Commit graph

16621 commits

Author SHA1 Message Date
Johannes Berg
722138cd25 build: Put object files into build/ folder
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.

This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.

For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:51:39 +03:00
Johannes Berg
0464d5d5d6 build: Move config file handling into build.rules
This will make it easier to split out the handling in
a proper way, and handle common cflags/dependencies.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:49:31 +03:00
Johannes Berg
0430bc8267 build: Add a common-clean target
Clean up in a more common fashion as well, initially for ../src/.

Also add $(Q) to the clean target in src/

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:48:41 +03:00
Johannes Berg
06a6adb54e build: Use build.rules in lib.rules
Use the new build.rules in lib.rules and also unify the
clean targets to lib.rules.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:47:41 +03:00
Johannes Berg
3ff115db6f build: Disable built-in rules
This makes things faster and easier to debug.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:47:41 +03:00
Johannes Berg
a41a29192e build: Pull common fragments into a build.rules file
Some things are used by most of the binaries, pull them
into a common rule fragment that we can use properly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:47:29 +03:00
Johannes Berg
21cc50a434 HS 2.0 server: Add a .gitignore file
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:42:58 +03:00
Thomas Pedersen
a28d127b1a AP: Reflect status code in SAE reflection attack test
When testing SAE reflection, the incoming commit may have the H2E status
code (126) or SAE-PK (127), but the test code in the AP was always
sending back status code 0. The STA would then reject the commit
response due to expecting H2E/SAE-PK status code.

Just reflect the incoming status code so the commit can be rejected
based on the SAE contents regardless of which variant of SAE was used.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-10-09 16:50:36 +03:00
Roy Marples
e8b85c078e iface match: Unspecified matched interfaces should not log driver fails
If there is no matching interface given, but interface matching is
enabled, all interfaces on the system will try to be initialized. Non
wireless interfaces will fail and the loopback device will be one of
these, so just log a diagnostic rather than an error.

Signed-off-by: Roy Marples <roy@marples.name>
2020-10-09 16:50:36 +03:00
Roy Marples
83fa0a1004 op_classes: Don't report an error when there are none to add
Instead, log a diagnostic so that noise to the user is reduced. This is
expected behavior with driver interfaces that do not report supported
operating modes/classes.

Signed-off-by: Roy Marples <roy@marples.name>
2020-10-09 16:50:36 +03:00
Roy Marples
8776551bf8 BSD: don't log SIOCG80211 errors during interface setup
Unless debugging.
wpa_supplicant will log it failed to initialized the driver for the
interface anyway so this just silences some noise for users.

Signed-off-by: Roy Marples <roy@marples.name>
2020-10-09 16:50:36 +03:00
Jouni Malinen
fb0c693d5f tests: bgscan parameter update
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-09 16:50:36 +03:00
Matthew Wang
41d20df7f3 D-Bus: Allow empty string in dbus network properties
This is needed for clearing previously set parameters in a similar
manner that was already available through the control interface
SET_NETWORK command.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 16:50:36 +03:00
Jouni Malinen
b2a1424659 tests: Empty network profile parameters will be valid
Remove this part of the dbus_network test case since it would be causing
failures after wpa_supplicant is modified to accept empty strings
through D-Bus.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-09 16:50:36 +03:00
Matthew Wang
4756ecabcf Allow bgscan parameters to be reconfigured
Teach wpa_supplicant to {de,}initialize bgscans when bgscan parameters
are set after initial connection.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 16:50:36 +03:00
Matthew Wang
922fa09972 Global parser functions to return 1 when property unchanged
Currently, wpa_config_set(), the function that sets wpa_supplicant
per-network properties, returns 1 when a property it attempts to set is
unchanged. Its global parallel, wpa_config_process_global(), doesn't do
this even though much of the code is very similar. Change this, and
several of the parser functions, to resemble the per-network parser and
setter functions.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 16:50:36 +03:00
Matthew Wang
a87173b1d1 D-Bus: Skip property update actions when wpa_config_set() returns 1
When network properties are updated via dbus, wpa_config_set() is used
to update the property in the wpa_ssid struct. If it returns 1, the
property was not changed and there's no need to perform any of the
update actions.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2020-10-09 15:31:05 +03:00
Beniamino Galvani
1c58317f56 D-Bus: Allow changing an interface bridge via D-Bus
D-Bus clients can call CreateInterface() once and use the resulting
Interface object to connect multiple times to different networks.

However, if the network interface gets added to a bridge, clients
currently have to remove the Interface object and create a new one.

Improve this by supporting the change of the BridgeIfname property of
an existing Interface object.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2020-10-09 15:18:10 +03:00
Janusz Dziedzic
48e4680dae tests: remote: Add run_monitor test case
This is useful to run monitor quickly:
./run-tests.py -t run_monitor -m mon:36,20,36,0:1,20,1,0

In such example we will get one PCAP for 36/20 and 1/20.
After execution, PCAP file is in the log directory, e.g.:
./logs/2019_11_11_13_36_24/run_monitor_mon_wlp3s0_wlp5s0.pcap

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-10-09 11:24:00 +03:00
Janusz Dziedzic
c203897a88 tests: remote: Allow passing of parameters with monitor interface
This is mainly for standalone monitor in case we know and would like to
setup specific monitor configuration.

-m monitor:<chan>,<bw>, <cf1>, <cf2>:...

For example:
-m monitor:1,40,3,0
-m e4300:1,40,3,0:11,40,9,0

This also supports monitor with multiple interfaces (one pcap).

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-10-09 11:21:05 +03:00
Janusz Dziedzic
8456b9e7db tests: remote: Allow passing of parameters with devname
Allow parameters to be passed together with the device name. For
example, -m mon1:1,20,1,0

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-10-09 11:19:23 +03:00
Janusz Dziedzic
777afa9f07 tests: remote: Unblock rfkill on monitor
Unblock wifi rfkill before setup/run monitor.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-10-09 11:18:30 +03:00
Janusz Dziedzic
925dea791a tests: remote: Stop wpa_supplicant/hostapd using pidfile
Instead of killall, use pidfile.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-10-09 11:18:00 +03:00
Janusz Dziedzic
adf6cfb0ab tests: remote: monitor use execute_stop()
Stop the single thread instead of killing all monitor apps.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-10-09 11:17:11 +03:00
Janusz Dziedzic
14d28a655a tests: remotehost add execute_stop()
Before we have to kill an application we start in the thread - in most
cases using killall and sometimes kill other applicantions, e.g., tcpdump,
iper, iperf3, tshark.

With this patch we are able to stop/kill a single application/thread
instead, based on the pid file.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-10-09 11:15:42 +03:00
Janusz Dziedzic
fed855d5dd tests: remote host stderr workaround
In case we are using ssh MUX (which speed up a lot test execution) with
remotehost we could hit cases where ssh will hang up. This depends on
different ssh versions and remotehost implementation.

stderr as a tmpfile fixes this problem.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-10-09 11:13:48 +03:00
Janusz Dziedzic
ac6595f281 tests: remote: Sort tests correctly
Problem appeared after introducing python3 support.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2020-10-09 11:11:32 +03:00
Jouni Malinen
e7b27637a5 tests: P2P with 6 GHz disabled
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-08 23:29:50 +03:00
Sreeramya Soratkal
14318ccff5 P2P: Add configuration support to disable P2P in 6 GHz band
Add a new configuration parameter p2p_6ghz_disable=1 to disable P2P
operation in the 6 GHz band. This avoids additional delays caused by
scanning 6 GHz channels in p2p_find and p2p_join operations in the cases
where user doesn't want P2P connection in the 6 GHz band.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-10-08 23:29:22 +03:00
Jouni Malinen
fd9fe8bc12 tests: OCV and missing PMF or OCI
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-08 23:07:43 +03:00
Veerendranath Jakkam
debf3e2165 OCV: Work around for misbehaving STAs that indicate OCVC=1 without OCI
Some legacy stations copy previously reserved RSN capability bits,
including OCVC, in (Re)Association Request frames from the AP's RSNE but
do not indicate MFP capability and/or do not send OCI in RSN handshakes.
This is causing connection failures with such erroneous STAs.

To improve interoperability with such legacy STAs allow a workaround OCV
mode to be enabled to ignore OCVC=1 from the STA if it does not follow
OCV requirements in the first protected exchange. This covers cases
where a STA claims to have OCV capability, but it does not negotiate use
of management frame protection or does not include OCI in EAPOL Key msg
2/4, FT Reassociation Request frame, or FILS (Re)Association Reqest.

The previous behavior with ocv=1 is maintained, i.e., misbehaving STAs
are not allowed to connect. When the new workaround mode is enabled with
ocv=2, the AP considers STA as OCV capable on below criteria
- STA indicates both OCV and MFP capability
- STA sends OCI during connection attempt in a protected frame

Enabling this workaround mode reduced OCV protection to some extend
since it allows misbehavior to go through. As such, this should be
enabled only if interoperability with misbehaving STAs is needed.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-08 18:46:38 +03:00
Shaakir Mohamed
d48a3a6768 FT: Modify status code in FT Reassoc frame for invalid OCI channel info
Modify status code in FT Reassociation Response frame from
WLAN_STATUS_UNSPECIFIED_FAILURE to WLAN_STATUS_INVALID_FTE when replying
to an invalid OCI channel info (subelement of FTE) in FT Reassociation
Request frame.

Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
2020-10-08 00:20:10 +03:00
Jouni Malinen
fe27c464fd tests: DPP-CHIRP-RX reception
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-07 21:31:46 +03:00
Andrew Beltrano
0e8d569d47 DPP2: Presence Announcement notification in STA
Generate a control interface event upon receipt of DPP Presence
Announcement frames. This allows external programs to instrument
wpa_supplicant with bootstrapping information on-demand.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 21:23:05 +03:00
Andrew Beltrano
980c4da413 DPP2: Presence Announcement notification in AP
Generate a control interface event upon receipt of DPP Presence
Announcement frames. This allows external programs to instrument hostapd
with bootstrapping information on-demand.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 21:20:18 +03:00
Andrew Beltrano
8b667bfa14 DPP2: Presence Announcement notification
Define a control event with bootstrap id, frame source, frequency, and
chirp hash for receipt of Presence Announcement (chirp) frames.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 21:13:37 +03:00
Andrew Beltrano
cf3d260c39 DPP2: Fix hostapd crash setting global configurator params on chirp RX
When a Presence Announcement frame is received, a check is done to
ensure an ongoing auth is not in progress (!hapd->dpp_auth). A new DPP
auth is then initialized, however, when setting global configurator
params for it, the hapd->dpp_auth pointer is used which was earlier
confirmed as NULL, causing a crash in dpp_set_configurator params when
the pointer is dereferenced.

This only occurs when there are global DPP configurator params to be set
and the peer has no overriding configurator params. If no global DPP
configurator params exist, the call to dpp_set_configurator exits early
and the problem is not observed.

Fix by using the newly init'ed DPP auth structure for setting global
DPP configurator params.

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-07 20:57:36 +03:00
Yegor Yefremov
a8f304228d Document the missing ignore_broadcast_ssid network profile parameter
Copy parameter description from hostapd.conf.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2020-10-07 20:53:20 +03:00
Yegor Yefremov
aa704020a3 DBus: Update dont_quote[] with ignore_broadcast_ssid parameter
ignore_broadcast_ssid is supported when using with the config
file. But it generates an error if you try to set it via the
DBus interface.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2020-10-07 20:51:22 +03:00
Jouni Malinen
88d3f43bd3 DPP2: Replace OneAsymmetricKey version number (v2 to v1)
DPP tech spec was modified to use v1(0) instead of v2(1) for the
OneAsymmetricKey in the Configurator backup structure to match the
description in RFC 5958 Section 2 which indicates v2 to be used when any
items tagged as version 2 are included. No such items are actually
included in this case, so v1 should be used instead.

Change OneAsymmetricKey generation to use v1(0) instead of v2(1) and
parsing to accept either version to be used. This is not backwards
compatible with the earlier implementation which requires v2(1) when
parsing the received value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-07 01:04:48 +03:00
Disha Das
8e5739c3ac DPP2: Check channel 6 validity before adding it to chirp channel list
Check if the 2.4 GHz channel 6 is in the list of available channels
advertised by the driver before adding in to the chirping frequency
list. This fixes issues, e.g., with a 5 GHz only interface.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 23:44:06 +03:00
Jouni Malinen
d049aeb0c6 tests: DPP with hostapd as configurator requiring fragmentation
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-06 23:37:17 +03:00
Disha Das
5c6c0d569a DPP: Fix GAS fragmentation for DPP Config Response from hostapd
The Query Response Length field was missing from GAS Initial Response
and GAS Comeback Response frames in the DPP specific code path from
hostaps GAS server. This resulted in invalid frames being used when the
DPP Config Response needed fragmentation. Fix this by adding the Query
Response Length fields into these frames.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 23:34:41 +03:00
Jouni Malinen
de250a1984 tests: WPA2-PSK AP with PMF association comeback (WPS)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-06 22:46:26 +03:00
Disha Das
a7f55f7f68 WPS: Enable SA Query checks for WPS AP
Initiate SA Query for a WPS+MFP AP. STA flag checks for MFP added for
Association Request frames that use WPS IE without RSNE. This is needed
to avoid giving an opportunity to skip the protection against
disconnections when WPS is enabled.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 22:44:43 +03:00
Jouni Malinen
ce637df76c tests: P2P autonomous GO and interface being removed
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-01 15:48:05 +03:00
Jouni Malinen
43ef227e90 P2P: Make use wpas_p2p_reconsider_moving_go timeout gets canceled
The per-interface P2P data freeing function did not cover this eloop
timeout that could potentially have been registered. Explicitly cancel
this timeout to make sure no references to freed memory can remain in
such a case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-01 15:48:05 +03:00
Veerendranath Jakkam
57536a5678 P2P: Fix P2P interface remuval through wpa_supplicant_remove_iface()
wpa_supplicant_remove_iface() removes the P2P management interface from
the global interfaces list before calling wpa_supplicant_deinit_iface().
When wpas_p2p_group_remove() is called from
wpa_supplicant_deinit_iface(), the P2P group created on the calling
wpa_s was not getting cleared as the calling wpa_s is not in the list of
global->ifaces. This results in the P2P management interface being
removed without disconnecting the p2p_group created on it. This could
result in an illegal access of freed memory, e.g., when a pending eloop
task wpas_p2p_reconsider_moving_go() was triggered with the leftover ctx
pointer to the removed P2P interface instance.

Fix this by disconnecting the P2P group created on interface to be
deinitialized before deinitializing the interface.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-01 15:48:05 +03:00
Sreeramya Soratkal
760d10cdea P2P: Include channels 149 to 161 for operating classes 128 and 130
With the configuration defined in the global_op_class array, the
channels starting from 149 in the operating classes 128 and 130 were not
considered for P2P channel setup due to the non-continuous
incrementation of channel indexes. The other channels in these operating
classes were considered. Handle the channels from 149 to 161 in the
operating classes 128 and 130 for P2P channel setup by handling this
jump in the channel number incrementation.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-10-01 15:47:56 +03:00
Jouni Malinen
ac882374a5 SAE: Fix error path handling for SSWU
crypto_bignum_init_set() might fail in case of memory allocation
failures. These two cases within sswu() did not handle that properly,
i.e., a memory allocation failure could have resulted in dereferencing a
NULL pointer. Check the return value before proceeding to fix this.

Fixes: aeb022f8e5 ("SAE: Implement hash-to-element PT/PWE crypto routines")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-01 09:35:58 +03:00