Commit graph

11857 commits

Author SHA1 Message Date
Jouni Malinen
6219943d57 tests: Fix eap_fast_tlv_nak_oom and eap_fast_proto_phase2
Something broke eap_fast_tlv_nak_oom when moving from Ubuntu 14.04 to
16.04. OpenSSL.SSL.Connection() state_string() returns None in these
cases and the debug log prints for that were causing the case to fail.
For now, work around this by checking whether the state string is None
before trying to print it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-25 00:19:26 +02:00
Jouni Malinen
fabce22df6 tests: Clear monitor socket within p2p_msg_unexpected_go_neg_resp
This makes the debug log easier to understand and avoids leaving large
number of pending messages into the wpa_supplicant control interface
sockets.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-24 13:09:23 +02:00
Jouni Malinen
9bcfd5be86 Document new D-Bus WPS properties
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-24 00:16:25 +02:00
Jouni Malinen
4e6bd66744 tests: Additional D-Bus WPS Get/Set properties
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-23 21:28:43 +02:00
Jouni Malinen
77fcbf7ff1 D-Bus: Use a helper function to get possibly NULL strings
This type of check is used in quite a few getter functions, so add a
helper function to take care of it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-23 21:28:43 +02:00
Avichal Agarwal
dbf524946b D-Bus: Add DeviceType in WPS property
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
2016-12-23 21:28:43 +02:00
Avichal Agarwal
266097fdad D-Bus: Add device serial number in WPS property
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2016-12-23 11:02:43 +02:00
Avichal Agarwal
3ee6a3ab35 D-Bus: Add model number in WPS property
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2016-12-23 10:59:53 +02:00
Avichal Agarwal
ae66822cd8 D-Bus: Add WPS model name as property
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
2016-12-23 10:59:53 +02:00
Avichal Agarwal
318d4b5beb D-Bus: Add WPS manufacturer as property
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2016-12-23 10:59:50 +02:00
Avichal Agarwal
b20f031c68 D-Bus: Add WPS device name as property
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2016-12-23 10:51:09 +02:00
Jouni Malinen
f05a893eda tests: Check MESH flag in BSS output in wpas_mesh_mode_scan
In addition, use a single channel scan to make the test case run faster.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-22 14:17:48 +02:00
Sunil Dutt
4a45dc1921 mesh: Show [MESH] flag in print_bss_info()
This was previously done for SCAN_RESULTS, but the BSS control interface
command did not show a similar flag. In addition, change "WPA2" to "RSN"
for mesh BSS to be consistent with the SCAN_RESULTS output.

Commit 638d945679 ('mesh: Show [MESH] flag
in scan results') did similar changes for SCAN_RESULTS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-22 14:11:02 +02:00
Mikael Kanstrup
c04a67deb0 hostapd_cli: Add completion for get command
Add command completion support for get command.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-12-21 12:59:08 +02:00
Mikael Kanstrup
bf4167b9d5 hostapd_cli: Add completion for set command
Add command completion support for set command.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-12-21 12:57:54 +02:00
Mikael Kanstrup
86adff09e9 hostapd_cli: Completion for further commands with STA parameter
Yet some more commands take STA address as the only parameter. Add
command completion support for the following commands:

signature, sa_query, send_qos_map_conf and req_lci

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-12-21 12:55:36 +02:00
Mikael Kanstrup
4f59ad0699 hostapd_cli: Use common completion for commands that use stations
More than one command takes STA address as the only parameter. Make use
of a common completion routine.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-12-21 12:54:24 +02:00
Mikael Kanstrup
62b95eb67e hostapd_cli: Add missing command help descriptions
Some commands are missing help description making them not show up in
the list of supported commands. Add command help description for all
missing commands.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-12-21 12:53:53 +02:00
Joel Cunningham
04f02faac4 Fix wpa_cipher_to_alg() return type
wpa_cipher_to_alg() returns enumerated values from enum wpa_alg and all
uses of the return value treat it as enum wpa_alg (by either assigning
it to a variable of type enum wpa_alg or passing to a function that
expects enum wpa_alg).

This commit updates the return value to match the expected usage
(enum  wpa_alg) rather than int. This ensures the return value is
of the proper type and eliminates the following compiler warnings:

ARM RVCT (2.2):
  'Warning: #188-D: enumerated type mixed with another type'

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-12-21 12:48:16 +02:00
Jouni Malinen
0c8d7b085c tests: wpa_supplicant BSS CURRENT command
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 12:46:14 +02:00
Joel Cunningham
9187b13adb wpa_supplicant: Add BSS CURRENT control interface command
This commit extends the BSS commands to include "BSS CURRENT" as a way
to get the current BSS without having to walk the BSS list matching
against BSSID+SSID returned from the STATUS command.

This returns the BSS stored in wpa_s->current_bss.

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-12-21 12:42:20 +02:00
Jouni Malinen
969e525091 tests: Skip eap_tls_pkcs8_pkcs5_v15 with BoringSSL
It does not look like BoringSSL allows pbeWithMD5AndDES-CBC to be used
to protect the local private key, so skip this test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 12:31:20 +02:00
Jouni Malinen
d7f12e4eb9 OpenSSL: Make sure local certificate auto chaining is enabled
Number of deployed use cases assume the default OpenSSL behavior of auto
chaining the local certificate is in use. BoringSSL removed this
functionality by default, so we need to restore it here to avoid
breaking existing use cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 12:23:15 +02:00
Jouni Malinen
4be02b71bb OpenSSL: Remove SSL_{CTX_,}_clear_options ifdefs
This simplifies the implementation since the SSL_clear_options() and
SSL_CTX_clear_options() are available in all supported versions of
OpenSSL. These were previously needed with older (now obsolete) versions
of OpenSSL, but the ifdefs were missed when removing the more explicit
version macro based backwards compatibility sections.

In practice, this reverts commit
d53d2596e4.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 12:06:21 +02:00
Jouni Malinen
e297cc0d23 tests: P2P service discovery restarted immediately
This test case verifies that SD Response frame does not block the
following remain-on-channel operation unnecessarily long.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 00:21:37 +02:00
Jouni Malinen
7655bd7388 P2P: Do not use wait_time for SD Response TX without fragmentation
The full SD Response frame is not going to be followed by another Action
frame from the peer, so remove the 200 ms wait time from the offchannel
TX command in that case. This avoids leaving a 200 ms lock on the radio
to remain on the channel unnecessarily.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 00:18:03 +02:00
Jouni Malinen
1f0fdaf0e4 Fix race condition between AssocResp callback and 4addr event
It is apparently possible for the NL80211_CMD_UNEXPECTED_4ADDR_FRAME
event to be delivered to hostapd before the NL80211_CMD_FRAME_TX_STATUS
event for (Re)Association Response frame. This resulted in the 4-address
WDS mode not getting enabled for a STA. This could occur in particular
when operating under heavy load and the STA is reconnecting to the same
AP in a sequence where Deauthentication frame is followed immediately by
Authentication frame and the driver event processing gets delayed due to
removal of the previous netdev taking time in the middle of this
sequence.

Fix this by recording a pending item for 4-address WDS enabling if the
NL80211_CMD_UNEXPECTED_4ADDR_FRAME event would have been dropped due to
incompleted association and then process this pending item if the TX
status for the (Re)Association Response frame is received and it shows
that the frame was acknowledged.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-20 01:30:09 +02:00
Jouni Malinen
ad02e79d12 tests: Disable HT in ap_wds_sta_wep
HT cannot be used with WEP-only network, so don't try to do that here.
This get rids of some unnecessary Beacon frame updates during
disassociation/association and can make the test case a bit more robust.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-19 22:47:07 +02:00
Purushottam Kushwaha
a6f3761f7d eap_proxy: Add support for SIM state change indication from eap_proxy
This registers a new callback to indicate change in SIM state. This
helps to do some clean up (more specifically pmksa_flush) based on the
state change of the SIM. Without this, the reconnection using the cached
PMKSA could happen though the SIM is changed.

Currently eap_proxy_sim_state corresponds to only SIM_STATE_ERROR. This
can be further extended.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-19 22:21:07 +02:00
Jouni Malinen
79a54ab9f6 eap_proxy: Fix eap_proxy_init() prototype to use const eapol_cb
The eapol_cb structure was made const and that change resulted in a
compilation warning/error if CONFIG_EAP_PROXY=<name> is enabled in the
wpa_supplicant build configuration. Fix this by updating the function
prototype to match the change.

Note: This results in a change needed to external eap_proxy_*.c
implementations to match the change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-19 22:14:07 +02:00
Jouni Malinen
aed9e23ae5 tests: WPS ER enrolling a new device to a configured AP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-19 17:44:51 +02:00
Jouni Malinen
6c44d97b04 tests: D-Bus P2P discovery on a specific non-social channel
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-19 13:18:05 +02:00
Amit Purwar
4e118c847b D-Bus: Add 'freq' option to P2P Find method to specify starting channel
This allows user to start P2P Find/Scan on a particular frequency and
then move to scanning social channels. This support is already present
on control socket.

Signed-off-by: Amit Purwar <amit.purwar@samsung.com>
2016-12-19 13:09:31 +02:00
Jouni Malinen
74d29544f1 tests: RSN AP and PeerKey between two STAs with sniffer check
The previous PeerKey test cases did not actually verify in any way that
the SMK and STK exchanges were completed since mac80211 does not support
setting the key from STK. Use a sniffer check to confirm that the
exchanges complete to avoid PeerKey regressions like the ones fixed in
the last couple of commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 20:28:10 +02:00
Jouni Malinen
e414f4f021 PeerKey: Fix STK 4-way handshake regression
Commit c93b7e1888 ('RSN: Check result of
EAPOL-Key frame send request') forgot to update two PeerKey users of
EAPOL-Key TX functions. That resulted in STK handshake failing since
message 2/4 and 4/4 TX calls were assumed to have failed when the return
value was changed from 0 to a positive value for success case. This
resulted in not updating nonce information properly and hitting
following error when processing STK 4-way handshake message 3/4:

RSN: INonce from message 1 of STK 4-Way Handshake differs from 3 of STK
4-Way Handshake - drop packet (src=<addr>)

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 19:56:05 +02:00
Jouni Malinen
28fb9bb195 PeerKey: Fix EAPOL-Key processing
Commit 6d014ffc6e ('Make struct
wpa_eapol_key easier to use with variable length MIC') forgot to update
number of EAPOL-Key processing steps for SMK and STK exchanges and broke
PeerKey. Fix this by updating the Key Data field pointers to match the
new style with variable length Key MIC field.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 19:07:29 +02:00
Mikael Kanstrup
dfc7731729 Android: Add p2p_add_cli_chan=1 option
Add p2p_add_cli_chan=1 option to p2p_supplicant.conf to allow Wi-Fi P2P
operating as P2P client on passive scan channels.

In addition, add p2p_add_cli_chan=1 option to wpa_supplicant.conf to
have consistency in P2P channel list. There is a case where P2P channel
list is updated with different channels from p2p0 and wlan0.

Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
2016-12-18 17:56:17 +02:00
Badrish Adiga H R
7508c2ad99 PAE: Make KaY specific details available via control interface
Add KaY details to the STATUS command output.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@hpe.com>
2016-12-18 17:47:05 +02:00
Jouni Malinen
bae93012cd tests: mac80211 and unknown Action frame rejection in STA mode
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 13:01:49 +02:00
Jouni Malinen
0851a180b9 tests: Verify hostapd mgmt_tx() success
Raise an exception if MGMT_TX command to hostapd fails. Previously, such
errors were ignored silently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 13:01:49 +02:00
Jouni Malinen
1a4b4c8466 tests: Update gas_anqp_capab_list and gas_anqp_extra_elements
The FILS ANQP-element changes made couple of the generic ANQP test steps
fail. Update this to ignore the special FILS cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 13:01:49 +02:00
Jouni Malinen
1a73f53a65 tests: FILS SK and multiple realms
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 11:41:59 +02:00
Jouni Malinen
b54f43390e FILS: Make FILS Indication element information available in BSS output
This extends wpa_supplicant BSS command to parse FILS Indication
element.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 11:41:59 +02:00
Jouni Malinen
8183aee6cc FILS: Add support for building FILS Realm Information ANQP-element
This allows full list of hashed realm names to be fetched from hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 11:41:59 +02:00
Jouni Malinen
9cad618679 FILS: Add Realm Information ANQP-element in BSS data
Add a named BSS command output entry for FILS Realm Information
ANQP-element (anqp_fils_realm_info).

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 11:41:51 +02:00
Jouni Malinen
f82bc83264 tests: Add fils_realm for existing FILS test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-17 22:08:25 +02:00
Jouni Malinen
26bf70e3d2 FILS: Separate FILS realm configuration from ERP domain
The new hostapd configuration parameter fils_realm=<realm> can now be
used to configure one or more FILS realms to advertise for ERP domains
when using FILS. This replaces the use of erp_domain=<domain> parameter
for the FILS use case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-17 22:08:23 +02:00
Jouni Malinen
42b847ac1e FILS: Fix hashed realm name derivation
P802.11ai/D7.0 changed from CRC32 to SHA256 as the hash algorithm for
the FILS realm name. Update the implementation to match that change.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-17 22:07:57 +02:00
Jouni Malinen
29062f2932 Update various definitions based on IEEE Std 802.11-2016
This updates definitions for Status Codes, Reason Codes,
Information Element IDs, Action frame categories, Public Action
codes, Protected Dual of Public Action codes, Advertisement
Protocol ID, and ANQP info IDs based on IEEE Std 802.11-2016.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-17 12:27:49 +02:00
Jouni Malinen
670d5eba05 tests: Fix FST scanning for non-FST APs
The sta2.scan() calls were performing full scan of all channels and
reporting only the BSS entry that happened to be the first one in the
wpa_supplicant list. This is problematic since it is possible that the
target AP was not found and incorrect BSS was selected and used for
setting scan_freq which made the connection fail. Furthermore, there is
no need to use full scan for these test cases, so use a single channel
scan instead.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-15 14:17:14 +02:00