If the AP/Authenticator receives an EAPOL-Key msg 2/4 for an association
that negotiated use of PSK and the EAPOL-Key MIC does not match, it is
likely that the station is trying to use incorrect PSK/passphrase.
Report this with "AP-STA-POSSIBLE-PSK-MISMATCH <STA addr>" control
interface event.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
SChannel/CryptoAPI as a TLS/crypto library alternative was never
completed. Critical functionality is missing and there are bugs in this
implementation. Since there are no known plans of completing this
support, it is better to remove this code.
Signed-off-by: Jouni Malinen <j@w1.fi>
In the commit 77b244d577a7cb5c928478627af6687a0733193d9 ('wpa_gui: Quiet
mode - disable tray icon messages') a new parameter has been introduced,
but it was not documented. This commit fixes this omission.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Channel 140 is needed as allowed HT40 channel pair to use
channel 144 introduced in 802.11ac for VHT40 and VHT80.
Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
Some config parameters were missing in the "set" command completion
routine. Add missing parameters and while at it put the parameters
under compiler switches so only valid ones are shown.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add support to retrieve IPv4 config variables with the "get" control
interface command. This allows the ip_addr_* parameters for P2P+NFC
IP address assignment to be fetched from the GO.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Handle NL80211_ATTR_EXT_FEATURES attribute and
NL80211_EXT_FEATURE_VHT_IBSS to determine whether
the driver supports VHT with IBSS.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
wpa_supplicant/p2p_supplicant.c has reached almost 10000 lines in length
and was getting a bit inconvenient to edit, so start splitting it into
separate files.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for bitfield_get_first_zero() to read one octet beyond
the allocated bit buffer in case the first zero bit was not within
size-1 first octets.
Signed-off-by: Jouni Malinen <j@w1.fi>
The 'params' argument was not used at all. Use it as an alternative
means for setting the list of test cases to execute.
Signed-off-by: Jouni Malinen <j@w1.fi>
This event was previously used only when disabling AP mode operation
through hostapd control interface. Make this more consistent by
providing same indication when disabling hostapd interface through the
interface deinit path. This adds the event to the case where a full
hostapd radio instance is removed which also applies for the
wpa_supplicant AP mode operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the AP mode more consistent with other modes by providing a
matching pair of CTRL-EVENT-CONNECTED and CTRL-EVENT-DISCONNECTED event
messages.
Signed-off-by: Jouni Malinen <j@w1.fi>
If OpenSSL reports that a presented leaf certificate is invalid,
but it has been explicitly pinned, accept it anyway.
Signed-off-by: Rohit Agrawal <rohit.agrawal.mn@gmail.com>
Explicitly clear cached scan results on the AP interface before starting
ACS. This avoids issues where conflicting BSS entries from previously
executed test cases could affect channel selection.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like "hardware does not support required rate 1.0 Mbps" has
started showing up in some hwsim test cases as a reason for failure.
This should not really occur with mac80211_hwsim, so add more details to
the debug print to make it easier to figure out what exactly happened.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, it would have been possible to complete RSN connection by
skipping the msg 3/4 and 4/4 completely. This would have resulted in
pairwise key not being configured. This is obviously not supposed to
happen in practice and could result in unexpected behavior, so reject
group key message before the initial 4-way handshake has been completed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to filter out test cases that take significantly longer
time to execute (15 seconds or longer). While this reduces testing
coverage, this can be useful to get a pretty quick coverage in
significantly faster time.
Signed-off-by: Jouni Malinen <j@w1.fi>
It's somewhat annoying that you can only run parallel-vm.py as
./parallel-vm.py, not from elsewhere by giving the full path,
so fix that by resolving the paths correctly in the scripts where
needed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of hand-writing a (positional) parser, use the argparse module.
This also gets us nice help output.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These test cases need to use the previous-AP-on-correct-band workaround
similarly to test_ap_acs.py test cases for now to work with
mac80211_hwsim limitations on channel survey.
Signed-off-by: Jouni Malinen <j@w1.fi>
Explicitly clear the cfg80211 BSS cache at the beginning of these test
cases to avoid matching BSS flags against incorrect AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looked like cfg80211 BSS entry for the zero-length SSID could remain
after this test case. Stop the AP and scan twice with flush-cache option
to make this less likely to occur and cause issues to following test
cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
ML80211_ATTR_TDLS_OPERATION can now set to NL80211_TDLS_DISCOVERY_REQ to
allow the driver to request wpa_supplicant to initiate TDLS Discovery
Request.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the TDLS operation request mechanism to allow TDLS
Discovery Request to be initiated by the driver similarly to the
existing Setup and Teardown requests.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible to leave the driver in mesh point state if upper layer
mesh initialization failed in wpa_supplicant_mesh_init(). With nl80211,
this results in the vif being left in mesh point mode instead of
restoring it to station mode. That seems to break normal functionality,
e.g., for Public Action frame TX/RX. Fix this by restoring station mode
on mesh failure path.
This error could be triggered, e.g., with the following hwsim test case
sequence: wpas_mesh_secure_sae_missing_password
nfc_p2p_static_handover_tagdev_go_forced_freq
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, it was possible for the wpa_sm_start_preauth() and
wpa_sm_rekey_ptk() eloop callbacks to remain active after disconnection
and potentially continue to be used for the next association. This is
not correct behavior, so explicitly cancel these timeouts to avoid
unexpected attempts to complete RSN preauthentication or to request PTK
to be rekeyed.
It was possible to trigger this issue, e.g., by running the following
hwsim test case sequence: ap_wpa2_ptk_rekey ap_ft_sae_over_ds
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for this test case to fail if cfg80211 BSS cache
included an entry for the same BSSID on another channel from an earlier
test case. Fix this by epxlicitly flushing the cache. In addition, use
scan_for_bss() to make the test less likely to fail in case of heavy CPU
load.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The initial IEEE 802.11 ProxyARP functionality in the kernel needed
changes in behavior and that ended up requiring an independent
configuration parameter to be used. Update hostapd to use that new
proxyarp_wifi parameter instead of the earlier proxyarp.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
