Commit graph

17011 commits

Author SHA1 Message Date
Jouni Malinen
4ed10754e8 DPP: Fix GAS client error case handling in hostapd
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.

This is similar to the earlier wpa_supplicant fix in commit 931f7ff656
("DPP: Fix GAS client error case handling").

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-21 11:47:39 +02:00
Jouni Malinen
3ae18d4bd7 EAP-SIM/AKA: Fix check for anonymous decorated identity
eap_sim_anonymous_username() gets called with an argument that is not a
null terminated C string and as such, os_strrchr() and os_strlen()
cannot be used with it. The previous implementation resulted in use of
uninitialized values and a potential read beyond the end of the buffer.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32277
Fixes: 73d9891bd7 ("EAP-SIM/AKA peer: Support decorated anonymous identity prefix")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 16:28:44 +02:00
Jouni Malinen
512d973cc2 DPP: Indicate authentication success on ConfReqRX if needed (hostapd)
It is possible to receive the Configuration Request frame before having
seen TX status for the Authentication Confirm. In that sequence, the
DPP-AUTH-SUCCESS event would not be indicated before processing the
configuration step and that could confuse upper layers that follow the
details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS
when receiving the Configuration Request since the Enrollee/Responser
has clearly receive the Authentication Confirm even if the TX status for
it has not been received.

This was already done in wpa_supplicant in commit 422e73d623 ("DPP:
Indicate authentication success on ConfReqRX if needed") and matching
changes are now added to hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 16:09:19 +02:00
Jouni Malinen
eff3212763 tests: PMKSA cache add failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 13:38:49 +02:00
Jouni Malinen
6c8842f0e0 Fix full EAP authentication after PMKSA cache add failure
Need to get EAP state machine into a state where it is willing to
proceed with a new EAP-Request/Identity if PMKSA cache addition fails
after a successful EAP authentication before the initial 4-way handshake
can be completed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 13:36:55 +02:00
Jouni Malinen
be06fd5b02 tests: hostapd ctrl_iface SET_NEIGHBOR failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 13:13:24 +02:00
Jouni Malinen
ed8a5733bd tests: DPP and hostapd as Enrollee with GAS fragmentation/timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:55:21 +02:00
Jouni Malinen
9056f918b6 tests: DPP connection status - success with hostapd as Configurator
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:19:12 +02:00
Jouni Malinen
6bbbd9729f DPP2: Fix connection status result wait in hostapd
The waiting_conn_status_result flag was not set which made hostapd
discard the Connection Status Result. Fix this to match the
wpa_supplicant implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:17:58 +02:00
Jouni Malinen
bcfcb247db tests: hostapd airtime policy configuration
Add minimal testing for airtime policy configuration. mac80211_hwsim
does not actually support this functionality, so this is just for
testing coverage of src/ap/airtime_policy.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:03:01 +02:00
Jouni Malinen
c0c74f0c6b Testing functionality for airtime policy
Add a new testing parameter to allow airtime policy implementation to be
tested for more coverage even without kernel driver support.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:03:01 +02:00
Jouni Malinen
fb9cd650e5 tests: DPP with hostapd as configurator/initiator with v1 enrollee
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 11:57:10 +02:00
Jouni Malinen
68b69d6607 tests: DPP chirp by an AP on 5 GHz
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 11:57:10 +02:00
Jouni Malinen
3d23fe32a5 tests: AP tracking STA taxonomy (5 GHz)
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 11:57:10 +02:00
Jouni Malinen
2f77891496 nl80211: Debug print error from airtime weight configuration
It is better to be able to determine whether the airtime weight
configuration for a STA actually was accepted by the driver or not.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 00:15:53 +02:00
Jouni Malinen
8b41ac82e6 tests: HE AP spatial reuse parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-19 23:58:39 +02:00
Jouni Malinen
8c24982e61 tests: Fix error messages for HE config missing
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-19 23:34:58 +02:00
Jouni Malinen
38fa5e6572 More documentation for HE Spatial Reuse Parameter Set configuration
Add a bit more complete documentation on how he_spr_sr_control parameter
is supposed to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-19 23:33:16 +02:00
Jouni Malinen
aa6a50849c tests: EAP-SIM with decorated anonymous identity
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-19 21:12:43 +02:00
Hai Shalom
73d9891bd7 EAP-SIM/AKA peer: Support decorated anonymous identity prefix
Support decorated anonymous identity prefix as per RFC 7542,
for SIM-based EAP networks.

Signed-off-by: Hai Shalom <haishalom@google.com>
2021-03-19 21:12:01 +02:00
Mohammad Asaad Akram
7831b10a89 Introduce reason code for TWT teardown due to concurrency
The firmware sends new reason codes to indicate TWT teardown due to
single channel and multi channel concurrency. Update the enum
qca_wlan_vendor_twt_status to represent new reason code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-19 21:01:36 +02:00
Jouni Malinen
6219d5a5c2 tests: Make FT roaming and data connectivity checks more robust
Dump pending monitor interface messages between each roaming step to
make the test log easier to understand and hostapd wait for the new
connection more robust by ensuring that the processed event if for the
very last reassociation. It looks like at least ap_ft_vlan_over_ds_many
could fail due to the connectivity check being started before the final
roam had been completed on the AP side even though there was an explicit
hapd2ap.wait_sta() wait before the test.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-19 20:54:16 +02:00
Matthew Wang
58c5bd762e tests: Check update misbehaving MBO AP test to include roam
APs PMF capabilities can differ. wpa_supplicant should be able to
disable and enable MBO when roaming to and from a misbehaving MBO AP
that doesn't support PMF. Verify that this is indeed happening.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2021-03-19 18:35:01 +02:00
Jouni Malinen
daa0a22e45 tests: Fix eap_proto_eke_errors with gcc-10
gcc-10 seems to be inlining eap_eke_prf() and eap_eke_prfplus() which
breaks this test case due to a different backtrace being generated for
triggering the local failures. Point to the functions called by those
instead of these two functions to get this working with both gcc-9 and
gcc-10.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-17 23:38:26 +02:00
Jouni Malinen
eaf925df00 tests: Speed up tshark operations
Hide /usr/share/wireshark from hostfs to prevent tshark from loading all
the data from there since that can take significant amount of time and
is not really needed for the test cases. In addition, set HOME to point
to local tmpfs to avoid unnecessary references through hostfs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-17 23:36:52 +02:00
Ilan Peer
9d9b423065 tests: Add coverage for PASN deauthentication
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:50:10 +02:00
Ilan Peer
eaeec4da2d PASN: Add support for deauthentication flow in station
The new wpa_supplicant control interface command "PASN_DEAUTH
bssid=<BSSID>" can now be used to flush the local PTKSA cache for the
specified BSS and to notify the AP to request it to drop its PTKSA as
well.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:49:28 +02:00
Ilan Peer
4f436d5378 nl80211: Allow sending Deauthentication frame with off channel for PASN
To allow for a PASN station to deauthenticate from an AP to clear any
PTKSA cache entry for it, extend the nl80211 interface to allow sending
a Deauthentication frame with off channel enabled.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:43:08 +02:00
Ilan Peer
1ca1c3cfee AP: Handle deauthentication frame from PASN station
When a Deauthentication frame is received, clear the corresponding PTKSA
cache entry for the given station, to invalidate previous PTK
information.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:41:02 +02:00
Ilan Peer
166e357e63 AP: Enable anti clogging handling code in PASN builds without SAE
The anti-clogging code was under CONFIG_SAE. Change this so it can be
used both with CONFIG_SAE and CONFIG_PASN.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:58:10 +02:00
Ilan Peer
6fe0d56e88 AP: Rename SAE anti clogging variables and functions
PASN authentication mandates support for comeback flow, which
among others can be used for anti-clogging purposes.

As the SAE support for anti clogging can also be used for PASN,
start modifying the source code so the anti clogging support
can be used for both SAE and PASN.

As a start, rename some variables/functions etc. so that they would not
be SAE specific. The configuration variable is also renamed, but the old
version remains available for backwards compatibility.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:44:24 +02:00
Ilan Peer
b42b6c4d53 tests: Add test coverage for PASN with MIC errors
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:22:23 +02:00
Ilan Peer
b866786338 PASN: For testing purposes allow to corrupt MIC
For testing purposes, add support for corrupting the MIC in PASN
Authentication frames for both wpa_supplicant and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:19:12 +02:00
Ilan Peer
2264a29890 tests: PASN: configure the nid before sending the command
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:15:55 +02:00
Ilan Peer
2efa60344e PASN: Encode the public key properly
When a public key is included in the PASN Parameters element, it should
be encoded using the RFC 5480 conventions, and thus the first octet of
the Ephemeral Public Key field should indicate whether the public key is
compressed and the actual key part starts from the second octet.

Fix the implementation to properly adhere to the convention
requirements for both wpa_supplicant and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 12:31:31 +02:00
Ilan Peer
cd0813763a PASN: Include PMKID in RSNE in PASN response from AP
As defined in IEEE P802.11az/D3.0, 12.12.3.2 for the second PASN frame.
This was previously covered only for the case when the explicit PMKSA
was provided to the helper function. Extend that to cover the PMKID from
SAE/FILS authentication cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 11:45:12 +02:00
Ilan Peer
da3ac98099 PASN: Fix setting frame and data lengths in AP mode PASN response
Frame length and data length can exceed 256 so need to use size_t
instead of u8.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 11:38:51 +02:00
Jouni Malinen
c733664be9 EAP peer: Make EAP-Success handling more robust against race conditions
When ERP initialization was moved from the METHOD state to the SUCCESS
state, the conditions for checking against EAP state being cleared was
missed. The METHOD state verified that sm->m is not NULL while the
SUCCESS state did not have such a check. This opened a window for a race
condition where processing of deauthentication event and EAPOL RX events
could end up delivering an EAP-Success to the EAP peer state machine
after the state had been cleared. This issue has now been worked around
in another manner, but the root cause for this regression should be
fixed as well.

Check that the EAP state machine is properly configured before trying to
initialize ERP in the SUCCESS state.

Fixes: 2a71673e27 ("ERP: Derive ERP key only after successful EAP authentication")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-15 00:45:20 +02:00
Jouni Malinen
19a11f629f tests: Enable HE overrides in wpa_supplicant build
This is needed for the recently added he_disabled_on_sta test case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 19:12:07 +02:00
Jouni Malinen
6e3fed1d98 tests: DPP Authentication Confirm timeout in hostapd
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:52:54 +02:00
Jouni Malinen
72a17937ca DPP: Add init/respond retries parameter configuration to hostapd
These parameters were already defined in struct hostapd_data, but there
was no way of setting them. Add these to hostapd control interface
similarly to the wpa_supplicant implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:51:43 +02:00
Jouni Malinen
f18b5542ad tests: OCV without PMF
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:27:47 +02:00
Jouni Malinen
a288775851 tests: WEP and HE
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:21:47 +02:00
Jouni Malinen
2cc7f6dfe5 tests: HE AP and 6 GHz security parameter validation
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:17:33 +02:00
Jouni Malinen
98ce8ae328 tests: Automatic channel selection for VHT 80+80
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 18:07:19 +02:00
Jouni Malinen
7d251654db tests: RADIUS Accounting and interim updates failing
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 17:59:52 +02:00
Jouni Malinen
49de30404e tests: Fix ap_wpa2_eap_tls_ocsp_multi_revoked
The index-revoked.txt file had not been updated when the server
certificate was updated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:46:03 +02:00
Jouni Malinen
6ed0c212e4 TLS: Fix highest TLS version disabling with internal TLS client
The highest supported TLS version for pre_master_secret needs to be
limited based on the local configuration for the case where the highest
version number is being explicitly disabled. Without this, the server
would likely detect a downgrade attack.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
9a9b461fee tests: Check SAE capability for couple of forgotten sigma_dut cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00
Jouni Malinen
87429fc687 tests: Check DPP capability in couple of forgotten cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-14 13:08:04 +02:00