Commit graph

17124 commits

Author SHA1 Message Date
Jouni Malinen
354f87e2e3 MSCS: Fix MSCS Response frame Status field parsing
This is a 2 octet field, so need to use WPA_GET_LE16() here instead of
using only the first octet of the value.

Fixes: bbd3178af4 ("MSCS: Add support to process MSCS Response frames")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-23 00:42:06 +02:00
Jouni Malinen
b8673baeab Add REGISTER_FRAME hostapd control interface command for testing purposes
This can be used to register reception of new types of Management frames
through nl80211.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-23 00:42:06 +02:00
Jouni Malinen
60974eb3f6 Allow AP mode extended capabilities to be overridden
The new hostapd configuration parameters ext_capa_mask and ext_capa can
now be used to mask out or add extended capability bits. While this is
not without CONFIG_TESTING_OPTIONS, the main use case for this is for
testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-22 11:58:21 +02:00
Jouni Malinen
7365eb43ea Make hostapd_config_fill() easier to auto indent
The conditional compilation block with only the opening brace included
in two variants was messing up auto indentation in emacs. Work around
this by defining the maximum value conditionally while leave the if
block outside any conditional building rules.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-22 11:52:51 +02:00
Jouni Malinen
8ca09293ea Simplify extended capability determination in AP mode
There is no need to determine the exact length of the element before
filling in the octets since this function is already capable of
truncated the fields based on what the actual values are.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-22 11:12:39 +02:00
Jouni Malinen
37306a0042 PASN: Use a helper function to free radio work data
This is safer in avoiding memory leaks now that there is a dynamically
allocated member within the data struct.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-21 18:33:17 +02:00
Jouni Malinen
349e9eafbb PASN: Mark pubkey/comeback arguments constant for frame construction
These parameters are only copied to the frame, so mark them as constant.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-21 18:30:52 +02:00
Ilan Peer
93ef7e8c91 tests: Add PASN tests with comeback flow
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-21 18:28:34 +02:00
Ilan Peer
67014b3f74 PASN: Add support for comeback flow to wpa_supplicant
Process the received comeback cookie and retry automatically if the AP
allows this. Otherwise, provide the cookie to upper layers to allow a
later attempt with the cookie.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-21 18:28:34 +02:00
Ilan Peer
ab623ac750 PASN: Add support for comeback flow in AP mode
Reuse the SAE anti-clogging token implementation to support similar
design with the PASN comeback cookie.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-21 18:01:27 +02:00
Jouni Malinen
4871df4bf7 tests: DPP NFC operation failures in hostapd
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-21 16:55:44 +02:00
Jouni Malinen
9c809b2aaa tests: DPP bootstrapping via NFC URI record (hostapd reading tag)
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-21 16:39:46 +02:00
Jouni Malinen
c4b2d6f566 tests: DPP GAS Query error cases with hostapd
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-21 16:33:41 +02:00
Jouni Malinen
4ed10754e8 DPP: Fix GAS client error case handling in hostapd
The GAS client processing of the response callback for DPP did not
properly check for GAS query success. This could result in trying to
check the Advertisement Protocol information in failure cases where that
information is not available and that would have resulted in
dereferencing a NULL pointer. Fix this by checking the GAS query result
before processing with processing of the response.

This is similar to the earlier wpa_supplicant fix in commit 931f7ff656
("DPP: Fix GAS client error case handling").

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-21 11:47:39 +02:00
Jouni Malinen
3ae18d4bd7 EAP-SIM/AKA: Fix check for anonymous decorated identity
eap_sim_anonymous_username() gets called with an argument that is not a
null terminated C string and as such, os_strrchr() and os_strlen()
cannot be used with it. The previous implementation resulted in use of
uninitialized values and a potential read beyond the end of the buffer.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32277
Fixes: 73d9891bd7 ("EAP-SIM/AKA peer: Support decorated anonymous identity prefix")
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 16:28:44 +02:00
Jouni Malinen
512d973cc2 DPP: Indicate authentication success on ConfReqRX if needed (hostapd)
It is possible to receive the Configuration Request frame before having
seen TX status for the Authentication Confirm. In that sequence, the
DPP-AUTH-SUCCESS event would not be indicated before processing the
configuration step and that could confuse upper layers that follow the
details of the DPP exchange. As a workaround, indicate DPP-AUTH-SUCCESS
when receiving the Configuration Request since the Enrollee/Responser
has clearly receive the Authentication Confirm even if the TX status for
it has not been received.

This was already done in wpa_supplicant in commit 422e73d623 ("DPP:
Indicate authentication success on ConfReqRX if needed") and matching
changes are now added to hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 16:09:19 +02:00
Jouni Malinen
eff3212763 tests: PMKSA cache add failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 13:38:49 +02:00
Jouni Malinen
6c8842f0e0 Fix full EAP authentication after PMKSA cache add failure
Need to get EAP state machine into a state where it is willing to
proceed with a new EAP-Request/Identity if PMKSA cache addition fails
after a successful EAP authentication before the initial 4-way handshake
can be completed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 13:36:55 +02:00
Jouni Malinen
be06fd5b02 tests: hostapd ctrl_iface SET_NEIGHBOR failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 13:13:24 +02:00
Jouni Malinen
ed8a5733bd tests: DPP and hostapd as Enrollee with GAS fragmentation/timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:55:21 +02:00
Jouni Malinen
9056f918b6 tests: DPP connection status - success with hostapd as Configurator
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:19:12 +02:00
Jouni Malinen
6bbbd9729f DPP2: Fix connection status result wait in hostapd
The waiting_conn_status_result flag was not set which made hostapd
discard the Connection Status Result. Fix this to match the
wpa_supplicant implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:17:58 +02:00
Jouni Malinen
bcfcb247db tests: hostapd airtime policy configuration
Add minimal testing for airtime policy configuration. mac80211_hwsim
does not actually support this functionality, so this is just for
testing coverage of src/ap/airtime_policy.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:03:01 +02:00
Jouni Malinen
c0c74f0c6b Testing functionality for airtime policy
Add a new testing parameter to allow airtime policy implementation to be
tested for more coverage even without kernel driver support.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 12:03:01 +02:00
Jouni Malinen
fb9cd650e5 tests: DPP with hostapd as configurator/initiator with v1 enrollee
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 11:57:10 +02:00
Jouni Malinen
68b69d6607 tests: DPP chirp by an AP on 5 GHz
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 11:57:10 +02:00
Jouni Malinen
3d23fe32a5 tests: AP tracking STA taxonomy (5 GHz)
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 11:57:10 +02:00
Jouni Malinen
2f77891496 nl80211: Debug print error from airtime weight configuration
It is better to be able to determine whether the airtime weight
configuration for a STA actually was accepted by the driver or not.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-20 00:15:53 +02:00
Jouni Malinen
8b41ac82e6 tests: HE AP spatial reuse parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-19 23:58:39 +02:00
Jouni Malinen
8c24982e61 tests: Fix error messages for HE config missing
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-19 23:34:58 +02:00
Jouni Malinen
38fa5e6572 More documentation for HE Spatial Reuse Parameter Set configuration
Add a bit more complete documentation on how he_spr_sr_control parameter
is supposed to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-03-19 23:33:16 +02:00
Jouni Malinen
aa6a50849c tests: EAP-SIM with decorated anonymous identity
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-19 21:12:43 +02:00
Hai Shalom
73d9891bd7 EAP-SIM/AKA peer: Support decorated anonymous identity prefix
Support decorated anonymous identity prefix as per RFC 7542,
for SIM-based EAP networks.

Signed-off-by: Hai Shalom <haishalom@google.com>
2021-03-19 21:12:01 +02:00
Mohammad Asaad Akram
7831b10a89 Introduce reason code for TWT teardown due to concurrency
The firmware sends new reason codes to indicate TWT teardown due to
single channel and multi channel concurrency. Update the enum
qca_wlan_vendor_twt_status to represent new reason code.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-19 21:01:36 +02:00
Jouni Malinen
6219d5a5c2 tests: Make FT roaming and data connectivity checks more robust
Dump pending monitor interface messages between each roaming step to
make the test log easier to understand and hostapd wait for the new
connection more robust by ensuring that the processed event if for the
very last reassociation. It looks like at least ap_ft_vlan_over_ds_many
could fail due to the connectivity check being started before the final
roam had been completed on the AP side even though there was an explicit
hapd2ap.wait_sta() wait before the test.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-19 20:54:16 +02:00
Matthew Wang
58c5bd762e tests: Check update misbehaving MBO AP test to include roam
APs PMF capabilities can differ. wpa_supplicant should be able to
disable and enable MBO when roaming to and from a misbehaving MBO AP
that doesn't support PMF. Verify that this is indeed happening.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2021-03-19 18:35:01 +02:00
Jouni Malinen
daa0a22e45 tests: Fix eap_proto_eke_errors with gcc-10
gcc-10 seems to be inlining eap_eke_prf() and eap_eke_prfplus() which
breaks this test case due to a different backtrace being generated for
triggering the local failures. Point to the functions called by those
instead of these two functions to get this working with both gcc-9 and
gcc-10.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-17 23:38:26 +02:00
Jouni Malinen
eaf925df00 tests: Speed up tshark operations
Hide /usr/share/wireshark from hostfs to prevent tshark from loading all
the data from there since that can take significant amount of time and
is not really needed for the test cases. In addition, set HOME to point
to local tmpfs to avoid unnecessary references through hostfs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-17 23:36:52 +02:00
Ilan Peer
9d9b423065 tests: Add coverage for PASN deauthentication
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:50:10 +02:00
Ilan Peer
eaeec4da2d PASN: Add support for deauthentication flow in station
The new wpa_supplicant control interface command "PASN_DEAUTH
bssid=<BSSID>" can now be used to flush the local PTKSA cache for the
specified BSS and to notify the AP to request it to drop its PTKSA as
well.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:49:28 +02:00
Ilan Peer
4f436d5378 nl80211: Allow sending Deauthentication frame with off channel for PASN
To allow for a PASN station to deauthenticate from an AP to clear any
PTKSA cache entry for it, extend the nl80211 interface to allow sending
a Deauthentication frame with off channel enabled.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:43:08 +02:00
Ilan Peer
1ca1c3cfee AP: Handle deauthentication frame from PASN station
When a Deauthentication frame is received, clear the corresponding PTKSA
cache entry for the given station, to invalidate previous PTK
information.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 22:41:02 +02:00
Ilan Peer
166e357e63 AP: Enable anti clogging handling code in PASN builds without SAE
The anti-clogging code was under CONFIG_SAE. Change this so it can be
used both with CONFIG_SAE and CONFIG_PASN.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:58:10 +02:00
Ilan Peer
6fe0d56e88 AP: Rename SAE anti clogging variables and functions
PASN authentication mandates support for comeback flow, which
among others can be used for anti-clogging purposes.

As the SAE support for anti clogging can also be used for PASN,
start modifying the source code so the anti clogging support
can be used for both SAE and PASN.

As a start, rename some variables/functions etc. so that they would not
be SAE specific. The configuration variable is also renamed, but the old
version remains available for backwards compatibility.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:44:24 +02:00
Ilan Peer
b42b6c4d53 tests: Add test coverage for PASN with MIC errors
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:22:23 +02:00
Ilan Peer
b866786338 PASN: For testing purposes allow to corrupt MIC
For testing purposes, add support for corrupting the MIC in PASN
Authentication frames for both wpa_supplicant and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:19:12 +02:00
Ilan Peer
2264a29890 tests: PASN: configure the nid before sending the command
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 17:15:55 +02:00
Ilan Peer
2efa60344e PASN: Encode the public key properly
When a public key is included in the PASN Parameters element, it should
be encoded using the RFC 5480 conventions, and thus the first octet of
the Ephemeral Public Key field should indicate whether the public key is
compressed and the actual key part starts from the second octet.

Fix the implementation to properly adhere to the convention
requirements for both wpa_supplicant and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 12:31:31 +02:00
Ilan Peer
cd0813763a PASN: Include PMKID in RSNE in PASN response from AP
As defined in IEEE P802.11az/D3.0, 12.12.3.2 for the second PASN frame.
This was previously covered only for the case when the explicit PMKSA
was provided to the helper function. Extend that to cover the PMKID from
SAE/FILS authentication cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 11:45:12 +02:00
Ilan Peer
da3ac98099 PASN: Fix setting frame and data lengths in AP mode PASN response
Frame length and data length can exceed 256 so need to use size_t
instead of u8.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-03-16 11:38:51 +02:00