Commit graph

11208 commits

Author SHA1 Message Date
Jouni Malinen
3e66f78914 P2P: Make sure GO start does not miss connect_without_scan
It looks like there was a possible sequence for wpa_s->scan_req to be
MANUAL_SCAN_REQ at the moment a GO is to be started. This could result
in the "Request scan (that will be skipped) to start GO" to actually not
skip the scan and end up stuck waiting for something external to trigger
a scan before the GO could be started. Fix this by clearing
wpa_s->scan_req when deciding to start the GO.

This issue could be hit at least by first enabling autoscan and then
issuing P2P_GROUP_ADD. Other sequences that set wpa_s->scan_req to
MANUAL_SCAN_REQ without going through wpa_supplicant_scan() to clear it
immediately could also have similar effect (and there is even a small
window for the wpa_supplicant_scan() call to happen only after the
P2P_GROUP_ADD command is processed, so this could potentially have
happened even with SCAN + P2P_GROUP_ADD).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-15 16:56:49 +03:00
Jouni Malinen
16dffef1e6 tests: Work around grpform_pbc_overlap robustness issues
Since P2P Client scan case is now optimzied to use a specific SSID, the
WPS AP will not reply to that and the scan after GO Negotiation can
quite likely miss the AP due to dwell time being short enoguh to miss
the Beaco frame. This has made the test case somewhat pointless, but
keep it here for now with an additional scan to confirm that PBC
detection works if there is a BSS entry for a overlapping AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-15 16:56:49 +03:00
Jouni Malinen
c7caac56b7 nl80211: Fix send_frame freq for IBSS
bss->freq was not updated for IBSS, so whatever old value was stored
from a previous AP mode operation could end up having been used as the
channel when trying to send Authentication frames in an RSN IBSS. This
resulted in the frame not sent (cfg80211 rejects it) and potentially not
being able to re-establish connection due to 4-way handshake failing
with replay counter mismatches. Fix this by learning the operating
channel of the IBSS both when join event is received and when a
management frame is being transmitted since the IBSS may have changed
channels due to merges.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-15 16:56:49 +03:00
Jouni Malinen
c126cb4d1c tests: Make pmksa_cache_on_roam_back more robust
The single channel scan while associated to another AP and immediately
after starting the second AP can miss the Probe Response frame
especially under heavy CPU load. Avoid false error reports by allowing
multiple scan rounds to be performed. wpas_ctrl_bssid_filter is also
modified to take into account different get_bss() behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-15 16:56:45 +03:00
Rashmi Ramanna
28fa4eb2b2 P2P: Fix scan optimization for GO during persistent group invocation
Commit 41d5ce9e0b was intended to scan for
GO on the negotiated channel for few iterations, but it did not work
correctly due to incorrect operator being used. Fix this by requiring
both conditions to be met for the single channel scan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-13 15:49:06 +03:00
Edhar, Mahesh Kumar
7b42862ac8 P2P: Validate GO operating channel on channel list changes
On receiving CHANNEL_LIST_CHANGED event from driver, verify that local
GO (if any) is operating in valid frequency. If not, we should remove
the group and reform on valid frequency. Indicate this similarly to the
avoid-frequency notification (i.e., a control interface message for
upper layers to react to this for now; potentially CSA later).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-12 19:43:59 +03:00
Alexandru Costache
fb2ac53df1 Remove leftover timeouts on cleanup
Signed-off-by: Alexandru Costache <alexandru.costache.100@gmail.com>
2014-05-12 19:43:59 +03:00
Jouni Malinen
4162db59ae tests: DUP_NETWORK
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-12 19:43:59 +03:00
Dmitry Shmidt
1c330a2fdc Add 'dup_network <id_s> <id_d> <name>' command
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-12 19:43:56 +03:00
Hannu Mallat
316f92cd33 dbus: Reorder deauthentication and cleanup calls when removing a network
Valgrind indicates reference to already freed memory if function
wpa_config_remove_network() is called prior to calling
wpa_supplicant_deauthenticate(), and this can lead to a crash.
Inverting the call order fixes the problem.

Signed-off-by: Hannu Mallat <hannu.mallat@jollamobile.com>
2014-05-12 18:05:38 +03:00
Jouni Malinen
0878241778 tests: Clear cfg80211 scan results before HT coex tests
This is needed to avoid incorrect failures based on neighboring BSSes
from earlier test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 23:01:10 +03:00
Jouni Malinen
5a0c15174b tests: UNAUTH-TLS
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
8ba89e0a32 tests: EAP-pwd with server fragmenting messages
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
f4626235de EAP-pwd server: Allow fragment_size to be configured
Previously, the fragment_size parameter was ignored and the default
value of 1020 was hardcoded.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
47a74ad81a tests: EAP-IKEv2 fragmentation
This adds a test case for the server fragmenting an EAP-IKEv2 message.
In addition, the fragmentation threshold is made shorter to trigger
fragmentation for all messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
c876dcd70f EAP-IKEv2: Allow frag ack without integrity checksum
RFC 5106 is not exactly clear on the requirements for the "no data"
packet that is used to acknowledge a fragmented message. Allow it to be
processed without the integrity checksum data field since it is possible
to interpret the RFC as this not being included. This fixes reassembly
of fragmented frames after keys have been derived.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
46e094bd6f tests: EAP-FAST and missing PAC configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
c6ab1cdbc5 tests: EAP-FAST using binary PAC file format
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
4b2d209824 tests: EAP-pwd with invalid group
This could result in wpa_supplicant segmentation fault prior to the
EAP-pwd fix for error case handling.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:24:05 +03:00
Jouni Malinen
0f73c642cc EAP-pwd: Fix processing of group setup failure
If invalid group was negotiated, compute_password_element() left some of
the data->grp pointer uninitialized and this could result in
segmentation fault when deinitializing the EAP method. Fix this by
explicitly clearing all the pointer with eap_zalloc(). In addition,
speed up EAP failure reporting in this type of error case by indicating
that the EAP method execution cannot continue anymore on the peer side
instead of waiting for a timeout.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:24:05 +03:00
Jouni Malinen
cb4ac38b15 tests: Fix scan_bss_operations
The BSS id numbers were assumed to start from 0 at the beginning of this
test case, but that is only the case if this is run as the first test
after starting wpa_supplicant. Fix the test case to figure out the id
values dynamically to avoid false errors.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:24:05 +03:00
Jouni Malinen
e2a90a4c79 tests: EAP-SIM/AKA configuration parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:24:05 +03:00
Jouni Malinen
13e2574f7d EAP-pwd peer: Export Session-Id through getSessionId callback
EAP-pwd was already deriving the EAP Session-Id, but it was not yet
exposed through the EAP method API.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:22:55 +03:00
Jouni Malinen
cfdb32e88f eapol_test: Check EAP-Key-Name
The new command line argument -e can be used to request the server to
send EAP-Key-Name in Access-Accept. If both the local EAP peer
implementation and server provide the EAP Session-Id, compare those
values and indicate in debug log whether a match was seen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:22:37 +03:00
Jouni Malinen
251c53e084 RADIUS: Define EAP-Key-Name
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:10:03 +03:00
Jouni Malinen
5b1aaf6cfb tests: EAP-SIM/AKA/AKA' with SQLite
Extend EAP-SIM/AKA/AKA' test coverage by setting up another
authentication server instance to store dynamic SIM/AKA/AKA' information
into an SQLite database. This allows the stored reauth/pseudonym data to
be modified on the server side and by doing so, allows testing fallback
from reauth to pseudonym/permanent identity.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 17:57:28 +03:00
Jouni Malinen
04cad507e1 EAP-SIM peer: Fix counter-too-small message building
The extra data (nonce_s) used in this message was pointing to the
parsed, decrypted data and that buffer was previously freed just before
building the new message. This resulted in use of freed data and
possibly incorrect extra data value that caused the authentication
attempt to fail. Fix this by reordering the code to free the decrypted
data only after the new message has been generated. This was already the
case for EAP-AKA/AKA', but somehow missing from EAP-SIM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 17:57:28 +03:00
Jouni Malinen
32dca985c7 tests: EAP with expanded Nak
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 21:33:49 +03:00
Jouni Malinen
633e364b60 tests: EAP roundtrip limit
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 21:20:54 +03:00
Jouni Malinen
37ffe7c568 tests: HS 2.0 with FT
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 16:17:41 +03:00
Jouni Malinen
270c9a43e6 Interworking: Allow FT to be used for connection
This extends Interworking network selection to enable FT-EAP as an
optional key_mgmt value to allow FT to be used instead of hardcoding
WPA2-Enterprise without FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 16:15:20 +03:00
Eduardo Abinader
81ed4991ae Remove duplicated ibss_rsn_deinit() call
No need to call ibss_rsn_deinit() again since it is already being called
by wpa_supplicant_mark_disassoc().

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-10 13:48:34 +03:00
Jouni Malinen
144f10446a X.509: Fix v3 parsing with issuerUniqueID/subjectUniqueID present
The current position pointer was not updated when issuerUniqueID or
subjectUniqueID were present. This could result in extensions being
ignored.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 13:13:47 +03:00
Jouni Malinen
2e3f286253 tests: Fix couple of compiler warnings
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 13:13:39 +03:00
Jouni Malinen
f1aac5c488 tests: Add 4.16.1 and 4.16.2 from NIST PKITS
This adds two more X.509 path validation test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 13:13:20 +03:00
Sunil Dutt
0f1034e388 P2P: Refrain from performing extended listen during P2P connection
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
8d0dd4eebc Add macsec_qca driver wrapper
This is based on driver_wired.c and provides driver interface for the
QCA MACsec driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
dd10abccc8 MACsec: wpa_supplicant integration
Add MACsec to the wpa_supplicant build system and configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
887d9d01ab MACsec: Add PAE implementation
This adds initial implementation of IEEE Std 802.1X-2010 PAE for MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
7baec808ef MACsec: Add driver_ops
This defines new driver_ops to be used with MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
4e9528cce3 MACsec: Add common IEEE 802.1X definitions
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
3bcfab8794 MACsec: Add define for EAPOL type MKA
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
0836c04b30 MACsec: Allow EAPOL version 3 to be configured
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
49be483b28 Add function to fetch EAP Session-Id from EAPOL supplicant
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Chandrasekaran, Manishekar
ea40a575ae nl80211: Use max associated STAs information in AP mode
Propagate max associated STAs in AP mode advertised by the driver to
core wpa_supplicant implemantion. This allows wpa_supplicant to update
the P2P GO group limit information automatically without having to
configure this limit manually. The information (if available) is also
used in the generic AP implementation to control maximum number of STA
entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 17:12:19 +03:00
Jouni Malinen
2cebdee66d Fix MinGW build
No need to use ENOBUFS within core wpa_supplicant, so just replace it
with -1 to work arounds MinGW build issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 18:59:12 +03:00
Eliad Peller
e4fa8b120b wpa_supplicant: Add Wake-on-WLAN configuration support
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.

For now, support only simple flags. More complex triggers can be added
later on.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-04-29 18:59:12 +03:00
Dmitry Shmidt
959214b260 Android: Use extended P2P functionality (ANDROID_P2P) for all vendors
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-29 18:59:12 +03:00
Arik Nemtsov
9a41232165 TDLS: Fully tear down existing link before setup
Disabling the link only clears the local state. The remote peer will
still think we are connected and disallow the setup.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-04-29 18:59:12 +03:00
Arik Nemtsov
c04b4651f7 TDLS: Disable links during AP deauth in external flow
When de-authenticating from the AP, disable each TDLS link after
sending the teardown packet. Postpone the reset of the peer state
data until after the link disable request.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-04-29 18:59:12 +03:00