Commit graph

16434 commits

Author SHA1 Message Date
Jouni Malinen
c1bc0dd80d nl80211: Disable EAPOL TX over control port in AP mode by default
Since this nl80211 mechanism for sending EAPOL frames does not currently
support TX status notification, disable it by default of AP mode where
the Authenticator state machine uses those notifications to optimize
retransmission. The control port TX can be enabled for AP mode with
driver param control_port_ap=1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 16:50:56 +03:00
Markus Theil
12ea7dee31 nl80211: Use nl80211 control port for receiving EAPOL frames
Use and/or set socker owner where necessary to allow EAPOL frames to be
received using the nl80211 control port. This is done when the driver
indicates support for the control port without previous hardcoded
reception of RSN preauth frames.

Use methods which set or use the connection owner nl_sock * where
necessary. Initial operations need to register with the SOCKET_OWNER
attribute set (e.g., connect for STA mode). Final operations need to use
the socket which holds the owner attribute (e.g., disconnect for STA
mode).

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-04-19 16:49:03 +03:00
Markus Theil
8609aa5ba3 nl80211: Tie connect handle to bss init/destroy
This commit creates a connect nl_sock * for every bss unconditionally.
It is used in the next commit for nl80211 control port RX.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-04-19 15:53:02 +03:00
Markus Theil
b4a70018ee nl80211: Handle control port frame in bss events
In order to work in AP mode, handle control port frame RX as per bss
event.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-04-19 15:53:02 +03:00
Markus Theil
6f70fcd986 nl80211: Check ethertype for control port RX
nl80211 control port event handling previously did not differentiate
between EAPOL and RSN preauth ethertypes. Add checking of the ethertype
and report unexpected frames (only EAPOL frames are supposed to be
delivered through this path).

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-04-19 15:53:02 +03:00
Jouni Malinen
932546ac28 nl80211: Add a separate driver capability for control port RX
This is needed since the initial implementation of the control port
mechanism in the kernel mixed in RSN pre-authentication ethertype
unconditionally (and IMHO, incorrectly) into the control port.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 15:53:02 +03:00
Jouni Malinen
bb9e3935dd driver: Add second driver capability flags bitmap
All 64 bits of the capability flags bitmap are used, so add a new
variable to hold future capability bits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 15:53:02 +03:00
Jouni Malinen
52ed13b78d tests: Move csa_supported() into utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
0b21877185 tests: Move clear_scan_cache() and set_world_reg() to utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
1bba048d78 tests: Move vht_supported() into utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
31bdd8b7c7 tests: Move check_sae_capa() into utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
40341e16a5 tests: Move check_wep_capa() into utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
7e88ed8e2d tests: Use function decorator to clean up --long processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
b5bf18768f tests: ap_wps_reg_config_tkip to allow no-TKIP hostapd build
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
6255a8ac1f WPS: Convert WPA/TKIP-only to WPA+WPA2 mixed mode credential
This case of accepting WPA/TKIP-only credential based on internal
registrar request to configure an AP to use TKIP was still remaining
while all the WPS cases were supposed to enable mixed mode
automatically. This is bit of a corner case since this is based on
explicit local request to configure TKIP, but anyway, convert this one
as well to allow WPA2/CCMP to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
7162c6ecf5 tests: Use SAE instead of WPA/TKIP in ap_multi_bss_acs
This makes the test case work with no-TKIP hostapd builds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
48ac765919 tests: ap_wpa2_eap_assoc_rsn to allow TKIP-disabled hostapd build
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
d0b382fd11 tests: ap_wps_init to allow TKIP-disabled hostapd build
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
7b82d0bd58 tests: Skip test cases where hostapd does not support TKIP
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
21cf2c5baf tests: Skip more tests based on missing TKIP support
This makes it more convenient to run tests with builds that disable
TKIP/WPA(v1) support completely.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
de5bf2d199 tests: Do not enable TKIP group cipher for FT tests without need
Change run_roams() default to CCMP-only and enable TKIP only in the test
case that needs this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Disha Das
6b1c590ebb Allow TKIP support to be removed from build
Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from
hostapd and wpa_supplicant builds. This disables use of TKIP as both the
pairwise and group cipher. The end result does not interoperate with a
WPA(v1)-only device or WPA+WPA2 mixed modes.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
11bd6ea60e tests: sigma_dut controlled AP with FT and RSNXE Used mismatch
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 23:58:36 +03:00
Jouni Malinen
b654552247 tests: FT-SAE AP and unexpected RSNXE Used in ReassocResp
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 23:39:57 +03:00
Jouni Malinen
a6c689d354 FT: Testing override for RSNXE Used subfield in FTE (AP)
Allow hostapd to be requested to override the RSNXE Used subfield in FT
reassociation case for testing purposes with "ft_rsnxe_used=<0/1/2>"
where 0 = no override, 1 = override to 1, and 2 = override to 0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 23:39:57 +03:00
Jouni Malinen
7ad6016e19 tests: sigma_dut controlled FT protocol with RSNXE Used mismatch
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 15:44:42 +03:00
Jouni Malinen
9b222b6130 nl80211: Remove unnecessary inclusion of l2_packet.h
The only l2_packet use within this file was removed by commit
d12dab4c6f ("nl80211: Use non-receiving socket for EAPOL TX").

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 19:28:05 +03:00
Jouni Malinen
6ac48fd9e8 tests: FT-SAE AP and unexpected RSNXE Used in ReassocReq
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Jouni Malinen
b2d8dc59f4 FT: Testing override for RSNXE Used subfield in FTE
Allow wpa_supplicant to be requested to override the RSNXE Used subfield
in FT reassociation case for testing purposes with "SET ft_rsnxe_used
<0/1/2>" where 0 = no override, 1 = override to 1, and 2 = override to
0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Jouni Malinen
5344af7d22 FT: Discard ReassocReq with mismatching RSNXE Used value
Discard the FT Reassociation Request frame instead of rejecting it
(i.e., do not send Reassociation Response frame) if RSNXE Used is
indicated in FTE, but no RSNXE is included even though the AP is
advertising RSNXE.

While there is not really much of a difference between discarding and
rejecting the frame, this discarding behavior is what the standard says
for this type of an error case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Jouni Malinen
2012a26d0f tests: AP may discard FT ReassocReq in ap_ft_sae_h2e_downgrade_attack
This is in preparation for a hostapd implementation change on how to
address the unexpected RSNXE Used field value in FTE during FT
reassociation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Edayilliam Jayadev
af0178c75b Add vendor attributes indicating number of spectral detectors
Add per bandwidth capability attributes which indicate the number of
spectral detectors used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-07 23:05:26 +03:00
Edayilliam Jayadev
7a510a97ba Add an attribute for secondary 80 MHz span of agile spectral scan
Add an attribute QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_FREQUENCY_2
for describing the secondary 80 MHz span of agile spectral scan.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-07 23:03:30 +03:00
Jouni Malinen
24a6bca704 PKCS#1: Debug dump invalid Signature EB
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 20:13:26 +03:00
Jouni Malinen
f8d8b7d92d tests: Enable dumping of key information in test-x509v3
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 20:12:59 +03:00
Jouni Malinen
eac6eb7024 X509: Use unique debug prints for unused bits entries
This makes it easier to understand which X.509 BIT STRING value has the
unused bits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 19:59:47 +03:00
Jouni Malinen
63ccec5433 tests: Remove test-x509
This has been obsoleted by tests/fuzzing/x509.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 19:38:41 +03:00
Jouni Malinen
d73bbae492 wlantest: Do not include rt library for OS X builds
That is not needed or available by default, so simply drop it from the
build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 18:53:59 +03:00
Jouni Malinen
d4c3964117 wlantest: Link without libwlantest
The ar operations with embedded libraries were not exactly portable
or strictly speaking necessary. Drop that library completely to make
this more portable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 18:53:59 +03:00
Jouni Malinen
c25dc978a6 wlantest: Comment out Linux packet socket from OS X build
For now, allow wlantest to be built on OS X without support for
live sniffer capturing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 18:53:59 +03:00
Jouni Malinen
e13f836dde wlantest: Comment out ICMP processing from OS X builds
For now, allow this to be compiled without ICMP support.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 18:53:59 +03:00
Jouni Malinen
e9db8b59c9 wlantest: Use BSD compatible UDP header struct
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 18:53:59 +03:00
Jouni Malinen
ec182d5e93 tests: SAE/PMF roam
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 23:57:18 +03:00
Jouni Malinen
153333ef6b FT RRB: Remove confusing debug print about extra data
The "FT: Ignore extra data in end" hexdump is quite confusing since it
shows all the IEs that were actually either processed or forwarded.
There is no code path that could reach this debug print with actual real
extra data. Remove it and the dead increment of pos to avoid warnings
from static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 23:42:05 +03:00
Jouni Malinen
9dd5373122 tests: FT+PMF roaming with skip_prune
Verify hostapd behavior during FT protocol processing when a STA entry
is still present in the AP and that association has PMF negotiated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 23:32:12 +03:00
Jouni Malinen
d867e11811 FT: Remove and re-add STA entry after FT protocol success with PMF
Allow STA entry to be removed and re-added to the driver with PMF is
used with FT. Previously, this case resulted in cfg80211 rejecting STA
entry update after successful FT protocol use if the association had not
been dropped and it could not be dropped for the PMF case in
handle_auth().

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 21:53:10 +03:00
Jouni Malinen
af23f3a849 tests: New style fuzzing tool for DPP URI parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 20:09:30 +03:00
Jouni Malinen
41a1032449 tests: New style fuzzing tool for SAE commit parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 19:51:46 +03:00
Jouni Malinen
97beccc838 SAE: Fix build without DPP/OWE/ERP
SAE needs sha256-kdf.c to be included in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 18:11:11 +03:00
Thomas Pedersen
fe4c0ea723 tests: Enable MACsec testing by default in the VM kernel
Include support for MACsec testing in the (vm) kernel by default.

Don't include support in the example hostapd or wpa_supplicant configs
yet since that would potentially break the build on older distributions
like Ubuntu 16.04, which is supported until April 2021.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-04-04 17:25:30 +03:00