Commit graph

16967 commits

Author SHA1 Message Date
Jouni Malinen
e75335384a SAE: Add testing code for reflection attack
Allow hostapd to be configured to perform SAE reflection attack for SAE
testing purposes with sae_reflection_attack=1 configuration parameter.
This is included only in CONFIG_TESTING_OPTIONS=y builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-04 13:32:03 +03:00
Jouni Malinen
e61fea6b46 SAE: Fix PMKSA caching behavior in AP mode
Add PMKID into EAPOL-Key 1/4 when using SAE and fix the PMK-from-PMKSA
selection in some cases where PSK (from passphrase) could have been
used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-04 13:32:03 +03:00
Jouni Malinen
a6f238f217 DPP: Add base64 dependency in makefiles
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-04 13:31:21 +03:00
Jouni Malinen
c2d4f2eb5d DPP: Derive PMKID using SHA256() for all curves
This was previously defined inconsistently (H() vs. SHA256()), but it is
now clarified in the draft tech spec to use SHA256(), so update
implementation to do that.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 23:59:44 +03:00
Jouni Malinen
bbb42bf091 tests: Verify data connectivity with DPP AKM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 23:47:58 +03:00
Jouni Malinen
ee8ef9cacf tests: DPP association with nl80211 connect command
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 23:31:46 +03:00
Jouni Malinen
64a0a75b5b nl80211: Fix auth_alg selection with FILS in the connect command
NL80211_ATTR_AUTH_TYPE needs to be skipped if multiple auth_alg options
are included. The previous list missed the new FILS auth_alg here and
ended up not doing so if OPEN and FILS were included.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 23:30:20 +03:00
Jouni Malinen
7475e80f14 FILS: Fix wpa_supplicant AP build without CONFIG_IEEE80211W
CONFIG_FILS was missed as one of items requiring the p pointer in
hostapd_notif_assoc().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 17:33:03 +03:00
Jouni Malinen
b62c948a26 tests: Make dpp_qr_code_auth_initiator_enrollee more robust
Wait for the configuration step to complete before forcefully
terminating DPP listen. Previous version was causing failures for this
test case sequence:
dpp_qr_code_auth_initiator_enrollee dpp_pkex_config2

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-23 15:55:46 +03:00
Jouni Malinen
85fd8263a5 DPP: Use Transaction ID in Peer Discovery Request/Response frames
DPP tech spec changed the contents of these frames by replacing the
public key hash attributes with a Transaction ID attribute that gets
copied from the request to the response to identify the transaction in a
simpler manner.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-23 12:51:41 +03:00
Hu Wang
a28675da23 hs20-osu-client: Fix build with new OpenSSL and BoringSSL
Use the SSL_get_SSL_CTX() helper instead of dereferencing SSL* since
struct ssl_st is not exposed in public header files anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-23 11:40:10 +03:00
Sunil Dutt
cf39475b40 Introduce QCA_NL80211_VENDOR_SUBCMD_HANG
This is an event indicating to the user space that the driver has
detected an internal failure. The driver is expected to recover from
such a failure automatically, e.g., by resetting the device. This event
carries the information indicating the reason that triggered this
detection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-23 11:32:07 +03:00
Jouni Malinen
96fa53f911 tests: Update DPP discovery override value format
This changed in the DPP tech spec, so update the test case to match the
current encoding.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-23 00:31:30 +03:00
Jouni Malinen
17385fba2a tests: JSON module tests for additional array parsing
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-23 00:29:52 +03:00
Jouni Malinen
d4488b9dad JSON: Fix parsing of arrays of numbers, strings, literals
The previous implementation was able to parse arrays of objects, but not
arrays of other types of items.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-23 00:28:55 +03:00
Jouni Malinen
a4bf007877 DPP: Remove devices object from the connector
This was removed from the draft DPP tech spec, so remove it from the
implementation as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 23:46:27 +03:00
Jouni Malinen
d1888b142e tests: Remove use of dpp_devices_override
The devices object was removed, so this parameter will disappear as
well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 23:45:46 +03:00
Jouni Malinen
1ed508d9ea tests: sigma_dut tests for SAE
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 21:23:04 +03:00
Sachin Ahuja
e77d13ef95 QCA vendor attribute to configure beacon miss penalize count for BTC
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-18 21:10:53 +03:00
Sachin Ahuja
7bd88aaf37 QCA vendor attribute to configure beacon miss count
This can be used to dynamically enable/disable beacon miss count.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-18 21:10:53 +03:00
Sandeep Puligilla
505554bbf7 QCA vendor attribute to enable/disable scan
This commit introduces QCA vendor attribute to
disable/enable scan.

Signed-off-by: Sandeep Puligilla <spuligil@qti.qualcomm.com>
2017-08-18 21:10:53 +03:00
Jouni Malinen
d33222d1fe tests: hostapd with zero length ap_pin parameter
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-18 21:10:52 +03:00
Jouni Malinen
ae048257cb WPS: Interpret zero length ap_pin hostapd.conf parameter as "unset"
hostapd allows arbitrary AP PIN to be used in WPS. This means that
setting ap_pin to a zero length string ends up enabling AP PIN so that
external registrars can use this specific zero lenth ap_pin value. There
are apparently some APs that have used this invalid configuration with
unintended results. While the proper fix for that is to fix the
component that generates the invalid configuration, hostapd can also
reject such values since the likelihood of a real world use case for
zero length AP PIN (Device Password) is minimal.

Start interpreting zero length ap_pin parameter value as a request to
"unset" the previously set value in hostapd.conf (or if not previously
set, leave it unset). With this, a hostapd.conf file including the
"ap_pin=" line will end up getting interpretted just like that same file
with the ap_pin parameter completely removed, i.e., with AP PIN being
disabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-14 21:07:09 +03:00
Jouni Malinen
2bdbace634 Remove some obsolete information from hostapd README file
Number of the URLs were not valid anymore and some of the notes have
been obsolete for years.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-08-02 12:01:08 +03:00
Sven Eckelmann
b0fc2ef3a3 hw_features: Fix check of supported 802.11ac channel width
The two channel width bits in the VHT capability field can be decoded in
following values (IEEE Std 802.11ac-2013 8.4.2.160.2 VHT Capabilities
Info field):

 * 0: no 160 or 80+80 MHz support
 * 1: 160 MHz support
 * 2: 160 and 80+80 MHz support
 * 3: (reserved)

The check must therefore not be done bitwise but instead it must checked
whether the capabilities announced by the driver are at least the ones
requested by the user.

Fixes: c781eb8428 ("hostapd: Verify VHT capabilities are supported by driver")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2017-07-18 13:39:46 +03:00
Andrei Otcheretianski
9a6e2a5ede tests: Make wnm_bss_tm_req_with_mbo_ie more robust
On slow machines or inside VM it may take some time for "DISCONNECTED"
event to arrive. Since the retry delay counter is started already, it
may result in less than 5 seconds time between "DISCONNECTED" and
"CONNECTED" events.

Fix the test by taking more accurate timestamps between the events.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-07-18 13:29:07 +03:00
Avraham Stern
b5bf84ba39 WNM: Differentiate between WNM for station and for AP in build
Previously, CONFIG_WNM enabled build that supports WNM for both
station mode and AP mode. However, in most wpa_supplicant cases only
station mode WNM is required and there is no need for AP mode WNM.

Add support to differentiate between station mode WNM and AP mode
WNM in wpa_supplicant builds by adding CONFIG_WNM_AP that should be
used when AP mode WNM support is required in addition to station mode
WNM. This allows binary size to be reduced for builds that require
only the station side WNM functionality.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-07-18 13:28:09 +03:00
Avraham Stern
922dcf1b45 RRM: Remove duplicate frequencies from beacon report scan request
When setting the frequencies for beacon report request scan, it is
possible that a frequency is added twice (e.g., when the same channel
appears both in the channel field and in the AP channel report
subelement). This may cause the scan request to fail.
Make sure the frequencies array contains no duplications before
requesting the scan.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-07-17 18:04:34 +03:00
Andrei Otcheretianski
cdb3aab569 tests: Fix RRM tests to allow refused/incapable responses
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-07-17 18:04:00 +03:00
Avraham Stern
705e2909c6 RRM: Send response when Beacon report request is not supported/refused
Send Radio Measurement response with measurement mode set to reject
in the following cases:
 1. Reporting conditions is not supported.
 2. No valid channels found for the measurement

Sending a response with an incapable indication will stop the AP from
sending other measurement requests of the same type as specified
in IEEE Std 802.11-2016, 11.11.6.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-07-17 18:00:56 +03:00
Avraham Stern
3756acfd48 RRM: Send Radio Measurement response when beacon report scan fails
When failing to trigger scan for beacon report (e.g., when the
requested duration is not supported by the driver), send a
Radio Measurement response with the mode set to refused and don't
retry the scan.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-07-17 17:57:41 +03:00
Jouni Malinen
d557183150 tests: Rejection of group-addressed RRM measurement request
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-07-17 17:47:25 +03:00
Avraham Stern
b3c148e9f8 RRM: Send reject/refuse response only to unicast measurement request
IEEE Std 802.11-2016, 11.11.6 specifies that a station that is unable to
make a requested measurement or refuses to make a measurement shall
respond only if the measurement request was received within an
individually addressed radio measurement request frame, but shall not
respond if such a request was received in a group addressed frame.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-07-17 17:43:32 +03:00
Dmitry Shmidt
51143af7e7 wpa_cli: Fix global control interface for STA-FIRST/STA-NEXT
If global control interface is used and wlan doesn't support P2P,
   wpa_s->global->p2p == NULL, and log shows:
wpa_supplicant: Failed to create interface p2p-dev-wlan0: -5 (I/O error)
wpa_supplicant: nl80211: Failed to create a P2P Device interface p2p-dev-wlan0
wpa_supplicant: P2P: Failed to enable P2P Device interface

Then STA-FIRST/STA-NEXT is not going to redirect to any interface,
making update_stations(ctrl_conn) is stuck in never-ending loop:

sendto(3, "STA-FIRST", 9, 0, NULL, 0)   = 9
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995000})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995833})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
pselect6(4, [3], NULL, NULL, {10, 0}, NULL) = 1 (in [3], left {9, 999995000})
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2017-07-17 14:54:42 +03:00
Jouni Malinen
809c675029 DPP: Fix build with OpenSSL 1.1.0
X509_ALGOR_get0() was modified to use const ** pointer as the first
argument in OpenSSL 1.1.0, so need to use different type here to avoid
compilation issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-07-17 12:26:44 +03:00
Jouni Malinen
89971d8b1e OpenSSL: Clear default_passwd_cb more thoroughly
Previously, the pointer to strdup passwd was left in OpenSSL library
default_passwd_cb_userdata and even the default_passwd_cb was left set
on an error path. To avoid unexpected behavior if something were to
manage to use there pointers, clear them explicitly once done with
loading of the private key.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-07-17 12:06:17 +03:00
Beniamino Galvani
f665c93e1d OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f
Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the
callback from the SSL object instead of the one from the CTX, so let's
set the callback on both SSL and CTX. Note that
SSL_set_default_passwd_cb*() is available only in 1.1.0.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2017-07-17 11:57:16 +03:00
Beniamino Galvani
2b9891bd6e OpenSSL: Add build option to select default ciphers
Add a build option to select different default ciphers for OpenSSL
instead of the hardcoded default "DEFAULT:!EXP:!LOW".

This new option is useful on distributions where the security level
should be consistent for all applications, as in Fedora [1]. In such
cases the new configuration option would be set to "" or
"PROFILE=SYSTEM" to select the global crypto policy by default.

[1] https://fedoraproject.org/wiki/Changes/CryptoPolicy

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2017-07-17 11:55:22 +03:00
Ashwini Patil
65833d71a5 OCE: Add hostapd mode OCE capability indication if enabled
Add OCE IE in Beacon, Probe Response, and (Re)Association Response
frames if OCE is enabled in the configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:27:00 +03:00
Ashwini Patil
332aadb8a2 STA: Add OCE capability indication attribute
Add OCE capability indication attribute in Probe Request and
(Re)Association Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:19:53 +03:00
Ashwini Patil
fb718f94d6 nl80211: Check if driver supports OCE specific features
Check if device supports OCE STA/STA-CFON/AP specific mandatory
features. This commit includes checking based on the QCA vendor
attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:13:22 +03:00
vamsi krishna
46b15e470e Add vendor flags for OCE feature support indication
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:11:35 +03:00
Vidyullatha Kanchanapally
b377ec2585 FILS: Fix issuing FILS connect to a non-FILS AP in driver-FILS case
If an AP is not FILS capable and wpa_supplicant has a saved network
block for the network with FILS key management and a saved erp info,
wpa_supplicant might end up issuing a FILS connection to a non-FILS AP.
Fix this by looking for the presence of FILS AKMs in wpa_s->key_mgmt,
i.e., after deciding on the AKM suites to use for the current
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:11:35 +03:00
Sunil Dutt
9f44f7f3b5 Introduce a vendor attribute to represent the PNO/EPNO Request ID
This request ID was wrongly referred from the REQUEST_ID in
enum qca_wlan_vendor_attr_gscan_config_params which is mapped to
QCA_WLAN_VENDOR_ATTR_PNO_PASSPOINT_LIST_PARAM_NUM in PNO Config.
Hence define a different attribute to represent the request ID
for PNO Config.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:11:35 +03:00
Emmanuel Grumbach
881a92e8b8 FILS: Fix compilation with CONFIG_NO_WPA
wpa_fils_is_completed() was not defined.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2017-07-08 16:21:38 +03:00
Jouni Malinen
c1361765fd tests: Additional EAP-TTLS error path
This is a regression test for a memory leak on an error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-07-08 16:21:38 +03:00
Jouni Malinen
1f2ae8cff5 EAP-TTLS: Fix a memory leak on error paths
The allocated challenge needs to be freed on these error paths as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-07-08 16:21:38 +03:00
Ilan Peer
83e003a913 EAP-TTLS: Fix possible memory leak in eap_ttls_phase2_request_mschap()
The msg buffer needs to be freed on these two error paths.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2017-07-08 16:19:36 +03:00
Ilan Peer
422570eec8 MBO: Fix possible memory leak in anqp_send_req()
In case that an mbo object is allocated, but there is a failure
to resize the wpabuf, need to free the mbo object.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2017-07-08 16:14:03 +03:00
Jouni Malinen
e4e99927bf tests: Additional LEAP error path
This is a regression test for a memory leak on an error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-07-08 16:14:03 +03:00