Commit graph

17037 commits

Author SHA1 Message Date
Jouni Malinen
9c1fbff074 DPP2: Generate a privacy protection key for Configurator
Generate a new key for Configurator. This is either generated
automatically for the specified curve or provided from external source
with the new ppkey=<val> argument similarly to the way c-sign-key was
previously generated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 19:59:29 +03:00
Jouni Malinen
1d14758450 DPP: Make dpp_keygen_configurator() a static function
This was not used anywhere outside dpp.c.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-13 19:48:29 +03:00
Jouni Malinen
a964cb65a1 tests: Silence compiler warnings from test-base64
Use typecasting to match the base64_{encode,decode}() function prototype
for signed/unsigned char buffer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:47 +03:00
Jouni Malinen
05195189f1 tests: Build test-https and test-https_server as part of ALL
Even though these are not part of run-tests, it is simpler to just build
them like all other tests/test-* tools.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:47 +03:00
Jouni Malinen
b746f28c00 tests: Remove unnecessary libraries from tests/test-*.c build
These libraries are not needed anymore with the remaining tests/test-*.c
tools.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:47 +03:00
Jouni Malinen
0167a2d165 tests: Remove obsolete ASN.1 parser/fuzzer
tests/fuzzing/asn1 replaced this more than a year ago, so get rid of the
now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:47 +03:00
Jouni Malinen
0db20eacaa tests: Remove obsolete TLS fuzzer
tests/fuzzing/tls-{client,server} replaced this more than a year ago, so
get rid of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:44 +03:00
Jouni Malinen
8a43fcd18c tests: Remove obsolete EAPOL-Key fuzzer
tests/fuzzing/eapol-key-{auth,supp} replaced this more than a year ago,
so get rid of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:41:40 +03:00
Jouni Malinen
95cbbf44f0 tests: Remove obsolete json fuzzer
tests/fuzzing/json replaced this more than a year ago, so get rid
of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:17:17 +03:00
Jouni Malinen
b1e91a53e4 tests: Remove obsolete ap-mgmt-fuzzer
tests/fuzzing/ap-mgmt replaced this more than a year ago, so get rid
of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:10:01 +03:00
Jouni Malinen
e974fad9c5 tests: Remove obsolete eapol-fuzzer
tests/fuzzing/eapol-supp replaced this more than a year ago, so get rid
of the now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:06:58 +03:00
Jouni Malinen
0be7967692 tests: Remove obsolete wnm-fuzzer
tests/fuzzing/wnm replaced this more than a year ago, so get rid of the
now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:04:46 +03:00
Jouni Malinen
ceab836a99 tests: Remove obsolete p2p-fuzzer
tests/fuzzing/p2p replaced this more than a year ago, so get rid of the
now obsolete version.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-12 21:00:52 +03:00
Johannes Berg
1d0d8888af build: Make more library things common
We don't really need to duplicate more of this, so just
move the lib.rules include to the end and do more of the
stuff that's common anyway there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:35 +03:00
Johannes Berg
f4b3d14e97 build: Make a common library build
Derive the library name from the directory name, and let each
library Makefile only declare the objects that are needed.

This reduces duplicate code for the ar call. While at it, also
pretty-print that call.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:20 +03:00
Johannes Berg
ac1447ae9d build: Rebuild libs all the time
When files change that go into a static library such as libutils.a, then
libutils.a doesn't get rebuilt from, e.g., wlantest because the
top-level Makefile just calls the library make if the library doesn't
exist yet.

Change that by making the library depend on a phony target (cannot make
it itself phony due to the pattern) so that the build will always
recurse into the library build, and check there if the library needs to
be rebuilt.

While at it, remove the (actually unnecessary) mkdir so it doesn't get
done each and every time you do 'make'.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:18:02 +03:00
Udhayakumar Mahendiran
6c41d43f1a mesh: Stop SAE auth timer when mesh node is removed
Not doing this could cause wpa_supplicant to crash.

Signed-off-by: Udhayakumar Mahendiran <udhayakumar@qubercomm.com>
2020-10-12 20:16:12 +03:00
Masashi Honma
267d619798 tests: Fix mesh_open_vht_160 false negative by using common finalizer
mesh_open_vht_160 might fail with this message:

---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:53 +03:00
Masashi Honma
fd59cc8924 tests: Fix wpas_mesh_open_vht_80p80 false negative by using common finalizer
wpas_mesh_open_vht_80p80 might fail with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:46 +03:00
Masashi Honma
54830a2445 tests: Fix wpas_mesh_open_vht20 false negative by using common finalizer
wpas_mesh_open_vht20 might fails with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:39 +03:00
Masashi Honma
91de752d17 tests: Fix wpas_mesh_open_vht40 false negative by using common finalizer
wpas_mesh_open_vht40 might fail with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:32 +03:00
Masashi Honma
5eea042220 tests: Fix wpas_mesh_open_ht40 false negative by using common finalizer
wpas_mesh_open_ht40 might fail with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:25 +03:00
Masashi Honma
0bea288fbe tests: Fix wpas_mesh_open_5ghz false negative by using common finalizer
wpas_mesh_open_5ghz might fail with this message:

---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:18:15 +03:00
Masashi Honma
ee03056a62 tests: Fix mesh_secure_ocv_mix_legacy false negative by using common finalizer
mesh_secure_ocv_mix_legacy might fail with this message:

---------------
wlan0: Country code not reset back to 00: is AZ
wlan0: Country code cleared back to 00
---------------

This patch fixes the issue.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2020-10-12 11:17:52 +03:00
Johannes Berg
154b18d950 build: Fix dependency file inclusion
The objs.mk include changes for archive files broke things
completely and none of the dependency files (*.d) ever got
included, as the expansion there ended up empty.

Clearly, my mistake, I should've tested that better. As we
don't need the %.a files in the list there use filter-out
to remove them, rather than what I had lazily wanted to do,
which was trying to read %.d files for them. The filter-out
actually works, and avoids looking up files that can never
exist in the first place.

Fixes: 87098d3324 ("build: Put archive files into build/ folder too")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 11:05:16 +03:00
Ze Gan
79db311e89 macsec_linux: Fix receive-lowest-PN setting
Setting of the PN for the receive SA failed because the SCI wasn't
provided. Fix this by adding the needed attribute to the command.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2020-10-11 20:35:35 +03:00
Wystan Schmidt
e3b47cdf86 DPP2: Add DPP_CHIRP commands to hostapd_cli and wpa_cli
Add the DPP control interface chirp commands to the CLIs for greater
visibility and ease of use.

Signed-off-by: Wystan Schmidt <wystan.schmidt@charter.com>
2020-10-11 20:26:21 +03:00
Jimmy Chen
cb3b709367 P2P: Set ap_configured_cb during group reform process
We found that if REMOVE-AND-REFORM occurs before a group is started,
it would not send out GROUP-STARTED-EVENT after AP is enabled.

In the remove-and-reform process, ap_configured_cb is cleared. If a
group is not started, p2p_go_configured() will not be called after
completing AP setup. Fix this by preserving the callback parameters.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2020-10-11 20:08:37 +03:00
Jimmy Chen
0e9f62e514 P2P: Fallback to GO negotiation after running out of GO scan attempts
We found a problem that p2p_fallback_to_go_neg is not handled correctly
after running out of GO scan attempts. When autojoin is enabled and a
group is found in old scan results, supplicant would try to scan the
group several times. If the group is still not found, it reports group
formation failure while p2p_fallback_to_go_neg is enabled already.

If p2p_fallback_to_go_neg is enabled, it should fallback to GO
negotiation, but not report group formation failure after running out of
GO scan attempts.

Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
2020-10-11 20:00:57 +03:00
Andrew Beltrano
1a0169695b hostapd_cli: Add dpp_bootstrap_set command
Expose DPP_BOOTSTRAP_SET through hostapd_cli command
dpp_bootstrap_set <id> <configurator params..>

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-11 19:51:39 +03:00
Andrew Beltrano
7e4ed93d36 wpa_cli: Add dpp_bootstrap_set command
Expose DPP_BOOTSTRAP_SET through wpa_cli command dpp_bootstrap_set <id>
<configurator params..>

Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
2020-10-11 19:47:08 +03:00
Johannes Berg
5c7a048e45 tests: build.sh: Avoid copying .config if identical
If the .config file is already identical, avoid copying it even if -f
was specified; this improves build time if nothing has changed.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:42:52 +03:00
Johannes Berg
e7c11ad249 tests: build.sh: Remove 'make clean' steps
Since the build artifacts are now landing in distinct directories, we
don't need to 'make clean' and save some rebuild time.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:41:41 +03:00
Johannes Berg
27fb429e95 wpaspy: Allow building with python3
Add the necessary modified module registration code to allow building
wpaspy with python3. Also clean up the wpaspy_close() function to not
poke into the python version specific details.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:41:08 +03:00
Jouni Malinen
45a1bfd956 gitignore: Remove obsolete mac80211_hwsim entry
That directory was removed last year, so no need to try to ignore the
build result from there anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-10-11 19:36:18 +03:00
Johannes Berg
283eee8eed gitignore: Clean up a bit
Now that we no longer leave build artifacts outside the build folder, we
can clean up the gitignore a bit. Also move more things to per-folder
files that we mostly had already anyway.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:32:50 +03:00
Markus Theil
ae0b90dfa4 mesh: Allow channel switch command
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-11 11:24:14 +03:00
Johannes Berg
87098d3324 build: Put archive files into build/ folder too
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).

Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.

Note that due to the use of thin archives, this required
building with absolute paths.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:16:00 +03:00
Johannes Berg
00b5e99b65 build: Use the new build system for fuzz tests
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:15:16 +03:00
Juliusz Sosinowicz
a49f628845 wolfSSL: Fix wrong types in tls_wolfssl.c
wolfSSL_X509_get_ext_d2i() returns STACK_OF(GENERAL_NAME)* for
ALT_NAMES_OID therefore wolfSSL_sk_value needs to expect a
WOLFSSL_GENERAL_NAME*.

In addition, explicitly check for NULL return from wolfSSL_sk_value().

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2020-10-11 10:56:47 +03:00
Pali Rohár
58c18bcf86 hostapd: Fix error message for radius_accept_attr config option
Error message contained wrong config option.

Signed-off-by: Pali Rohár <pali@kernel.org>
2020-10-10 20:53:01 +03:00
Thomas Pedersen
52a1b28345 nl80211: Unbreak mode processing due to presence of S1G band
If kernel advertises a band with channels < 2.4 GHz
hostapd/wpa_supplicant gets confused and assumes this is an IEEE
802.11b, corrupting the real IEEE 802.11b band info.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-10-10 20:49:59 +03:00
Brian Norris
4b96fafcd8 D-Bus: Share 'remove all networks' with CLI
The D-Bus implementation of RemoveAllNetworks differs wildly from the
CLI implementation. Let's share the implementations.

This resolves use-after-free bugs I noticed, where we continue to use
the 'wpa_s->current_ssid' wpa_ssid object after freeing it, because we
didn't bother to disconnect from (and set to NULL) current_ssid before
freeing it.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 20:39:00 +03:00
Brian Norris
07aac648a1 tests: dbus: Add test for RemoveAllNetworks while connected
This likely passes today (at least without ASAN), but without the next
commit, it trips up a use-after-free bug, which ASAN can catch.

So consider this a regression test.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 20:36:18 +03:00
Brian Norris
4b0bf0ec6e tests: run-tests: Do not use sudo if already root
Among other things, sudo can disrupt environment variables that a caller
provides.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 20:33:00 +03:00
Brian Norris
4dbba548ae tests: Skip busctl tests when not available
Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-10-10 20:31:43 +03:00
Georg Müller
2818e9ca90 wpa_supplicant: Do not retry scan if operation is not supported
When using NetworkManager to set up an access point, there seems to be a
race condition which can lead to a new log message every second.

The following message appears in AP mode:

    CTRL-EVENT-SCAN-FAILED ret=-95 retry=1

Normally, this log message only appears once. But then (and only then)
the race is triggered and they appear every second, the following log
messages are also present:

    Reject scan trigger since one is already pending
    Failed to initiate AP scan

This patch just disables the retry for requests where the operation is
not supported anyway.

Signed-off-by: Georg Müller <georgmueller@gmx.net>
2020-10-10 20:26:18 +03:00
Benjamin Berg
c0b88d1291 P2P: Limit P2P_DEVICE name to appropriate ifname size
Otherwise the WPA_IF_P2P_DEVICE cannot be created if the base ifname is
long enough. As this is not a netdev device, it is acceptable if the
name is not completely unique. As such, simply insert a NUL byte at the
appropriate place.

Signed-off-by: Benjamin Berg <bberg@redhat.com>
2020-10-10 20:24:55 +03:00
Markus Theil
566ea1b7ce mesh: Set correct address for mesh default broadcast/multicast keys
wpa_drv_set_key() was called with a NULL address for IGTK and MGTK
before this patch. The nl80211 driver will then not add the
NL80211_KEY_DEFAULT_TYPE_MULTICAST flag for the key, which wrongly marks
this key also as a default unicast key in the Linux kernel.

With SAE this is no real problem in practice, as a pairwise key will be
negotiated in mesh mode, before the first data frame gets send. When
using IEEE 802.1X in a mesh network in the future, this gets a problem,
as Linux now will encrypt EAPOL frames with the default key, which is
also marked for unicast usage without this patch.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-10-10 20:19:09 +03:00
Jouni Malinen
48aebcc31b tests: D-Bus Roam
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-10-10 20:15:34 +03:00