Commit graph

13636 commits

Author SHA1 Message Date
Jouni Malinen
810bedf23f DPP: Check own_bi/peer_bi pointers more consistently
This gets rid of smatch warnings about a dereference before check.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Jouni Malinen
3d1d469195 Fix indentation level
This gets rid of smatch warnings about inconsistent indenting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Jouni Malinen
3337fc2a12 OpenSSL: Include sha512.h to match function prototypes
This gets rid of sparse warnings.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:06 +02:00
Jouni Malinen
b3f99d45d5 macsec_linux: Make create_transmit_sc() handler use matching arguments
The currently unused conf_offset parameter used a mismatching type (enum
vs. unsigned int) compared to the prototype.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:01 +02:00
Jouni Malinen
b82fcf06f2 macsec_linux: Use NULL to clear a pointer
Avoid a sparse warning from use of a plain integer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:32:35 +02:00
Jouni Malinen
ff7f339cff macsec_qca: Mark macsec_qca_set_transmit_next_pn() static
This function is not used outside this C file. Mark it static to avoid a
warning from sparse.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:32:09 +02:00
Ashok Ponnaiah
fcb3f11e4d SAE: Fix external authentication on big endian platforms
Need to handle the little endian 16-bit fields properly when building
and parsing Authentication frames.

Fixes: 5ff39c1380 ("SAE: Support external authentication offload for driver-SME cases")
Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-11-30 17:26:26 +02:00
Jouni Malinen
77e4f012f1 tests: DPP invalid legacy parameters
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:17:03 +02:00
Jouni Malinen
a00d65e79f DPP: Reject invalid no-psk/pass legacy configurator parameters
Instead of going through the configuration exchange, reject invalid
legacy configurator parameters explicitly. Previously, configuring
legacy (psk/sae) parameters without psk/pass resulted in a config object
that used a zero length passphrase. With this change, that config object
is not sent and instead, either the initialization attempts is rejected
or the incoming initialization attempt is ignored.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:14:49 +02:00
Jouni Malinen
4d38285b3b tests: DPP protocol testing - Auth Conf RX processing failure
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 14:21:35 +02:00
Jouni Malinen
4ea1915bad tests: DPP Auth Resp AES-SIV issue
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 14:10:12 +02:00
Jouni Malinen
3710b58d24 tests: More DPP incompatible roles coverage
Cover the Configurator/Configurator case in addition Enrollee/Enrollee.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 14:05:21 +02:00
Jouni Malinen
14ea96dbd0 tests: DPP and Auth Resp(status) build failure
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 13:39:19 +02:00
Jouni Malinen
f1042596d1 tests: DPP bootstrap key autogen issues
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 13:35:39 +02:00
Jouni Malinen
04924b28b5 OWE: Fix a compiler warning in non-testing build
The new conf variable was used only within the CONFIG_TESTING_OPTIONS
block and as such, added a warning about unused variable into
non-testing builds. Fix that by using that variable outside the
conditional block as well.

Fixes: a22e235fd0 ("OWE: Add testing RSNE for OWE assoc response with driver SME/MLME")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 20:49:53 +02:00
Jouni Malinen
4e72b1de1d tests: DPP protocol testing cases for Auth Resp status-not-OK cases
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 17:21:22 +02:00
Jouni Malinen
89b6d8a2f0 DPP: Fix no-Status protocol testing in Auth Resp error case
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 17:20:41 +02:00
Jouni Malinen
9c976e2c45 tests: Additional DPP AES-SIV local failure coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 17:02:31 +02:00
Jouni Malinen
545bf954c4 tests: DPP QR Code and keygen failure
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 16:50:36 +02:00
Jouni Malinen
9eadebe3d4 tests: DPP local failure on hashing public key for PKEX bootstrap info
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 16:44:48 +02:00
Jouni Malinen
e9bca5b8c3 tests: DPP QR Code and unsupported curve
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 16:44:48 +02:00
Sunil Dutt
acecac4c79 Define QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES also as an event
This commit enhances QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES to
also be an event, aimed to notify the link status (EX: connected
stations status on an AP link).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 00:27:18 +02:00
Jouni Malinen
d16be03bd1 tests: Additional DPP bootstrapping URI parsing coverage
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-26 21:35:23 +02:00
Jouni Malinen
01e39ba992 tests: DPP invalid attribute checks
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-26 20:43:30 +02:00
Cedric Izoard
10d32e2c8d nl80211: Use netlink connect socket for disconnect (ext auth)
When external authentication is used, a specific netlink socket is used
to send the connect command. If the same socket is not used for
disconnect command, cfg80211 will discard the command. This constraint
was added into the kernel in commit bad292973363 ("nl80211: Reject
disconnect commands except from conn_owner"). That requires an update
for the hostap.git commit 40a68f3384 ("nl80211: Create a netlink
socket handle for the Connect interface").

Add a new flag into struct i802_bss to indicate if the special
nl_connect socket was used for the connect command. When sending
disconnect command this flag is tested to select the correct socket.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2018-11-26 19:24:31 +02:00
Cedric Izoard
18a0508a41 external-auth: Check key_mgmt when selecting SSID
When selecting SSID to start external authentication procedure also
check the key_mgmt field as several network configuration may be defined
for the same SSID/BSSID pair. The external authentication mechanism is
only available for SAE.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2018-11-26 19:09:25 +02:00
Avraham Stern
a302384148 tests: Call remove_group() after other cleanup is done
The call to remove_group() may fail, in which case all following
cleanup is skipped. This may result in failing many tests since
cleanup did not complete successfully.

Fix this by calling remove_group() after other cleanup is done so
even it fails it will not affect the following tests.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-11-26 01:00:00 +02:00
Emmanuel Grumbach
941807f6b6 drivers: Document struct wpa_signal_info
Add documentation to the wpa_signal_info structure.
Add a define for an invalid noise value.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2018-11-26 00:57:50 +02:00
Jouni Malinen
381523ecae tests: hostapd configuration reload on SIGHUP with bss remove/add
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-26 00:53:53 +02:00
Jouni Malinen
6e7b4c45fa Fix hostapd config file reloading with BSS addition/removal
BSS additional/removal cases were not considered at all in the previous
implementation of hostapd configuration file reloading on SIGHUP. Such
changes resulted in num_bss values getting out of sync in runtime data
and configuration data and likely dereferencing of freed memory (e.g.,
when removing a BSS).

Fix this by forcing a full disable/enable sequence for the interface if
any BSS entry is added/removed or if an interface name changes between
the old and the new configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-26 00:51:38 +02:00
Jouni Malinen
cabbaac119 Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-26 00:37:24 +02:00
Jouni Malinen
fd1534a258 tests: DPP Connector testing with ECDSA signature in Python
Implement ECDSA signing functionality in the Python test script for
generating a valid signedConnector. This allows coverage of DPP config
object testing to be increased more easily.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 22:01:35 +02:00
Jouni Malinen
30dda44dcc tests: More DPP Config Object protocol testing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 20:24:50 +02:00
Jouni Malinen
06e62e11c7 DPP: Fix a debug print to use quotation marks consistently
The "DPP: Unexpected JWK kty" debug print missed one of the quotation
marks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 17:31:49 +02:00
Jouni Malinen
a46b60c440 tests: Additional coverage for DPP GAS error cases
These test cases found number of error handling issues in the DPP/GAS
implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:53:05 +02:00
Jouni Malinen
11f07f027a DPP: Fix error path handling for GAS Comeback Response building
A local memory allocation failuring during GAS Comeback Response frame
generation could result in freeing the response context without removing
it from the list. This would result in dereferencing freed memory when
processing the next comeback request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:51:26 +02:00
Jouni Malinen
c7896ef9c6 DPP: Fix memory leaks in GAS server error path handling
If local memory allocation for the GAS response failed, couple of error
paths ended up leaking some memory maintaining the state for the
exchange. Fix that by freeing the context properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:49:44 +02:00
Jouni Malinen
931f7ff656 DPP: Fix GAS client error case handling
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:33:39 +02:00
Jouni Malinen
e18b479299 tests: More coverage for ATTACH command parameter setting
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 12:02:07 +02:00
Jouni Malinen
a21eadcf58 tests: D-Bus introspection with busctl
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-24 18:30:41 +02:00
Lubomir Rintel
d7591aab85 dbus: Expose availability of SHA384 on D-Bus
This lets us know whether we can attempt to use FT-EAP-SHA384.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:18:25 +02:00
Lubomir Rintel
eb7e747931 dbus: Expose availability of FT on D-Bus
This lets us know whether we can attempt to use FT-PSK, FT-EAP,
FT-EAP-SHA384, FT-FILS-SHA256 or FT-FILS-SHA384.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:18:25 +02:00
Lubomir Rintel
8b67f6496e tests: D-Bus Get/Set Pmf
Based on Jouni Malinen's [76055b4c6 "tests: D-Bus Get/Set Pmf"], modified
to use the correct "s" signature for the "Pmf" property.

Removed the negative test cases, because the synthesized property doens't
seem to do error checking upon being set.

Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:04:20 +02:00
Lubomir Rintel
59d59eb0e0 Revert "D-Bus: Implement Pmf property"
This reverts commit adf8f45f8a.

It is basically all wrong. The Pmf property did exist, with a signature of
"s" as documented in doc/dbus.doxygen. It was synthesized from
global_fields[].

The patch added a duplicate one, with a signature of "u", in violation
of D-Bus specification and to bemusement of tools that are careful
enough:

  $ busctl introspect fi.w1.wpa_supplicant1 /fi/w1/wpa_supplicant1/Interfaces/666
  Duplicate property

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:03:55 +02:00
Lubomir Rintel
b8d8928f6c Revert "tests: D-Bus Get/Set Pmf"
This is wrong. The Pmf property has a "s" signature.

This reverts commit 76055b4c61.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2018-11-24 18:03:55 +02:00
Jouni Malinen
4929d556cc mesh: Add Category and Action field to maximum buffer length
Make the buf_len calculation match more closely with the following
wpa_buf*() operations. The extra room from the existing elements was
apparently sufficiently large to cover this, but better add the two
octet header explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-24 13:36:54 +02:00
Bob Copeland
25778502d5 mesh: Fix off-by-one in buf length calculation
The maximum size of a Mesh Peering Management element in the case
of an AMPE close frame is actually 24 bytes, not 23 bytes, plus the
two bytes of the IE header (IEEE Std 802.11-2016, 9.4.2.102). Found by
inspection.

The other buffer components seem to use large enough extra room in their
allocations to avoid hitting issues with the full buffer size even
without this fix.

Signed-off-by: Bob Copeland <bobcopeland@fb.com>
2018-11-24 13:30:28 +02:00
Davide Caratti
2b7f46f1c7 examples: Fix shellcheck warnings in wps-ap-cli
use 'printf' instead of 'echo -n', to suppress the following warning:

In POSIX sh, echo flags are undefined. [SC2039]

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2018-11-22 15:53:30 +02:00
Andrei Otcheretianski
79bbafd78c tests: Store the correct PID in hostapd-test.pid file
The hwsim's start.sh script spawns hostapd process using "sudo".
Since sudo forks a child process, $! holds the pid of sudo itself.
Fix that by storing the PID of the child process instead.
Since in VM "sudo" is replaced with a dummy script, pass an additional
argument to run-all.sh and start.sh scripts to indicate that they are
running inside a VM.

This is needed to fix ap_config_reload and ap_config_reload_file test
cases on some platforms where sudo is apparently not relaying the
signals properly.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-11-22 15:53:30 +02:00
Ayala Beker
fcc65290d4 tests: Fix ap_acl_deny test
In ap_acl_deny test, the AP doesn't send probe responses during scan due
to ACL reject. As the result, dev[0] might miss the AP's Beacon frame
because the dwell time is too short. Make the test more robust and
trigger passive scan, and by that increase the probability of hearing
the AP.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2018-11-22 15:53:30 +02:00