Commit graph

16846 commits

Author SHA1 Message Date
Markus Theil
93da12fd9f mesh: Fix channel init order, disable pri/sec channel switch
wpa_supplicant_conf_ap_ht() has to happen before
hostapd_setup_interface() in order for its configuration settings to
have effect on interface configuration.

Disable primary and secondary channel switch because of missing tie
breaking rule/frames in mesh networks. A rather long comment about
this issue is placed in mesh.c in the corresponding place.

I was not able to reproduce the memory corruption during
mesh_secure_ocv_mix_legacy, which lead to a revert of a similar patch in
the past.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 12:44:15 +03:00
Markus Theil
0be9c232a3 tests: Remove wpas_mesh_open_5ghz_coex
This is in preparation for an implementation change that ends up
contradicting the operations enforced in this test case for mesh coex.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 12:44:15 +03:00
Markus Theil
7f8ac02e85 HE/VHT: Fix frequency setup with HE enabled
Some places in the code base were not using the wrappers like
hostapd_set_oper_centr_freq_seg0_idx and friends. This could lead to
errors, for example when joining 80 MHz mesh networks. Fix this, by
enforcing usage of these wrappers.

wpa_supplicant_conf_ap_ht() now checks for HE capability before dealing
with VHT in order for these wrappers to work, as they first check HE
support in the config.

While doing these changes, I've noticed that the extra channel setup
code for mesh networks in wpa_supplicant/mesh.c should not be necessary
anymore and dropped it. wpa_supplicant_conf_ap_ht() should handle this
setup already.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-14 12:44:09 +03:00
Jouni Malinen
0f07230eb9 DPP2: Add privacyProtectionKey into Configurator backup/restore
This allows the privacyProtectionKey to be transferred to a new
Configurator similarly to the way c-sign-key is transferred.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
a0ccc4017f DPP2: Use ppKey to decrypt E'-id on Configurator
Use the new privacy protection key to decrypt E'-id from Reconfig
Announcement frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
99d7bf2348 DPP2: Use the new privacy protection key to protect E-id on Enrollee
Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig
Announcement frame on the Enrollee side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
37df40845a DPP2: Copy received ppKey into wpa_supplicant network profile
Store the received privacy protection key from Connector into
wpa_supplicant network profile and indicate it through the control
interface similarly to C-sign-key.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
a8ee2292bd DPP2: Parse ppKey from Connector
This will be used to protect E-id in Reconfig Announcement frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
2a8c928871 DPP2: Add ppKey into Connector
This provides the new privacy protection key to the Enrollee so that
this can be used to protect E-id in Reconfig Announcement frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 23:38:47 +03:00
Jouni Malinen
9c1fbff074 DPP2: Generate a privacy protection key for Configurator
Generate a new key for Configurator. This is either generated
automatically for the specified curve or provided from external source
with the new ppkey=<val> argument similarly to the way c-sign-key was
previously generated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 19:59:29 +03:00
Jouni Malinen
1d14758450 DPP: Make dpp_keygen_configurator() a static function
This was not used anywhere outside dpp.c.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 19:48:29 +03:00
Jouni Malinen
a964cb65a1 tests: Silence compiler warnings from test-base64
Use typecasting to match the base64_{encode,decode}() function prototype
for signed/unsigned char buffer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:47 +03:00
Jouni Malinen
05195189f1 tests: Build test-https and test-https_server as part of ALL
Even though these are not part of run-tests, it is simpler to just build
them like all other tests/test-* tools.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:47 +03:00
Jouni Malinen
b746f28c00 tests: Remove unnecessary libraries from tests/test-*.c build
These libraries are not needed anymore with the remaining tests/test-*.c
tools.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:47 +03:00
Jouni Malinen
0167a2d165 tests: Remove obsolete ASN.1 parser/fuzzer
tests/fuzzing/asn1 replaced this more than a year ago, so get rid of the
now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:47 +03:00
Jouni Malinen
0db20eacaa tests: Remove obsolete TLS fuzzer
tests/fuzzing/tls-{client,server} replaced this more than a year ago, so
get rid of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:44 +03:00
Jouni Malinen
8a43fcd18c tests: Remove obsolete EAPOL-Key fuzzer
tests/fuzzing/eapol-key-{auth,supp} replaced this more than a year ago,
so get rid of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:40 +03:00
Jouni Malinen
95cbbf44f0 tests: Remove obsolete json fuzzer
tests/fuzzing/json replaced this more than a year ago, so get rid
of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:17:17 +03:00
Jouni Malinen
b1e91a53e4 tests: Remove obsolete ap-mgmt-fuzzer
tests/fuzzing/ap-mgmt replaced this more than a year ago, so get rid
of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:10:01 +03:00
Jouni Malinen
e974fad9c5 tests: Remove obsolete eapol-fuzzer
tests/fuzzing/eapol-supp replaced this more than a year ago, so get rid
of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:06:58 +03:00
Jouni Malinen
0be7967692 tests: Remove obsolete wnm-fuzzer
tests/fuzzing/wnm replaced this more than a year ago, so get rid of the
now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:04:46 +03:00
Jouni Malinen
ceab836a99 tests: Remove obsolete p2p-fuzzer
tests/fuzzing/p2p replaced this more than a year ago, so get rid of the
now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:00:52 +03:00
Johannes Berg
1d0d8888af build: Make more library things common
We don't really need to duplicate more of this, so just
move the lib.rules include to the end and do more of the
stuff that's common anyway there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:35 +03:00
Johannes Berg
f4b3d14e97 build: Make a common library build
Derive the library name from the directory name, and let each
library Makefile only declare the objects that are needed.

This reduces duplicate code for the ar call. While at it, also
pretty-print that call.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:20 +03:00
Johannes Berg
ac1447ae9d build: Rebuild libs all the time
When files change that go into a static library such as libutils.a, then
libutils.a doesn't get rebuilt from, e.g., wlantest because the
top-level Makefile just calls the library make if the library doesn't
exist yet.

Change that by making the library depend on a phony target (cannot make
it itself phony due to the pattern) so that the build will always
recurse into the library build, and check there if the library needs to
be rebuilt.

While at it, remove the (actually unnecessary) mkdir so it doesn't get
done each and every time you do 'make'.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:18:02 +03:00
Udhayakumar Mahendiran
6c41d43f1a mesh: Stop SAE auth timer when mesh node is removed
Not doing this could cause wpa_supplicant to crash.

Signed-off-by: Udhayakumar Mahendiran <udhayakumar@qubercomm.com>
2020-10-12 20:16:12 +03:00
Masashi Honma
267d619798 tests: Fix mesh_open_vht_160 false negative by using common finalizer
mesh_open_vht_160 might fail with this message:

---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:53 +03:00
Masashi Honma
fd59cc8924 tests: Fix wpas_mesh_open_vht_80p80 false negative by using common finalizer
wpas_mesh_open_vht_80p80 might fail with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:46 +03:00
Masashi Honma
54830a2445 tests: Fix wpas_mesh_open_vht20 false negative by using common finalizer
wpas_mesh_open_vht20 might fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:39 +03:00
Masashi Honma
91de752d17 tests: Fix wpas_mesh_open_vht40 false negative by using common finalizer
wpas_mesh_open_vht40 might fail with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:32 +03:00
Masashi Honma
5eea042220 tests: Fix wpas_mesh_open_ht40 false negative by using common finalizer
wpas_mesh_open_ht40 might fail with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:25 +03:00
Masashi Honma
0bea288fbe tests: Fix wpas_mesh_open_5ghz false negative by using common finalizer
wpas_mesh_open_5ghz might fail with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:15 +03:00
Masashi Honma
ee03056a62 tests: Fix mesh_secure_ocv_mix_legacy false negative by using common finalizer
mesh_secure_ocv_mix_legacy might fail with this message:

---------------
wlan0: Country code not reset back to 00: is AZ
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:17:52 +03:00
Johannes Berg
154b18d950 build: Fix dependency file inclusion
The objs.mk include changes for archive files broke things
completely and none of the dependency files (*.d) ever got
included, as the expansion there ended up empty.

Clearly, my mistake, I should've tested that better. As we
don't need the %.a files in the list there use filter-out
to remove them, rather than what I had lazily wanted to do,
which was trying to read %.d files for them. The filter-out
actually works, and avoids looking up files that can never
exist in the first place.

Fixes: 87098d3324 ("build: Put archive files into build/ folder too")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 11:05:16 +03:00
Ze Gan
79db311e89 macsec_linux: Fix receive-lowest-PN setting
Setting of the PN for the receive SA failed because the SCI wasn't
provided. Fix this by adding the needed attribute to the command.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2020-10-11 20:35:35 +03:00
Wystan Schmidt
e3b47cdf86 DPP2: Add DPP_CHIRP commands to hostapd_cli and wpa_cli
Add the DPP control interface chirp commands to the CLIs for greater
visibility and ease of use.

Signed-off-by: Wystan Schmidt <wystan.schmidt@charter.com>
2020-10-11 20:26:21 +03:00
Jimmy Chen
cb3b709367 P2P: Set ap_configured_cb during group reform process
We found that if REMOVE-AND-REFORM occurs before a group is started,
it would not send out GROUP-STARTED-EVENT after AP is enabled.

In the remove-and-reform process, ap_configured_cb is cleared. If a
group is not started, p2p_go_configured() will not be called after
completing AP setup. Fix this by preserving the callback parameters.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2020-10-11 20:08:37 +03:00
Jimmy Chen
0e9f62e514 P2P: Fallback to GO negotiation after running out of GO scan attempts
We found a problem that p2p_fallback_to_go_neg is not handled correctly
after running out of GO scan attempts. When autojoin is enabled and a
group is found in old scan results, supplicant would try to scan the
group several times. If the group is still not found, it reports group
formation failure while p2p_fallback_to_go_neg is enabled already.

If p2p_fallback_to_go_neg is enabled, it should fallback to GO
negotiation, but not report group formation failure after running out of
GO scan attempts.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2020-10-11 20:00:57 +03:00
Andrew Beltrano
1a0169695b hostapd_cli: Add dpp_bootstrap_set command
Expose DPP_BOOTSTRAP_SET through hostapd_cli command
dpp_bootstrap_set <id> <configurator params..>

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-11 19:51:39 +03:00
Andrew Beltrano
7e4ed93d36 wpa_cli: Add dpp_bootstrap_set command
Expose DPP_BOOTSTRAP_SET through wpa_cli command dpp_bootstrap_set <id>
<configurator params..>

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-11 19:47:08 +03:00
Johannes Berg
5c7a048e45 tests: build.sh: Avoid copying .config if identical
If the .config file is already identical, avoid copying it even if -f
was specified; this improves build time if nothing has changed.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:42:52 +03:00
Johannes Berg
e7c11ad249 tests: build.sh: Remove 'make clean' steps
Since the build artifacts are now landing in distinct directories, we
don't need to 'make clean' and save some rebuild time.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:41:41 +03:00
Johannes Berg
27fb429e95 wpaspy: Allow building with python3
Add the necessary modified module registration code to allow building
wpaspy with python3. Also clean up the wpaspy_close() function to not
poke into the python version specific details.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:41:08 +03:00
Jouni Malinen
45a1bfd956 gitignore: Remove obsolete mac80211_hwsim entry
That directory was removed last year, so no need to try to ignore the
build result from there anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-10-11 19:36:18 +03:00
Johannes Berg
283eee8eed gitignore: Clean up a bit
Now that we no longer leave build artifacts outside the build folder, we
can clean up the gitignore a bit. Also move more things to per-folder
files that we mostly had already anyway.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:32:50 +03:00
Markus Theil
ae0b90dfa4 mesh: Allow channel switch command
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-11 11:24:14 +03:00
Johannes Berg
87098d3324 build: Put archive files into build/ folder too
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).

Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.

Note that due to the use of thin archives, this required
building with absolute paths.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:16:00 +03:00
Johannes Berg
00b5e99b65 build: Use the new build system for fuzz tests
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:15:16 +03:00
Juliusz Sosinowicz
a49f628845 wolfSSL: Fix wrong types in tls_wolfssl.c
wolfSSL_X509_get_ext_d2i() returns STACK_OF(GENERAL_NAME)* for
ALT_NAMES_OID therefore wolfSSL_sk_value needs to expect a
WOLFSSL_GENERAL_NAME*.

In addition, explicitly check for NULL return from wolfSSL_sk_value().

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2020-10-11 10:56:47 +03:00
Pali Rohár
58c18bcf86 hostapd: Fix error message for radius_accept_attr config option
Error message contained wrong config option.

Signed-off-by: Pali Rohár <pali@kernel.org>
2020-10-10 20:53:01 +03:00