Commit graph

7458 commits

Author SHA1 Message Date
Jouni Malinen
6a188ba3fc tests: RADIUS server unreachable with error handling
radius_{auth,acct}_unreachable tested some parts of RADIUS client code
error handling. However, they did not test everything since the send()
calls for unreachable port on localhost did not return an error (that
error was reported on receive side). Extend this with similar test cases
using unreachable IP address to get send() error returns covered as
well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 18:34:39 +03:00
Jouni Malinen
70d4084885 RADIUS client: Fix socket close/re-open on server change
Both IPv4 and IPv6 sockets were not closed consistently in the paths
that tried to change RADIUS servers. This could result in leaking
sockets and leaving behind registered eloop events to freed memory on
interface removal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 18:09:42 +03:00
Jerry Yang
d045cc8e4c RADIUS client: Fix crash issue in radius_client_timer()
While iterating through RADIUS messages in radius_client_timer(), one
message entry may get flushed by "radius_client_retransmit -->
radius_client_handle_send_error --> radius_client_init_auth -->
radius_change_server --> radius_client_flush". This could result in
freed memory being accessed afterwards.

Signed-off-by: Jerry Yang <xyang@sonicwall.com>
2014-05-30 18:08:59 +03:00
Jouni Malinen
c1fb75a6e2 RADIUS client: Handle ENETUNREACH similarly to other failure cases
This is one more possible send() error that should trigger RADIUS server
change if multiple servers are configured.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 18:08:54 +03:00
Jouni Malinen
9ed4076673 RADIUS client: Do not try to send message without socket
It is possible for the RADIUS authentication/accounting socket to not be
open even if partial RADIUS server configuration has been done through
the control interface SET commands. Previously, this resulted in send()
attempt using fd=-1 which fails with bad file descriptor. Clean this up
by logging this as a missing configuration instead of trying to send the
message when that is known to fail.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 18:08:37 +03:00
Eduardo Abinader
cc0b7cb188 hostapd_cli: Fix segmentation fault with interface command
ctrl_ifname was not being freed and allocated consistently by using
proper functions: os_free() and os_strdup(). This can result in
segmentation fault when these OS specific wrappers use different
implementation (e.g., with CONFIG_WPA_TRACE=y).

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-30 10:22:29 +03:00
Jouni Malinen
e707f9aac7 tests: P2P Client inviting a device to join a group
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 16:59:51 +03:00
Jouni Malinen
95cf24abcd tests: More protocol testing coverage for P2P invitation messages
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 16:46:59 +03:00
Jouni Malinen
114153b975 P2P: Debug print channel lists for invitation processing
This makes invitation process more consistent with GO Negotiation as far
as the debug log entries are concerned and the resulting log is more
helpful for understanding channel selection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 16:46:28 +03:00
Jouni Malinen
4eb3b76b0f OpenSSL: Fix OCSP certificate debug print to use wpa_printf
Instead of using X509_print_fp() to print directly to stdout, print the
certificate dump to a memory BIO and use wpa_printf() to get this into
the debug log. This allows redirection of debug log to work better and
avoids undesired stdout prints when debugging is not enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 15:37:18 +03:00
Jouni Malinen
9e669cb5ff tests: Hide stdout from Popen() to avoid undesired stdout prints
ap_cipher_tkip_countermeasures_{ap,sta} printed out the MAC addresses in
stdout which resulted in the debug log not starting the PASS/FAIL
information at the beginning of the line. Hide these unnecessary prints
to avoid that.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 15:37:18 +03:00
Jouni Malinen
c50f0eac11 tests: P2P Invitation Response protocol tests
This verifies most of the error cases in Invitation Response processing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 15:37:17 +03:00
Jouni Malinen
2f3b5fff15 tests: Invitation request with mismatching channel requirements
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 15:37:17 +03:00
Jouni Malinen
b1809dab7e tests: P2P invitation rejected from unknown peer
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 15:37:17 +03:00
Jouni Malinen
cdad30be2a tests: P2P invitation with Wi-Fi Display enabled
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 15:37:17 +03:00
Jouni Malinen
350a7ba90f tests: HS 2.0 remediation required from SQL user DB
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-28 00:56:13 +03:00
Jouni Malinen
f6fb1926bb HS 2.0R2: Fix subscr_remediation_method for RADIUS server
This configuration parameter was not used at all in the RADIUS server
implementation and instead, hard coded 0 was sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-28 00:56:13 +03:00
Jouni Malinen
2d2dd488be tests: Add module tests for src/common
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-28 00:56:13 +03:00
Jouni Malinen
74879f320d Remove extra newline from a debug print
"Unknown WFA information element ignored" debug message had an extra
newline at the end.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-27 23:39:46 +03:00
Jouni Malinen
147848ec4d nl80211: Do not add all virtual interfaces to drv->if_indices
Commit 04eff7d5ba or something around that
timeframe may have caused a regression on how drv->if_indices gets used
with wpa_supplicant. Most (curretly likely all) wpa_supplicant virtual
interface use cases should not actually use this. This could result in
issues with P2P group interfaces delivering events to incorrect
interface (parent rather than the group interface). The previous commit
removed some of the issues, but more complete fix is to undo some of
those merged hostapd/wpa_supplicant operations.

Filter add_ifidx() uses based on hostapd vs. wpa_supplicant and iftype
to get closer to the earlier wpa_supplicant behavior for the driver
events from virtual interfaces.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 18:47:41 +03:00
Jouni Malinen
de88430311 nl80211: Fix del_ifidx() with mixed parent interface cases
It is possible for a virtual interface to be added and removed by
different parent interfaces. This can happen, e.g., with P2P group
interfaces if the P2P parent interface does not happen to be the first
entry in the wpa_supplicant global interface list. That first entry is
used to remove the group interface while the addition would have
happened with the dedicated P2P management interface.

This can result in the interface that added a new virtual interface
getting stuck with an obsolete ifindex value in the drv->if_indeces list
and as such, deliver some extra events to incorrect destination wpa_s
instance. In particular, this can result in INTERFACE_DISABLED event
from deletion of a P2P group interface getting delivered incorrectly to
the parent wpa_s instance which would disable that interface even though
the interface remains in enabled state.

Fix this by clearing the removed interface from all if_indeces lists
instead of just the one that was used to delete the interface. This is
the simplest approach since the ifindex is unique and there is no need
to track which interface added the new virtual interface to always hit
the same one when removing the interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 18:16:58 +03:00
Jouni Malinen
5e5818458f tests: Persistent group invitation while GO already running
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 13:53:01 +03:00
Jouni Malinen
84d746c8dd tests: P2P persistent group during concurrent operation
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 13:53:00 +03:00
Jouni Malinen
2d68cfaaec tests: Persistent P2P group re-invocation without persistent reconnect
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 13:53:00 +03:00
Jouni Malinen
829a1b3296 P2P: Clear p2p_auth_invite after each persistent group invitation
This makes the operations more consistent when going through multiple
persistent group re-invocation sequences in a row. Each invitation needs
to be accepted separately if persistent reconnect is not enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 12:09:25 +03:00
Jouni Malinen
f347935f0d tests: Unit tests for WPA_TRACE
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-27 00:03:06 +03:00
Jouni Malinen
a3fe74bde1 tests: Add unit tests for ext_password
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 23:57:32 +03:00
Boris Sorochkin
e403ba859e Parse DMG capabilities when reporting to external interfaces
This adds [DMG] and [PBSS] flags for scan results and BSS table entries
using the IEEE Std 802.11ad-2012 updated definition of the Capability
field.

Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
2014-05-26 23:35:52 +03:00
Boris Sorochkin
f7454c97df P2P: Add 60 GHz in channel to frequency conversion
Add regulatory classes for the 60GHz band.

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
2014-05-26 23:35:52 +03:00
Jouni Malinen
fc3f1d1b4d Remove unused hostapd_ip_diff()
There are no users of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
3eb744a35a tests: int_array unit tests
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
8b0980af50 tests: Move bitfield unit tests into wpa_supplicant module test
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
8860e0f47c tests: Add printf encoding/decoding module tests
This replaces tests/test-printf.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
aa9735e772 tests: P2P and driver event to avoid frequencies
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
7bb70909a2 Add DRIVER_EVENT AVOID_FREQUENCIES for testing
This can be used to simulate driver events indicating frequencies to
avoid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
de8c4144fa tests: No pending query for GAS comeback
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
1d1de2306d tests: Limit on number of GAS pending dialog contexts
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
d73c7b9626 GAS: Send error response if no room for pending dialog context
Instead of silently dropping the response that requires fragmentation,
send an error response to the station to make it aware that no full
response will be available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
745f87715e tests: Verify SQLite DB as hostapd EAP user database
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
658d495db2 HS 2.0: Include OSU client sample in wpa_supplicant release package
This adds the new hs20 subdirectory into release tarballs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
2396f02a43 Reserve QCA vendor specific nl80211 commands 14..19
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-22 16:29:48 +03:00
Jithu Jance
5661bd0f70 P2P: Avoid resetting pending_listen_freq if p2p_listen is pending
If p2p_listen is called while previous listen command's
remain_on_channel event is pending, the p2p_listen would fail
and it used to clear pending_listen_freq. Now when the remain-
on-channel event comes from the driver, the pending_listen_freq
doesn't match and gets ignored. This was leading to a case
where listen state was getting stuck (in case of WAIT_PEER_CONNECT
state).

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-05-22 16:29:36 +03:00
Jithu Jance
8802326ff9 nl80211: Indicate SHA256-based AKM suites in CONNECT/ASSOCIATE
Previously, the NL80211_ATTR_AKM_SUITES was skipped if either of these
SHA256-based AKMs was negotiated.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-05-21 23:48:00 +03:00
Jouni Malinen
e044016422 tests: gitignore TNC library files
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-21 18:47:57 +03:00
Jouni Malinen
3ba5cb29af tests: Add -rdynamic to fix TNC IMV/IMC loading on some platforms
The example IMV and IMC used for TNC testing has references to
wpa_printf and other functions from hostapd/wpa_supplicant. Link the
binaries in a way that allows these symbols to be resolved while loading
the libraries at run time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-21 14:56:34 +03:00
Jouni Malinen
46fcf474ff tests: Add CAVP test vectors for RSA/PKCS #1 v1.5 signature validation
This allow the PKCS #1 and RSA implementation to be validated against
the test vectors from
http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2rsatestvectors.zip
and
http://csrc.nist.gov/groups/STM/cavp/documents/dss/SigVer15EMTest.txt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-20 19:52:57 +03:00
Jouni Malinen
54ac6ff8c4 PKCS 1: Add function for checking v1.5 RSA signature
This could be used as a step towards replacing more specific functions
used in X.509 and TLS processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-20 19:52:18 +03:00
Jouni Malinen
d3811845f3 RSA: Add OID definitions and helper function for hash algorithms
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-19 23:27:30 +03:00
Jouni Malinen
ab6d047405 Add function for building RSA public key from n and e parameters
This is similar to the existing functionality that parsed ASN.1-encoded
RSA public key by generating a similar public key instance from already
parsed n and e parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-19 23:27:30 +03:00
Jouni Malinen
6c5be116dd PKCS #1: Enforce minimum padding for decryption in internal TLS
Follow the PKCS #1 v1.5, 8.1 constraint of at least eight octets long PS
for the case where the internal TLS implementation decrypts PKCS #1
formatted data. Similar limit was already in place for signature
validation, but not for this decryption routine.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-19 23:27:30 +03:00