHT_OVERRIDES to wpas_start_assoc_cb()
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2014-03-14 21:50:58 +02:00
Paul Stewart
db63757dbc hostapd: Supply default parameters for OBSS scan
For some client OBSS implementations that are performed in
firmware, all OBSS parameters need to be set to valid values.
Do this, as well as supplying the "20/40 Coex Mgmt Support"
flag in the extended capabilities IE.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2014-03-14 21:49:08 +02:00
Dmitry Shmidt
6e9375e4e1 TDLS: Add get_capability tdls command
Command returns info in format: UNSUPPORTED/INTERNAL/EXTERNAL

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-14 21:40:57 +02:00
Johannes Berg
ea7526bfb3 tests: Verify VHT20 with center freq seq0 set to zero
This was found through a mac80211 bug which didn't correctly accept a
center segment 0 value of zero, so the test will fail until the mac80211
bug is fixed.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-03-14 17:07:18 +02:00
Johannes Berg
67e1a402df hostapd: For VHT 20/40, allow center segment 0 to be zero
The 802.11ac amendment specifies that that the center segment 0 field
is reserved, so it should be zero. Hostapd previously required it to
be set, which is likely a good idea for interoperability, but allow it
to be unset. However, don't allow it to be set to a random value, only
allow zero and the correct channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-03-14 17:07:17 +02:00
Jouni Malinen
656a3ef276 tests: Static MAC ACL
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 23:27:11 +02:00
Jouni Malinen
a4292b3f3b tests: require_vht=1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 23:17:04 +02:00
Jouni Malinen
d627e1315e tests: Use disable_dgaf=1 for more coverage
This runs one of the HS 2.0 test cases with DGAF disabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 23:14:08 +02:00
Jouni Malinen
945cc2fd88 tests: RADIUS Disconnect-Request using CUI
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 23:08:01 +02:00
Jouni Malinen
375afd7cf8 tests: WPS reconfiguration to open network
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 22:56:07 +02:00
Jouni Malinen
d0bf06f2d9 GAS server: Remove incomplete remote ANQP processing
Some of the remote ANQP server concepts were introduces into gas_serv.c,
but these were not completed. Remote the unused implementation for now.
It can be added back if support for remote ANQP server is added at some
point.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 21:12:39 +02:00
Jouni Malinen
d61ed3ac3c tests: GAS with unknown advertisement protocol id
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 20:58:14 +02:00
Jouni Malinen
00f74dbdb6 tests: Verify hostapd ENABLE/DISABLE/ENABLE
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 20:41:54 +02:00
Jouni Malinen
32b450fcee tests: HS 2.0 subrem from control interface
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 19:36:36 +02:00
Jouni Malinen
2035b17033 tests: Per-station PSK with WPS
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Jouni Malinen
fdb45355d4 WPS: Extend per-station PSK to support ER case as well
When wpa_psk_file is used instead of wpa_psk/wpa_passphrase, each WPS
Enrollee was given a unique PSK. This did not work for the
station-as-Registrar case where ER would learn the current AP settings
instead of enrolling itself (i.e., when using the AP PIN instead of
station PIN). That case can be covered with a similar design, so
generate a per-device PSK when building M7 as an AP in wpa_psk_file
configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Jouni Malinen
e6c96df8b6 tests: Verify PMF association comeback and STA initiated SA Query
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Jouni Malinen
9a1a538fa5 wpa_supplicant AP: Allow PMF to be enabled with ieee80211w
The ieee80211w parameter was not previously copied to the hostapd BSS
structure from wpa_supplicant configuration, so PMF was practically
disabled. Allow it to be configured through the wpa_supplicant network
configuration block.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Jouni Malinen
ce6b9cd482 Allow reason code to be specified for DEAUTH/DISASSOC test frame
hostapd DEAUTHENTICATE and DISASSOCIATE control interface commands
accepted both a test=<0/1> and reason=<val> parameters, but these were
not supported in the same command as a combination. Move the code around
a bit to allow that as well since it can be helpful for automated test
scripts.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 01:26:09 +02:00