Commit graph

9583 commits

Author SHA1 Message Date
Jouni Malinen
5b1aaf6cfb tests: EAP-SIM/AKA/AKA' with SQLite
Extend EAP-SIM/AKA/AKA' test coverage by setting up another
authentication server instance to store dynamic SIM/AKA/AKA' information
into an SQLite database. This allows the stored reauth/pseudonym data to
be modified on the server side and by doing so, allows testing fallback
from reauth to pseudonym/permanent identity.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 17:57:28 +03:00
Jouni Malinen
04cad507e1 EAP-SIM peer: Fix counter-too-small message building
The extra data (nonce_s) used in this message was pointing to the
parsed, decrypted data and that buffer was previously freed just before
building the new message. This resulted in use of freed data and
possibly incorrect extra data value that caused the authentication
attempt to fail. Fix this by reordering the code to free the decrypted
data only after the new message has been generated. This was already the
case for EAP-AKA/AKA', but somehow missing from EAP-SIM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 17:57:28 +03:00
Jouni Malinen
32dca985c7 tests: EAP with expanded Nak
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 21:33:49 +03:00
Jouni Malinen
633e364b60 tests: EAP roundtrip limit
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 21:20:54 +03:00
Jouni Malinen
37ffe7c568 tests: HS 2.0 with FT
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 16:17:41 +03:00
Jouni Malinen
270c9a43e6 Interworking: Allow FT to be used for connection
This extends Interworking network selection to enable FT-EAP as an
optional key_mgmt value to allow FT to be used instead of hardcoding
WPA2-Enterprise without FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 16:15:20 +03:00
Eduardo Abinader
81ed4991ae Remove duplicated ibss_rsn_deinit() call
No need to call ibss_rsn_deinit() again since it is already being called
by wpa_supplicant_mark_disassoc().

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-10 13:48:34 +03:00
Jouni Malinen
144f10446a X.509: Fix v3 parsing with issuerUniqueID/subjectUniqueID present
The current position pointer was not updated when issuerUniqueID or
subjectUniqueID were present. This could result in extensions being
ignored.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 13:13:47 +03:00
Jouni Malinen
2e3f286253 tests: Fix couple of compiler warnings
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 13:13:39 +03:00
Jouni Malinen
f1aac5c488 tests: Add 4.16.1 and 4.16.2 from NIST PKITS
This adds two more X.509 path validation test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 13:13:20 +03:00
Sunil Dutt
0f1034e388 P2P: Refrain from performing extended listen during P2P connection
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
8d0dd4eebc Add macsec_qca driver wrapper
This is based on driver_wired.c and provides driver interface for the
QCA MACsec driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
dd10abccc8 MACsec: wpa_supplicant integration
Add MACsec to the wpa_supplicant build system and configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
887d9d01ab MACsec: Add PAE implementation
This adds initial implementation of IEEE Std 802.1X-2010 PAE for MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
7baec808ef MACsec: Add driver_ops
This defines new driver_ops to be used with MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
4e9528cce3 MACsec: Add common IEEE 802.1X definitions
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
3bcfab8794 MACsec: Add define for EAPOL type MKA
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
0836c04b30 MACsec: Allow EAPOL version 3 to be configured
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
49be483b28 Add function to fetch EAP Session-Id from EAPOL supplicant
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Chandrasekaran, Manishekar
ea40a575ae nl80211: Use max associated STAs information in AP mode
Propagate max associated STAs in AP mode advertised by the driver to
core wpa_supplicant implemantion. This allows wpa_supplicant to update
the P2P GO group limit information automatically without having to
configure this limit manually. The information (if available) is also
used in the generic AP implementation to control maximum number of STA
entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 17:12:19 +03:00
Jouni Malinen
2cebdee66d Fix MinGW build
No need to use ENOBUFS within core wpa_supplicant, so just replace it
with -1 to work arounds MinGW build issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 18:59:12 +03:00
Eliad Peller
e4fa8b120b wpa_supplicant: Add Wake-on-WLAN configuration support
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.

For now, support only simple flags. More complex triggers can be added
later on.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-04-29 18:59:12 +03:00
Dmitry Shmidt
959214b260 Android: Use extended P2P functionality (ANDROID_P2P) for all vendors
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-29 18:59:12 +03:00
Arik Nemtsov
9a41232165 TDLS: Fully tear down existing link before setup
Disabling the link only clears the local state. The remote peer will
still think we are connected and disallow the setup.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-04-29 18:59:12 +03:00
Arik Nemtsov
c04b4651f7 TDLS: Disable links during AP deauth in external flow
When de-authenticating from the AP, disable each TDLS link after
sending the teardown packet. Postpone the reset of the peer state
data until after the link disable request.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-04-29 18:59:12 +03:00
Jouni Malinen
b19719aa77 TDLS: Make wpa_tdls_send_teardown() static
This function was not used anywhere outside tdls.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 18:59:12 +03:00
Ilan Peer
52f5877afa nl80211: Take ownership of dynamically added interfaces
Indicate to cfg80211 that interfaces created by the wpa_supplicant
or hostapd are owned by them, and that in case that the socket that
created them closes, these interfaces should be removed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-04-29 18:59:12 +03:00
Eduardo Abinader
e390df0553 nl80211: Cancel rfkill timeout on deinit
Got segfault, when freeing drv and there exists registered timeout for
blocked rfkill. This patch adds cancel timeout to avoid this.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-04-29 17:55:27 +03:00
Jouni Malinen
fa653bf4ad tests: Add more cred parameters into config file test
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 17:25:19 +03:00
Sreenath Sharma
fa258a3df6 HS 2.0 R2: Fix writing of domain_suffix_match cred parameter
This was supposed to end with a newline character so that parameters are
aligned in configuration file.

Signed-off-by: Sreenath Sharma <sreenats@broadcom.com>
2014-04-29 17:25:19 +03:00
Pradeep Reddy POTTETI
bb24229b26 TDLS: Pass peer's capability info to the driver in open mode
Commit 96ecea5eb1 did not consider
to pass the VHT/HT/WMM capabilities of the peer for BSS with
open mode.
Address this issue by passing the capabilities irrespective of
the security mode.

Signed-off-by: Pradeep Reddy POTTETI <c_ppotte@qti.qualcomm.com>
2014-04-29 17:08:13 +03:00
Jouni Malinen
521b7e7925 tests: Verify global control interface before starting each test
This allows control interface issues to be caught in a bit more readable
way in the debug logs. In addition, dump pending monitor socket
information more frequently and within each test case in the log files
to make the output clearer and less likely to go over the socket buffer
limit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 15:20:23 +03:00
Jouni Malinen
60b9422080 tests: ROAM error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 15:05:18 +03:00
Jouni Malinen
59650258fd tests: BSS command parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 15:05:18 +03:00
Jouni Malinen
b102823ddc tests: GET_CAPABILITY special cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 15:05:18 +03:00
Jouni Malinen
657f50df27 tests: SET_CRED/GET_CRED error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 15:05:18 +03:00
Jouni Malinen
7b85a9430f tests: Additional REMOVE_CRED coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 15:05:18 +03:00
Jouni Malinen
5cff0ae2e3 tests: Large number of creds and LIST_CREDS truncation
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 15:05:18 +03:00
Jouni Malinen
733c8acf6f tests: SET/GET_NETWORK failure cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
edb69bd622 tests: SELECT/ENABLE/DISABLE/REMOVE_NETWORK failure cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
4bf1413ea9 tests: SELECT_NETWORK any
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
6257f9c0da tests: WPS PIN provisioning with configured WPS v1.0 AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
0bde923c40 tests: Make ap_wps_init_2ap_pin/pbc more robust
It is possible for the scan to miss a Probe Response frame especially
under heavy load, so try again to avoid reporting invalid failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
91bc6c364f tests: Verify network information in SCAN_RESULTS
This checks WPA/RSN IE parsing result and WEP information in
SCAN_RESULTS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
5f0e59329b tests: Invalid MAC address with BLACKLIST
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
26cf800d11 tests: id_str in network configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
20fd210a56 tests: WPS command error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
0dee3a0a5d tests: Make INTERWORKING_SELECT tests more robust
It is possible for a scan to fail to see Probe Response or Beacon frame
under heavy load (e.g., during a parallel-vm.sh test run) since the
dwell time on a chanenl is quite short. Make the test cases using
INTERWORKING_SELECT more robust by trying again if the first attempt
does not find a matching BSS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
c0333c8dd5 Check rx_mgmt::frame more consistently against NULL
If a driver wrapper misbehaves and does not indicate a frame body in the
event, core hostapd code should handle this consistently since that case
was already checked for in one location.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
d6c6b1fb9d Make sta NULL-check easier for static analyzers
sta == NULL check is already done above based on category !=
WLAN_ACTION_PUBLIC, but that seems to be too complex for some static
analyzers, so avoid invalid reports by explicitly checking for this
again in the WLAN_ACTION_FT case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00