Commit graph

7839 commits

Author SHA1 Message Date
Jouni Malinen
147848ec4d nl80211: Do not add all virtual interfaces to drv->if_indices
Commit 04eff7d5ba or something around that
timeframe may have caused a regression on how drv->if_indices gets used
with wpa_supplicant. Most (curretly likely all) wpa_supplicant virtual
interface use cases should not actually use this. This could result in
issues with P2P group interfaces delivering events to incorrect
interface (parent rather than the group interface). The previous commit
removed some of the issues, but more complete fix is to undo some of
those merged hostapd/wpa_supplicant operations.

Filter add_ifidx() uses based on hostapd vs. wpa_supplicant and iftype
to get closer to the earlier wpa_supplicant behavior for the driver
events from virtual interfaces.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 18:47:41 +03:00
Jouni Malinen
de88430311 nl80211: Fix del_ifidx() with mixed parent interface cases
It is possible for a virtual interface to be added and removed by
different parent interfaces. This can happen, e.g., with P2P group
interfaces if the P2P parent interface does not happen to be the first
entry in the wpa_supplicant global interface list. That first entry is
used to remove the group interface while the addition would have
happened with the dedicated P2P management interface.

This can result in the interface that added a new virtual interface
getting stuck with an obsolete ifindex value in the drv->if_indeces list
and as such, deliver some extra events to incorrect destination wpa_s
instance. In particular, this can result in INTERFACE_DISABLED event
from deletion of a P2P group interface getting delivered incorrectly to
the parent wpa_s instance which would disable that interface even though
the interface remains in enabled state.

Fix this by clearing the removed interface from all if_indeces lists
instead of just the one that was used to delete the interface. This is
the simplest approach since the ifindex is unique and there is no need
to track which interface added the new virtual interface to always hit
the same one when removing the interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 18:16:58 +03:00
Jouni Malinen
5e5818458f tests: Persistent group invitation while GO already running
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 13:53:01 +03:00
Jouni Malinen
84d746c8dd tests: P2P persistent group during concurrent operation
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 13:53:00 +03:00
Jouni Malinen
2d68cfaaec tests: Persistent P2P group re-invocation without persistent reconnect
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 13:53:00 +03:00
Jouni Malinen
829a1b3296 P2P: Clear p2p_auth_invite after each persistent group invitation
This makes the operations more consistent when going through multiple
persistent group re-invocation sequences in a row. Each invitation needs
to be accepted separately if persistent reconnect is not enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 12:09:25 +03:00
Jouni Malinen
f347935f0d tests: Unit tests for WPA_TRACE
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-27 00:03:06 +03:00
Jouni Malinen
a3fe74bde1 tests: Add unit tests for ext_password
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 23:57:32 +03:00
Boris Sorochkin
e403ba859e Parse DMG capabilities when reporting to external interfaces
This adds [DMG] and [PBSS] flags for scan results and BSS table entries
using the IEEE Std 802.11ad-2012 updated definition of the Capability
field.

Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
2014-05-26 23:35:52 +03:00
Boris Sorochkin
f7454c97df P2P: Add 60 GHz in channel to frequency conversion
Add regulatory classes for the 60GHz band.

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
2014-05-26 23:35:52 +03:00
Jouni Malinen
fc3f1d1b4d Remove unused hostapd_ip_diff()
There are no users of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
3eb744a35a tests: int_array unit tests
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
8b0980af50 tests: Move bitfield unit tests into wpa_supplicant module test
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
8860e0f47c tests: Add printf encoding/decoding module tests
This replaces tests/test-printf.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
aa9735e772 tests: P2P and driver event to avoid frequencies
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
7bb70909a2 Add DRIVER_EVENT AVOID_FREQUENCIES for testing
This can be used to simulate driver events indicating frequencies to
avoid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
de8c4144fa tests: No pending query for GAS comeback
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
1d1de2306d tests: Limit on number of GAS pending dialog contexts
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
d73c7b9626 GAS: Send error response if no room for pending dialog context
Instead of silently dropping the response that requires fragmentation,
send an error response to the station to make it aware that no full
response will be available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
745f87715e tests: Verify SQLite DB as hostapd EAP user database
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
658d495db2 HS 2.0: Include OSU client sample in wpa_supplicant release package
This adds the new hs20 subdirectory into release tarballs.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
2396f02a43 Reserve QCA vendor specific nl80211 commands 14..19
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-22 16:29:48 +03:00
Jithu Jance
5661bd0f70 P2P: Avoid resetting pending_listen_freq if p2p_listen is pending
If p2p_listen is called while previous listen command's
remain_on_channel event is pending, the p2p_listen would fail
and it used to clear pending_listen_freq. Now when the remain-
on-channel event comes from the driver, the pending_listen_freq
doesn't match and gets ignored. This was leading to a case
where listen state was getting stuck (in case of WAIT_PEER_CONNECT
state).

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-05-22 16:29:36 +03:00
Jithu Jance
8802326ff9 nl80211: Indicate SHA256-based AKM suites in CONNECT/ASSOCIATE
Previously, the NL80211_ATTR_AKM_SUITES was skipped if either of these
SHA256-based AKMs was negotiated.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-05-21 23:48:00 +03:00
Jouni Malinen
e044016422 tests: gitignore TNC library files
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-21 18:47:57 +03:00
Jouni Malinen
3ba5cb29af tests: Add -rdynamic to fix TNC IMV/IMC loading on some platforms
The example IMV and IMC used for TNC testing has references to
wpa_printf and other functions from hostapd/wpa_supplicant. Link the
binaries in a way that allows these symbols to be resolved while loading
the libraries at run time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-21 14:56:34 +03:00
Jouni Malinen
46fcf474ff tests: Add CAVP test vectors for RSA/PKCS #1 v1.5 signature validation
This allow the PKCS #1 and RSA implementation to be validated against
the test vectors from
http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2rsatestvectors.zip
and
http://csrc.nist.gov/groups/STM/cavp/documents/dss/SigVer15EMTest.txt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-20 19:52:57 +03:00
Jouni Malinen
54ac6ff8c4 PKCS 1: Add function for checking v1.5 RSA signature
This could be used as a step towards replacing more specific functions
used in X.509 and TLS processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-20 19:52:18 +03:00
Jouni Malinen
d3811845f3 RSA: Add OID definitions and helper function for hash algorithms
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-19 23:27:30 +03:00
Jouni Malinen
ab6d047405 Add function for building RSA public key from n and e parameters
This is similar to the existing functionality that parsed ASN.1-encoded
RSA public key by generating a similar public key instance from already
parsed n and e parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-19 23:27:30 +03:00
Jouni Malinen
6c5be116dd PKCS #1: Enforce minimum padding for decryption in internal TLS
Follow the PKCS #1 v1.5, 8.1 constraint of at least eight octets long PS
for the case where the internal TLS implementation decrypts PKCS #1
formatted data. Similar limit was already in place for signature
validation, but not for this decryption routine.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-19 23:27:30 +03:00
Jouni Malinen
e6d83cc7ba PKCS #1: Allow only BT=01 for signature in internal TLS
Based on PKCS #1, v1.5, 10.1.3, the block type shall be 01 for a
signature. This avoids a potential attack vector for internal TLS/X.509
implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-19 23:27:30 +03:00
Jouni Malinen
9c29d48725 X.509: Fix internal TLS/X.509 validation of PKCS#1 signature
Verify that there is no extra data after the hash field. This is needed
to avoid potential attacks using additional data to construct a value
that passes the RSA operation and allows the hash value to be forged.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-19 23:27:30 +03:00
Jouni Malinen
e90d955f7c tests: Add CAVP test vectors for byte-oriented SHA-1 and SHA-256
This allows the SHA-1 implementation to be validated against the
SHA1ShortMsg.rsp and SHA1LongMsg.rsp test vectors from
http://csrc.nist.gov/groups/STM/cavp/documents/shs/shabytetestvectors.zip.
Similarly, the SHA-256 can be validated against the SHA256ShortMsg.rsp
and SHA256LongMsg.rsp.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 19:52:03 +03:00
Jouni Malinen
c4d370117b tests: EAP-PEAP parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:44:39 +03:00
Jouni Malinen
ea6464b07f tests: EAP-PEAP crypto_binding=0/1
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:33:59 +03:00
Jouni Malinen
873e7c297c tests: EAP-FAST using PAC file
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:28:31 +03:00
Jouni Malinen
8583d66478 tests: EAP-AKA' and EAP-AKA both enabled (bidding mechanism)
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-18 00:04:18 +03:00
Jouni Malinen
95fb531ccc tests: EAP-TTLS/EAP-AKA, EAP-PEAP/EAP-AKA, EAP-FAST/EAP-AKA
These add some more EAP-TTLS/PEAP/FAST coverage to test pending Phase 2
response re-processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 23:43:50 +03:00
Jouni Malinen
82a8f5b533 tests: Incorrect/missing password with TTLS non-EAP methods
Incorrect password was already tested with TTLS/MSCHAPv2, but the other
non-EAP inner methods in TTLS use their own implementation of password
validation, so check each and also verify the case of no matching EAP
user entry for the specific method.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 23:19:28 +03:00
Jouni Malinen
dbd1e184e3 tests: TNC testing
This implements minimal IMC and IMV to allow TNC testing with PEAP (SoH)
and TTLS/FAST with EAP-TNC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Jouni Malinen
10b58b5029 TNC: Allow TNC to be enabled dynamically
Previously, hostapd had to be started with at least one of the
configuration files enabling TNC for TNC to be usable. Change this to
allow TNC to be enabled when the first interface with TNC enabled gets
added during runtime.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Jouni Malinen
0a626a5060 TNC: Move common definitions into a shared header file
No need to duplicate these in multiple places.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Jouni Malinen
4075e4e862 TNC: Allow tnc_config file path to be replaced
This is for enabling easier testing of TNCS/TNCC functionality as part
of the test scripts without having to use the fixed /etc/tnc_config
location that could be used by the main system and would require changes
within /etc.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Jouni Malinen
ae14a2e29f tests: FT negative test with mismatching R0KH-ID
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Jouni Malinen
d314bedf2d tests: EAP-AKA using external USIM processing for UMTS auth
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-16 20:37:39 +03:00
Jouni Malinen
4e0a94b7dc tests: Add more details to help with initial setup configuration
This documents some more steps needed during initial test setup
configuration to make it easier to get this running even without
thorough knowledge of the network setup used by the operating system.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-16 19:24:47 +03:00
Masashi Honma
f0356ec85c eloop: Add epoll option for better performance
This patch adds epoll option for the eloop implementation. This can be
selected with the CONFIG_ELOOP_EPOLL=y build option.

[merit]
See Table1.

Table1. comparison table
+--------+--------+-----------+------------+-------------+
|        | add fd | remove fd | prepare fd | dispatch fd |
+--------+--------+-----------+------------+-------------+
| select | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| poll   | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| epoll  | O(1)   | O(1)      | 0          | O(M)        |
+--------+--------+-----------+------------+-------------+
"add fd" is addition of fd by eloop_sock_table_add_sock().
"remove fd" is removal of fd by eloop_sock_table_remove_sock().
"prepare fd" is preparation of fds before wait in eloop_run().
"dispatch fd" is dispatchment of fds by eloop_sock_table_dispatch().
"N" is all watching fds.
"M" is fds which could be dispatched after waiting.

As shown in Table1, epoll option has better performance on "prepare fd" column.
Because select/poll option requires setting fds before every select()/poll().
But epoll_wait() doesn't need it.

And epoll option has also better performance on "dispatch fd" column.
Because select/poll option needs to check all registered fds to find out
dispatchable fds. But epoll option doesn't require checking all registered fds.
Because epoll_wait() returns dispatchable fd set.

So epoll option is effective for GO/AP functionality.

[demerit]
The epoll option requires additional heap memory. In case of P2P GO, it is
about 8K bytes.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-05-16 18:25:51 +03:00
Masashi Honma
da96a6f793 eloop: Separate event loop select/poll implementation
This allows yet another eloop.c option to be added.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-05-16 18:23:09 +03:00
Tomasz Bursztyka
68d270069f dbus: No need to recompute group object path on GroupStarted signal
The group object is already registered on DBus at that point, thus wpa_s
structure holds its path already.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:20:17 +03:00