Commit graph

14846 commits

Author SHA1 Message Date
Jouni Malinen
d137275131 tests: Remove openssl header files from code coverage report
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-06 13:21:56 +03:00
Jouni Malinen
1c7e61a35a wolfssl: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-06 13:12:37 +03:00
Jouni Malinen
7122a02fa5 SAE: Fix order_len for FFC groups
The KCK, PMK, and PMKID derivation fix broke SAE key derivation for all
FFC groups. Fix that by setting sae->tmp->order_len for FFC groups (it
was only set for ECC groups).

Fixes: ac734a342e ("SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 16:52:20 +03:00
Jouni Malinen
d22f090245 tests: Wait after rekeying a bit before running connectivity test
The AP side may not have had enough time to configure the new TK into
the driver if the connectivity test is started immediately after the
station side event.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 13:49:15 +03:00
Jouni Malinen
f13de00b89 tests: Wait for AP side connection event before disconnecting
This makes the test cases more robust especially when testing with UML
time travel.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 13:47:08 +03:00
Jouni Malinen
422e73d623 DPP: Indicate authentication success on ConfReqRX if needed
It is possible to receive the Configuration Request frame before having
seen TX status for the Authentication Confirm. In that sequence, the
DPP-AUTH-SUCCESS event would not be indicated before processing the
configuration step and that could confuse upper layers that follow the
details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS
when receiving the Configuration Request since the Enrollee/Responser
has clearly receive the Authentication Confirm even if the TX status for
it has not been received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-05 13:31:14 +03:00
Jouni Malinen
938c6e7b3d tests: Wait for AP-STA-CONNECT before running connectivity test
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.

Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.

Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
752e7a33e8 tests: Close pyrad server sockets explicitly
This helps in avoiding issues with another test case trying to bind to
the same UDP port and failing due to the previous use by pyrad still
being open. This showed up with failures in radius_ipv6 when it followed
a test case like eap_proto_tls with suitable set of test cases between
them.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-05 00:10:32 +03:00
Jouni Malinen
d001fe31ab OpenSSL: Handle EVP_PKEY_derive() secret_len changes for ECDH
It looks like EVP_PKEY_derive() may change the returned length of the
buffer from the initial length determination (NULL buffer) to the
fetching of the value. Handle this by updating the secret length based
on the second call instead of the first one. This fixes some cases where
ECDH result has been used with extra data (zeros in the end) with OWE or
FILS PFS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-04 15:03:08 +03:00
Jouni Malinen
29ef1c5ee4 DPP: Use a common helper function for ECDH operations
This replaces the separately implemented ECDH operations with a single
helper function to avoid code duplication. In addition, this introduces
a workaround for strange OpenSSL behavior where the first
EVP_PKEY_derive(NULL) call to learn the size of the output shared secret
returns unexpectedly large buffer (72 octets when expected 32 octets for
group 19). It is not known what is causing this, but such behavior seems
to be showing up every now and then at least when running hwsim test
cases under UML and apparently mainly (only?) in the sigma_dut
controller cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-04 12:10:20 +03:00
Jouni Malinen
48e999e9a5 tests: Check against all zero PMKIDs in sae_groups
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-03 17:04:01 +03:00
Jouni Malinen
ac734a342e SAE: Fix KCK, PMK, and PMKID derivation for groups 22, 23, 24
IEEE Std 802.11-2016 is not exactly clear on the encoding of the bit
string that is needed for KCK, PMK, and PMKID derivation, but it seems
to make most sense to encode the (commit-scalar + peer-commit-scalar)
mod r part as a bit string by zero padding it from left to the length of
the order (in full octets).

The previous implementation used the length of the prime (in full
octets). This would work for KCK/PMK, but this results in deriving all
zero PMKIDs for the groups where the size of the order is smaller than
the size of the prime. This is the case for groups 22, 23, and 24.
However, those groups have been marked as being unsuitable for use with
SAE, so this fix should not really have a practical impact anymore.
Anyway, better fix it and document this clearly in the implementation
taken into account the unclarity of the standard in this area.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-03 17:00:39 +03:00
Jouni Malinen
e57e3f12b4 tests: Update SAE suitable_groups list to match implementation
Remove the groups that use Brainpool curves from the test case so that
this matches the updated implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-03 16:32:14 +03:00
Jouni Malinen
c65168ccd2 OpenSSL: Fix crypto_bignum_to_bin() with padlen == 0
The earlier change to add support for BN_bn2binpad() and
BN_bn2bin_padded() broke this function for cases where no padding is
used (padlen == 0). Those would have always failed after the changes and
the function would return -1. There are no such cases in the current
hostap.git, so this did not have any real issues, but anyway, better fix
this function to match its documentation.

Fixes: 1e237903f5 ("OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-03 16:28:02 +03:00
Arend van Spriel
cb28bd52e1 nl80211: Use separate flag for 4-way handshake offload
Commit d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload
in connect") used the req_key_mgmt_offload flag to indicate to the
driver that it should offload the 802.1X handshake. However, this field
was existing and used for a different offload API. This causes
wpa_supplicant to send a connect request without the WANT_1X_HS flag and
the subsequent set-pmk is rejected causing the connection to fail. Fix
that by introducing a new flag req_handshake_offload so the offloads are
no longer entangled.

Fixes: d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload in connect")
Reported-by: Stefan Wahren <wahrenst@gmx.net>
Tested-by: Stefan Wahren <wahrenst@gmx.net>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-08-01 15:52:48 +03:00
Jouni Malinen
ac069a31de tests: Make scan_bss_expiration_count more robust with UML
Test case sequence "persistent_group_channel scan_bss_expiration_count"
was failing with UML when using time travel. This seemed to be because
there was no explicit wait to confirm that the AP has been fully
disabled before running the next scan. Work around this by verifying
that hostapd has terminated the BSS and waiting a bit after that before
proceeding.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-01 15:44:22 +03:00
Jouni Malinen
bef411a91b tests: hostapd eap_sim_id options
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-01 10:46:07 +03:00
Jouni Malinen
6bb11c7a40 EAP-SIM/AKA server: Allow pseudonym/fast reauth to be disabled
The new hostapd configuration option eap_sim_id can now be used to
disable use of pseudonym and/or fast reauthentication with EAP-SIM,
EAP-AKA, and EAP-AKA'.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-01 10:36:11 +03:00
Jouni Malinen
c1b2365214 EAP-SIM/AKA: Do not allow anonymous@realm "pseudonym" to be cleared
If the EAP-SIM/AKA server does not provide a new pseudonym and the
locally configured "pseudonym" in anonymous_identity is actually an
anonymous identitity instead of a real EAP-SIM/AKA pseudonym, do not
clear the anonymous_identity network profile parameter. This is needed
to avoid forgetting the anonymous identity when going through
EAP-SIM/AKA authentication and then reverting back to using IMSI-based
(e.g., encrypted) identity.

Fixes: 4df4133917 ("EAP-SIM/AKA: Add support for anonymous@realm")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-31 22:33:04 +03:00
Brian Norris
cc2fd94258 D-Bus: Demote timeout/flush messages to MSG_MSGDUMP
We intentionally don't emit property-changed signals on every property
update -- for "less timing critical" messages we delay up to 5
milliseconds waiting to see if we can batch them together. When the
timer hits, we emit the signal anyway and (potentially) log this
message. This amounts to effectively tracing every property update,
which can be quite excessive.

Lower this to MSGDUMP, so MSG_DEBUG can remain slightly more sane.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2019-07-31 22:06:33 +03:00
Masashi Honma
9cff5c320c tests: Fix ap_vht160_no_dfs false negative by using common finalizer
ap_vht160_no_dfs fails with this message:

---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-07-30 23:47:04 +03:00
Masashi Honma
cbe7e44d1b tests: Fix wep_ht_vht false negative by using common finalizer
wep_ht_vht fails with this message:

---------------
wlan0: Country code not reset back to 00: is SE
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-07-30 23:46:57 +03:00
Masashi Honma
cb5f7f552f tests: Fix ap_wps_conf_5ghz false negative by using common finalizer
ap_wps_conf_5ghz fails with this message:

---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-07-30 23:46:52 +03:00
Masashi Honma
8c31be6f61 tests: Fix ap_acs_vht160 false negative by using common finalizer
ap_acs_vht160 fails with this message:

---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-07-30 23:46:46 +03:00
Masashi Honma
b23973aa86 tests: Fix ap_acs_vht40 false negative by using common finalizer
ap_acs_vht40 fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-07-30 23:46:41 +03:00
Masashi Honma
ccbd5a64bc tests: Fix ap_acs_vht false negative by using common finalizer
ap_acs_vht fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-07-30 23:46:36 +03:00
Masashi Honma
07b60dfa42 tests: Fix ap_acs_5ghz_40mhz false negative by using common finalizer
ap_acs_5ghz_40mhz fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-07-30 23:46:31 +03:00
Masashi Honma
29fe92b173 tests: Fix ap_acs_5ghz false negative by using common finalizer
ap_acs_5ghz fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-07-30 23:46:26 +03:00
Masashi Honma
faaaa4e2a9 tests: Fix rrm_beacon_req_passive_scan_vht false negative by using common finalizer
rrm_beacon_req_passive_scan_vht fails with this message:

---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------

hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.

wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-07-30 23:45:52 +03:00
Brian Norris
3b726df827 nl80211: Missing sysctl flags aren't fatal
The relevant flags were only added in Linux 4.6, so we shouldn't
complain because they're missing. Also, they're always missing if a
device is being removed (e.g., 'iw dev wlan0 del', or if the device is
in the process of resetting itself). So kill those 2 birds with 1 stone:
if we can't find the file, just silently skip it.

Also, we probably should *actually* propagate the error if we had a
write failure.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2019-07-30 20:01:13 +03:00
Jouni Malinen
96e60047c9 tests: RADIUS request attributes
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-30 19:58:43 +03:00
Terry Burton
f4111ff3d1 Extra RADIUS request attributes from SQLite
Add an SQLite table for defining per station MAC address version of
radius_auth_req_attr/radius_acct_req_attr information. Create the
necessary table and index where this doesn't exist. Select attributes
from the table keyed by station MAC address and request type (auth or
acct), parse and apply to a RADIUS message.

Add radius_req_attr_sqlite hostapd config option for SQLite database
file. Open/close RADIUS attribute database for a lifetime of a BSS and
invoke functions to add extra attributes during RADIUS auth and
accounting request generation.

Signed-off-by: Terry Burton <tez@terryburton.co.uk>
2019-07-30 19:58:09 +03:00
Terry Burton
74707def8f Move hostapd_parse_radius_attr() into ap_config.c
We will want to parse RADIUS attributes in config file format when
retrieving them from an SQLite database.

Signed-off-by: Terry Burton <tez@terryburton.co.uk>
2019-07-30 19:42:48 +03:00
Jouni Malinen
1e5ea68d1f mka: Accept last two used MNs in Peers List of a received MKPDU
Previously, check for local MI,MN in a peer's Peers List accepted only
the cases that include the last used MN from an MKPDU sent by the local
device. This was problematic since it was possible to synchronize MKPDU
transmission between two devices in a way that made them always miss the
last MKPDU from the other device before filling in the Peers List.

Relax this matching requirement of "acceptably recent MN" to mean both
the last used MN and the one used just before it (i.e., copied from
either of the last two MKPDUs sent by the local device) are accepted.

While this might help in some real world scenarios in making the
protocol converge more quickly, the main help from this is to fix
consistent hwsim test cases failures in macsec_psk_ns when using UML
with time travel option which happened to practically guarantee the
inconvenient timing of MKPDU transmission/reception that ended up with
the MKPDU processing to see MI,MN with MN being the last used MN minus
1.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-29 17:05:40 +03:00
Yu Wang
0136864032 P2P: Pass HE flag to GO negotiation result
In order to set up P2P connection with HE capability,
the 'he' flag should be passed to GO negotiation result.

Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
2019-07-29 11:48:09 +03:00
Jouni Malinen
eb42db4a74 tests: Extend ap_pmf_inject_auth to cover injection of AssocReq
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-28 23:51:39 +03:00
Jouni Malinen
876c5eaa6d dragonfly: Disable use of groups using Brainpool curves
Disable groups that use Brainpool curves for now since they leak more
timing information due to the prime not being close to a power of two.
This removes use of groups 28, 29, and 30 from SAE and EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-27 23:36:27 +03:00
Jouni Malinen
14b408c04c tests: Remove testing of EAP-pwd with Brainpool curves
This is in preparation of marking groups using Brainpool curves disabled
for SAE and EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-27 23:36:27 +03:00
Jouni Malinen
4aaddecdd8 tests: Handle test retries through the same queue
This removes the separate rerun step from the parallel-vm.py processing
and instead, simply requeues the failed test cases into the same queue
that is used for the initial run. This is simpler and more efficient
since reruns start as soon as any VM is ready for processing them
instead of having to wait for all VMs to complete the first round.
Furthermore, this allows VMs to be stopped sooner when no more test
cases remain and that is helpful especially with the time travel patches
that make the wait-for-next-test step in the VM use all available CPU.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-07-27 20:19:28 +03:00
Sunil Dutt
968520da8f nl80211: Add WMM parameters while updating TDLS peer entry
The AP mode fix for removing NL80211_ATTR_STA_WME from
NL80211_CMD_SET_STATION did not consider the TDLS case and that resulted
in incorrectly removing WMM parameters from TDLS STA entry updates. Fix
this by considering the WPA_STA_TDLS_PEER flag similarly to the other
update parameters.

Fixes: 6d14b98fc6 ("nl80211: Do not add WMM parameters when updating an existing STA entry")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-26 15:42:22 +03:00
Disha Das
5a511924b1 wpa_cli: Add support to process DPP action events in action script
Signed-off-by: Disha Das <dishad@codeaurora.org>
2019-07-24 20:16:02 +03:00
Jouni Malinen
64e37be945 Avoid nested enum wpas_mode declaration to allow C++ compilation
Move enum wpas_mode declaration to the global scope to avoid issues with
the recently added inline function wpas_mode_to_ieee80211_mode() using
it as an argument. This fixes C++ compilation issues with cases that
include wpa_supplicant_i.h.

Fixes: 3459c54ac7 ("mesh: Add support for HE mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:49:24 +03:00
Jouni Malinen
fe2e1edf43 EAP-SIM server: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Fixes: 1c16b257a0 ("EAP-SIM: Add Session-Id derivation during fast-reauth")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:35:14 +03:00
Jouni Malinen
cfc9ebea03 EAP-AKA server: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Fixes: 5eefa8115b ("EAP-AKA: Add Session-Id derivation during fast-reauth")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:34:11 +03:00
Jouni Malinen
bd04140435 trace: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:33:06 +03:00
Jouni Malinen
fc03ea2c1f DPP: Avoid void pointer arithmetic
This is a compiler specific extension and not compliant with the C
standard.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 19:32:52 +03:00
Jouni Malinen
61ec2353f8 tests: AKM suite selector reporting
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 12:59:45 +03:00
Jouni Malinen
d1b1f9fa9a Report WPA/RSN protocol and AKM suite selector in STA MIB
The new "wpa" and "AKMSuiteSelector" entries in hostapd "STA <addr>"
control interface output can be used to determine the negotiated WPA/RSN
protocol and AKM suite of an associated station.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 12:58:49 +03:00
Jouni Malinen
43aafef8df Add missed wpa_akm_to_suite() selectors
These SAE, OWE, DPP, and OSEN AKM suite selectors were covered in the
reverse conversion in rsn_key_mgmt_to_bitfield(), but were missing from
wpa_akm_to_suite(). Add them to make AKM suite selector reporting more
accurate in RADIUS Accounting messages (and future users of this
function).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-24 12:48:44 +03:00
Jouni Malinen
bfb6a482f6 dragonfly: SAE/EAP-pwd min PWE derivation iteration count to shared code
Use a shared function to determine the k parameter, i.e., the minimum
number of iterations of the PWE derivation loop, for SAE and EAP-pwd.
This makes it easier to fine-tune the parameter based on the negotiated
group, if desired.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-23 21:21:30 +03:00