This converts some of the PAE code to use a design that gets rid
unnecessary warnings from sparse and allows more thorough validation of
byte order operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These are called through function pointers, so no need to make the
function symbols directly available outside this file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These little endian fields were not marked properly and the type case in
the get_unaligned_* helper macros were causing warnings from sparse.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Couple of fsts_id and llt fields were not properly swapped from host
byte order to little endian byte order used in the frames. Fix this and
use the le32 type to make this more consistent and verifiable with
sparse.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Since crypto_openssl.c is now implementing couple of functions
internally, pull in the relevant header files md5.h and aes_wrap.h to
make sure the function declaration are consistent.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The ap_ciphers tests used to do file operations locally in python. Start
using the cmd_execute() general function for file operations so that
this would also work on remote setups.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Add the feature to execute shell commands on each wpa_supplicant/hostapd
interface host. When executing remote tests the interfaces are not all
on a single host so when executing shell commands the test needs to
execute the command on the host which the interface relevant for the
command is on. This patch enables tests to execute the command on the
relevant host.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
In some cases parsing of the mesh scan info for a BSS or the P2P scan
info can fail. One reason can be that the Beacon/Probe Response frame
contained malformed length vendor IEs which are not parsed when adding
to the BSS table. Instead of skipping the whole BSS of the BSS command,
just skip the part that failed to parse.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
The next commit modifies the BSS command behavior to report partial
results for a BSS, so mesh_scan_oom needs to allow a BSS entry to be
returned as long as it does not include the mesh information.
Signed-off-by: Jouni Malinen <j@w1.fi>
Freeing memory for subjectAltName in parse_cert(), will give cert_cb
pointers to freed memory zone that may already been overwritten. Memory
for subjectAltName is released in parse_cert_free().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
The "Accepting Additional Mesh Peerings bit == 0" means the peer cannot
accept any more peers, so suppress attempt to open a connection to such
a peer.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This moves pairwise, group, and management group ciphers to various mesh
data structures to avoid having to hardcode cipher in number of places
through the code. While CCMP and BIP are still the hardcoded ciphers,
these are now set only in one location.
Signed-off-by: Jouni Malinen <j@w1.fi>
The AMPE element includes number of optional and variable length fields
and those cannot really be represented by a fixed struct
ieee80211_ampe_ie. Remove the optional fields from the struct and
build/parse these fields separately.
This is also adding support for IGTKdata that was completely missing
from the previous implementation. In addition, Key RSC for MGTK is now
filled in and used when configuring the RX MGTK for a peer.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous implementation was incorrect in forcing the MGTK to be used
as the IGTK as well. Define new variable for storing IGTK and use that,
if set, to configure IGTK to the driver. This commit does not yet fix
AMPE element parsing to fill in this information.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the data structures to allow variable length MGTK to be
stored for RX. This is needed as an initial step towards supporting
different cipher suites.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previous implementation was incorrectly using MGTK also as the IGTK and
doing this regardless of whether PMF was enabled. IGTK needs to be a
independent key and this commit does that at the local TX side.
The current AMPE element construction and parsing is quite broken, so
this does not get add the IGTKdata field there.
Signed-off-by: Jouni Malinen <j@w1.fi>
Clean up the mesh_rsn_derive_mtk() function by using proper macros and
pointer to the location within the context block.
Signed-off-by: Jouni Malinen <j@w1.fi>
mesh_rsn_derive_mtk() was hardcoded to use GCMP (even though CCMP was
hardcoded elsewhere) cipher suite selector instead of the selected AKM
suite selector. This resulted in incorrect MTK getting derived. Fix this
by used the SAE AKM suite selector in the input to the KDF.
Signed-off-by: Jouni Malinen <j@w1.fi>
Clean up the mesh_rsn_derive_aek() function by using proper macros and
pointer to the location within the context block.
Signed-off-by: Jouni Malinen <j@w1.fi>
mesh_rsn_derive_aek() was hardcoded to use GCMP (even though CCMP was
hardcoded elsewhere) cipher suite selector instead of the selected AKM
suite selector. This resulted in incorrect AEK getting derived. Fix this
by used the SAE AKM suite selector in the input to the KDF.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is initial step in fixing issues in how PMF configuration for RSN
mesh was handled. PMF is an optional capability for mesh and it needs to
be configured consistently in both hostapd structures (to get proper
RSNE) and key configuration (not included in this commit).
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 0603bcb7fe ('hostapd: Process MAC
ACLs on a station association event (SME in driver)') processes MAC ACL
on a station association event for drivers which use AP SME offload but
does not consider the scenario where the drivers offload ACL. This can
result in station disconnection, though the driver accepts the
connection. Address this by avoiding the hostapd ACL check for the
drivers offloading MAC ACL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Fix possible memory leak in case if WPS is not enabled on the interface
for connection. This path was missed in commit
fae7b37260 ('WPS: Do not expire probable
BSSes for WPS connection').
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Check for MESH-PEER-CONNECTED from dev[1] before reporting MGMT-RX
timeout errors from dev[0]. This avoids false failures in case the short
0.01 s timeout at the end of the loop was not long enough to catch the
message.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When the BSS count reaches max_bss_count, the oldest BSS will be removed
in order to accommodate a new BSS. Exclude WPS enabled BSSes when going
through a WPS connection so that a possible WPS candidate will not be
lost.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
