www.project-moonshot.org Git - mech

P2P: Limit number of SD retries during find

Commit 7139cf4a4f1fecfd03d0daff9bb33adb80cc3530 ('P2P: Decrement
sd_pending_bcast_queries when sd returns success') added support for
retrying P2P SD queries. However, it did this without limiting how many
retries are allowed. This can result in excessive number of retries if a
peer device does not show up on its Listen channel and there is a
pending SD query to it. Limit the maximum number of SD retries to 100
per p2p_find operation for each peer to avoid unlimited retries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Iterate through all peers in pending pre-find operation

Commit 7139cf4a4f1fecfd03d0daff9bb33adb80cc3530 ('P2P: Decrement
sd_pending_bcast_queries when sd returns success') changed P2P SD
behavior in a way that the P2P search loop ended up in continuing with
the first peer entry until it acknowledged receipt of a pending
broadcast SD request while the previous design went through all peers
once. While it is reasonable to retry SD, getting stuck with the first
peer is not really desirable. Change the p2p_continue_find() loop to
continue from the next peer in each iteration to allow progress through
all peers that have pending operations if any other peer is not
acknowledging frames (e.g., due to not being on Listen channel).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Add support for offloading key management operations to the driver

This commit introduces a QCA vendor command and event to provide an
option to use extended versions of the nl80211 connect/roam operations
in a way that allows drivers to offload key management operations to the
driver/firmware.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Allow time for go_neg_pbc() GO Neg Resp to go out

It was possible for the not-pre-authorized GO Negotiation case to end up
starting new GO Negotiation before the GO Negotiation Response frame
with status=1 was transmitted. While this works for group formation, it
could reduce test coverage for the common case where that response is
received. At a small sleep to make it less likely for this unexpected
sequence to happen during testing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Search all 2.4 GHz social channels regardless of disallow_freq

Commit 1595eb93aee0239de51f1090d4528e4b2cfe3add ('P2P: Add support for
60 GHz social channel') had an unintended change to how P2P search scans
2.4 GHz social channels. Use of p2p_supported_freq() to filter the list
of social channels ended up using the disallow_freq setting to remove
social channels from the P2P search scans. This is not desired since
peers need to be found on any of the social channels even if those
channels have been disabled from P2P operating channel use. Restore the
previous behavior by included all the 2.4 GHz social channels in P2P
search scans if the driver indicated support for the 2.4 GHz band.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

GAS: Do not reply to P2P SD query from generic GAS/ANQP server

This avoids an issue where a wpa_supplicant build with CONFIG_P2P=y and
CONFIG_HS20=y ended up processing a P2P SD query twice when operating as
a GO and sending out two replies. Only the P2P SD implementation should
reply to P2P SD query in such a case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Revert "nl80211: Do not indicate P2P_DEVICE support by default"

This reverts commit 851b0c5581069de6db01ddca7c150b76cee415a2.

The kernel now has full support for this (and it is turned off
by default for hwsim) so wpa_supplicant should really go back
to autodetecting this so clients don't have to figure out what
to do.

Also add a debug message stating that P2P_DEVICE support is used.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

tests: Disable support_p2p_device by default

When loading the hwsim module, disable support_p2p_device by default.
This will also become the default in the kernel, but until then it
makes sure it's not turned on by default.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

tests: Use dynamic radio for P2P_DEVICE tests

Use dynamic radios for P2P_DEVICE tests to be able to test
support when the default in hwsim is to not support it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

tests: Run run-tests.py as root from run-all.sh

This will be needed to be able to control dynamic mac80211_hwsim
operations like adding and removing a phy. In the past, it has been
possible to start the main programs as root and then use non-root
account for run-tests.py. However, there is already a large number of
cases within the test scripts where sudo is needed. Moving that
requirement to execution of run-tests.py allows those to be simplified
as well.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2P SD with GO

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

browser-android: Use execv() directly instead of os_exec()

This allows the URL to be passed as a single argument to the program
instead of getting split into multiple by os_exec(). This makes the
operation more robust for cases where the URL could have been received
from an external source and could potentially add extra arguments to the
command line.

In addition, fix the /system/bin/input execution by using system() for
it instead of execv() through os_exec(). /system/bin/input is a script
that execv() won't be able to run. Since the full command line is
specified, system() can be used for this. The keycode is also changed
from 3 to KEYCODE_HOME to make this work with current Android version.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

browser-wpadebug: Use execv() directly instead of os_exec()

This allows the URL to be passed as a single argument to the program
instead of getting split into multiple by os_exec(). This makes the
operation more robust for cases where the URL could have been received
from an external source and could potentially add extra arguments to the
command line.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

browser-system: Use execv() directly instead of os_exec()

This allows the URL to be passed as a single argument to the program
instead of getting split into multiple by os_exec(). This makes the
operation more robust for cases where the URL could have been received
from an external source and could potentially add extra arguments to the
command line.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: BSS Load updates

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

AP: Add support for BSS load element (STA Count, Channel Utilization)

The new "bss_load_update_period" parameter can be used to configure
hostapd to advertise its BSS Load element in Beacon and Probe Response
frames. This parameter is in the units of BUs (Beacon Units).

When enabled, the STA Count and the Channel Utilization value will be
updated periodically in the BSS Load element. The AAC is set to 0 sinze
explicit admission control is not supported. Channel Utilization is
calculated based on the channel survey information from the driver and
as such, requires a driver that supports providing that information for
the current operating channel.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>

tests: Introduce hwsim radio context manager

The new HWSimRadio context manager allows the following
syntax to create (and appropriately destroy) a new radio:

with HWSimRadio([...]) as (radio_id, iface_name):
[...]

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

tests: Allow creating radio with p2p-device support

For testing P2P-Device support properly, allow dynamically
creating radios with support for it in hwsim.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

P2P: Support dynamic addition of P2P Device triggering interface

This moves the addition of P2P Device interface into
wpa_supplicant_add_iface() so that this operation can be done
dynamically when adding an interface to an already running
wpa_supplicant process.

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P: Remove all child interfaces when removing the parent

This is needed to allow dynamic removal of an interface that adds the
P2P Device interface without leaving behind the management interface
with invalid wpa_s->parent pointer.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Remove wlan5-related interfaces based on list

Instead of hardcoding reset_devs() to remove wlan5, remove all wlan*
interfaces renaming in the wpa_supplicant process to support the case of
dynamically added hwsim phy.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Make RELOG command use global control interface

This allows RELOG to be used even if a wpa_supplicant process does not
have any interfaces configured.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Use internal DATA_TEST_* functionality instead of hwsim_test

This replaces use of the external hwsim_test tool for most data
connectivity test cases. Only the cases where a special interface
(bridge/VLAN) is used are still executed through hwsim_test.

The internal DATA_TEST_* functionality makes it easier to extend the
connectivity test cases through an external device with real WLAN
hardware instead of the hwsim test setup. In addition, the error reports
from this code can be made more informative.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Add WpaSupplicant.wait_group_event()

This can be used to wait for events from a P2P group interface.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Add own_addr() for both Hostapd and WpaSupplicant classes

This makes it easier to use instances of control interfaces in common
code without having to separately address hostapd and wpa_supplicant
behavior differences.

Signed-off-by: Jouni Malinen <j@w1.fi>

Add data test functionality

It is now possible to run hwsim_test like data connectivity test through
wpa_supplicant/hostapd control interface if CONFIG_TESTING_OPTIONS=y is
used for the build. Test functionality is enabled/disabled at runtime
with "DATA_TEST_CONFIG <1/0>". The "DATA_TEST_TX <dst> <src> <tos>"
command can be used to request a test frame to be transmitted.
"DATA-TEST-RX <dst> <src>" event is generated when the test frame is
received.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Pass wpas/hapd instance to test_connectivity()

This makes it easier to replace data connectivity testing to use
something else than local hwsim_test binary on the controller device.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Add test cases for AP channel switch announcement

Signed-hostap: Luciano Coelho <luciano.coelho@intel.com>

Skip CSA tests if the driver doesn't support this in AP mode.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

Do not start CSA flow when CSA is not supported by the driver

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

HS 2.0R2: Write OSEN key_mgmt value to config file

This was forgotten when the parser for key_mgmt=OSEN was added.

Signed-off-by: Jouni Malinen <j@w1.fi>

Write SAE and FT-SAE key_mgmt to config

This was forgotten when the key_mgmt parser for SAE and FT-SAE was
added.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>

nl80211: Add new peer candidate event for mesh

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>

nl80211: Add support for sta_add flags_mask

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>

nl80211: Add new commands to support mesh interfaces

Create init_mesh, mesh_join, and mesh_leave actions to kernel.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>

nl80211: Add driver flag to indicate mesh support

Convert the driver flags variable to u64 since there was no room for
more flags.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>

Add a test vector for AES-SIV

This verifies that the AES-SIV implementation results matches RFC 5297
test vector A.1.

Signed-off-by: Jouni Malinen <j@w1.fi>

Implement RFC 5297 AES-SIV

Add an implementation of Synthetic Initialization Vector (SIV)
Authenticated Encryption Using the Advanced Encryption Standard (AES).

This mode of AES is used to protect peering frames when using
the authenticated mesh peering exchange.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>

mesh: Parse mesh-related information elements

Add support for parsing mesh id, mesh config, mesh peering,
AMPE and MIC information elements.

Signed-off-by: Bob Copeland <me@bobcopeland.com>

mesh: Add mesh protocol definitions

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-hostap: Thomas Pedersen <thomas@noack.us>

tests: Provide more details of parallel testing with curses UI

This extends parallel-vm.py to show more details about testing progress
from each VM.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2P re-invocation with p2p_add_cli_chan=1

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P: Include passive channels in invitation response

Patch 51e9f22809b0f412c9c10baa34ddc46cf5df4f33 added the option
p2p_add_cli_chan to allow P2P GC to connect on passive channels
assuming the GO should know whether allowed to send on these channels.
This patch adds missing cli_channels to invitation response messages
to allow re-connecting to a persistent group as GC on passive
channels.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>

tests: Removing a P2P group via the group control interface

This adds a test which attempts to use the control interface for the
P2P group to remove the P2P group.

Signed-off-by: Toby Gray <toby.gray@realvnc.com>

P2P: Fix group interface removal through interface ctrl_iface

It was possible to issue the P2P_GROUP_REMOVE command through the
per-interface control interface. This resulted in freed memory getting
accessed when trying to send the control interface response to the
operation that ended up deleting the group interface. Fix this by
postponing the removal operation until the caller has returned.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: SAE PMKSA caching

Signed-off-by: Jouni Malinen <j@w1.fi>

SAE: Add support for PMKSA caching on the station side

This makes wpa_supplicant SME create PMKSA cache entries from SAE
authentication and try to use PMKSA caching if an entry is found for the
AP. If the AP rejects the attempt, fall back to SAE authentication is
used.

Signed-off-by: Jouni Malinen <j@w1.fi>

SAE: Add support for PMKSA caching on the AP side

This makes hostapd create PMKSA cache entries from SAE authentication
and allow PMKSA caching to be used with the SAE AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>

Add Acct-Multi-Session-Id into RADIUS Accounting messages

This allows multiple sessions using the same PMKSA cache entry to be
combined more easily at the server side. Acct-Session-Id is still a
unique identifier for each association, while Acct-Multi-Session-Id will
maintain its value for all associations that use the same PMKSA.

Signed-off-by: Jouni Malinen <j@w1.fi>

Remove duplicated Acct-Session-Id from Accounting-Request

Commit 8b2486115479582b2ab164a4508f22ed23a9a4cb ('Add Acct-Session-Id
into Access-Request messages') added Acct-Session-Id building into the
helper function shared between authentication and accounting messages.
However, it forgot to remove the same code from the generation of
accounting messages and as such, ended up with Accounting-Request
messages containing two copies of this attribute. Fix this by removing
the addition of this attribute from the accounting specific function.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: RADIUS accounting with PMKSA caching

Signed-off-by: Jouni Malinen <j@w1.fi>

RADIUS: Define new attributes from RFC 5580

This adds definition and names for the RADIUS attributes defined in RFC
5580 (Carrying Location Objects in RADIUS and Diameter).

Signed-off-by: Jouni Malinen <j@w1.fi>

WPS: Extend startWhen to 2 if peer AP supports WPS 2.0

Increase EAPOL startWhen to 2 for the case where the AP/GO has
advertised it supports WPS 2.0. This is done to make it less likely for
the EAPOL-Start frame to be sent out since that is only required for WPS
1.0. Not sending it can remove one unnecessary round trip from the EAP
exchange when the AP is going to start with EAP-Request/Identity
immediately based on the Association Request frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Add Python-version of parallel-vm.sh

This is a more advanced version of the simple parallel-vm.sh script.
Status of each VM is printed out during the test and results are
provided in more convenient format in the end.

Signed-off-by: Jouni Malinen <j@w1.fi>

netlink: Fix RTM_SETLINK padding at the end of the message

While the kernel seems to have accepted the message to set linkmode and
operstate without the final attribute getting padded to 32-bit length,
it is better to get this cleaned up to match expected format. The double
NLMSG_ALIGN() followed by RTA_LENGTH() did not make much sense here.

Signed-off-by: Jouni Malinen <j@w1.fi>

hostapd_cli: Add CLI commands enable, reload, and disable

Commands are already present in ctrl_iface.c (and parsed in
hostapd_ctrl_iface_receive() function) but not in hostapd_cli.c. This
patch updates hostapd_cli.c with matching functions.

Signed-off-by: Cedric Baudelet <cedric.baudelet@intel.com>

P2P: Remove unreachable code in wpas_p2p_stop_find()

Commit 152cff6ba6d6ac206b93a2202eab57f0a36c26cb ('P2P: Remove
WPA_DRIVER_FLAGS_P2P_MGMT option') removed the only non-zero return from
wpas_p2p_stop_find_oper(), but did not remove the useless return value
or the return check in wpas_p2p_stop_find(). Clean these up by removing
unreachable code and useless return value.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>

tests: WPS PBC triggered based on hostapd event

Signed-off-by: Jouni Malinen <j@w1.fi>

Include ieee802_11_common.c in wpa_supplicant build unconditionally

This is needed for number of items and it was possible to make a build
configuration that did not include ieee802_11_common.c while still
trying to use functions from there. While it would be possible to add
NEED_80211_COMMON=y to all the cases where this file is needed, the
extra complexity from this is not really justifiable anymore, so include
the file unconditionally.

Signed-off-by: Jouni Malinen <j@w1.fi>

Fix CONFIG_NO_SCAN_PROCESSING=y build

ht_supported() was used but not defined in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>

Fix build without IEEE8021X_EAPOL

The MACsec addition placed one of the calls outside the #ifdef
IEEE802X_EAPOL block while the variable needed for this was defined only
within the block.

Signed-off-by: Jouni Malinen <j@w1.fi>

Make wpa_ctrl_get_remote_ifname declaration conditional.

The definition of wpa_ctrl_get_remote_ifname is conditional on
CONFIG_CTRL_IFACE_UDP. This change makes the header declaration of
this function also conditional on the same define.

Signed-off-by: Toby Gray <toby.gray@realvnc.com>

Fix warning about unused parameter if CONFIG_DEBUG_FILE is not defined.

This change adds a cast to void to indicate that the path parameter is
unused when CONFIG_DEBUG_FILE is not defined. This fixes a compiler
warning about unused parameters.

Signed-off-by: Toby Gray <toby.gray@realvnc.com>

tests: Wi-Fi Display element updates and P2P-DEVICE-FOUND

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P: Add new=0/1 flag to P2P-DEVICE-FOUND events

This information can be used to determine whether the event is generated
for a new peer that was added or due to an update in the information for
an existing peer.

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P: Inform upper layer when WFD-IE field of a P2P device has changed

When WFD IE of a P2P device changes, the field is locally updated in P2P
supplicant but upper layer is not informed about this change.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>

tests: Make ap_hs20_fetch_osu more robust under heavy load

Use scan_for_bss() instead of scan() to avoid errors if the active scan
fails, e.g., due to heavy load under parallel-vm.sh test run.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: OpenSSL cipherlist configuration

Signed-off-by: Jouni Malinen <j@w1.fi>

wpa_supplicant: Allow OpenSSL cipherlist string to be configured

The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.

Signed-off-by: Jouni Malinen <j@w1.fi>

hostapd: Allow OpenSSL cipherlist string to be configured

The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled when hostapd is used as an EAP
server with OpenSSL as the TLS library.

Signed-off-by: Jouni Malinen <j@w1.fi>

OpenSSL: Add a mechanism to configure cipher suites

This extends the TLS wrapper code to allow OpenSSL cipherlist string to
be configured. In addition, the default value is now set to
DEFAULT:!EXP:!LOW to ensure cipher suites with low and export encryption
algoriths (40-64 bit keys) do not get enabled in default configuration
regardless of how OpenSSL build was configured.

Signed-off-by: Jouni Malinen <j@w1.fi>

eapol_test: Check inet_aton() result

This makes code more consistent (CID 72676).

Signed-off-by: Jouni Malinen <j@w1.fi>

DFS: Check os_get_random() result

This use does not really need a strong random number, so fall back to
os_random() if a theoretical error case occurs. (CID 72682)

Signed-off-by: Jouni Malinen <j@w1.fi>

AP: Check os_get_random() return value more consistently

While this specific case does not really care what value is used, the
the theoretical error case can be handled more consistently. (CID 72684)

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-MSCHAPv2 server: Check ms_funcs results more consistently

This makes the code more consistent by checking the somewhat theoretical
error cases more consistently (CID 72685).

Signed-off-by: Jouni Malinen <j@w1.fi>

Report sendto() failures for hostapd ctrl_iface

This makes issues with control interface operations more easily
debuggable (CID 72681, CID 72686).

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-IKEv2: Fix the payload parser

The payload lengths were not properly verified and the first check on
there being enough buffer for the header was practically ignored. The
second check for the full payload would catch length issues, but this is
only after the potential read beyond the buffer. (CID 72687)

Signed-off-by: Jouni Malinen <j@w1.fi>

WPS UPnP: Check os_get_random() result more consistently

While the value here would not matter much, make the implementation more
consistent (CID 72692).

Signed-off-by: Jouni Malinen <j@w1.fi>

TLS client: Make DH parameter parsing easier for static analyzers

The dh_p_len, dh_g_len, and dh_ys_len parameters were validated against
the received message structure, but that did not seem to be done in a
way that some static analyzers would understand this (CID 72699).

Signed-off-by: Jouni Malinen <j@w1.fi>

WPS UPnP: Check os_get_random() result

This makes the implementation more consistent (CID 72705).

Signed-off-by: Jouni Malinen <j@w1.fi>

MACsec: Check os_get_random() return value

This makes the MACsec implementation more consistent with rest of
wpa_supplicant. (CID 72677, CID 72695, CID 72701, CID 72709, CID 72711)

Signed-off-by: Jouni Malinen <j@w1.fi>

nl80211: Be more consistent with linux_set_iface_flags() result

Check the return value and write a debug message if this operation
failes (CID 74146).

Signed-off-by: Jouni Malinen <j@w1.fi>

WFD: Use cleaner bounds checking for sub-element length field

Mark the variable as unsigned and make the length check use "len > end -
pos" version to makes this easier to understand for static analyzers
(CID 74155).

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P NFC: Make code easier for static analyzers

len + pos > end comparison here did verify that the length field had a
valid value, but that did not seem to enough to avoid TAINTED_SCALAR
warning. Re-order that validation step to be equivalent "len > end -
pos" to remove these false positives (CID 68116).

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-PAX server: Remove unused assignment

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-SIM DB: Remove unused assignment

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-FAST server: Remove unused assignment

Commit e8c08c9a363340c45baf8e13c758c99078bc0d8b ('EAP-FAST server: Fix
potential read-after-buffer (by one byte)') changed the while loop
design in a way that does not require the pos variable to be updated
anymore. Remove that unneeded code to clean up static analyzer warnings
about unused assignments.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-FAST server: Remove unused write

next_type is not used in case m->check() results in ignoring the packet.

Signed-off-by: Jouni Malinen <j@w1.fi>

RADIUS: Remove unused write

There is no need to update the left variable when breaking out from the
loop.

Signed-off-by: Jouni Malinen <j@w1.fi>

IAPP: Avoid warnings on unused write

The hlen and len variables are identical here, but only the hlen was
used in the end. Change this to use the len variable to avoid
unnecessary static analyzer warnings about unused writes.

Signed-off-by: Jouni Malinen <j@w1.fi>

test: Remove driver_test.c

The driver_test.c driver wrapper (-Dtest in wpa_supplicant and
driver=test in hostapd) was previously used for testing without real
Wi-Fi hardware. mac80211_hwsim-based tests have practically replaced all
these needs and there has been no improvements or use for driver_test.c
in a long while. Because of this, there has not really been any effort
to maintain this older test tool and no justification to change this
either. Remove the obsoleted test mechanism to clean up the repository.

Signed-off-by: Jouni Malinen <j@w1.fi>

Simplify memory allocation/freeing for static analyzers

It looks like the use of sm->wpa == WPA_VERSION_WPA2 in two locations
within the function was a bit too much for clang static analyzer to
understand. Use a separate variable for storing the allocated memory so
that it can be freed unconditionally. The kde variable can point to
either stack memory or temporary allocation, but that is now const
pointer to make the design clearer.

Signed-off-by: Jouni Malinen <j@w1.fi>

Add a workaround to clanc static analyzer warning

dl_list_del() followed by dl_list_add() seemed to confuse clang static
analyzer somehow, so explicitly check for the prev pointer to be
non-NULL to avoid an incorrect warning.

Signed-off-by: Jouni Malinen <j@w1.fi>

WPS UPnP: Make dl_list_first() use easier for static analyzer

The preceding dl_list_len() check guarantees that dl_list_first()
returns an entry and not NULL. However, that seems to be a bit too
difficult path to follow for static analyzers, so add an explicit check
for the dl_list_first() return value to be non-NULL to avoid warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>

Set WoWLAN triggers only if driver capabilities are known

Previously, wpas_set_wowlan_triggers() could have been called in
uninitialized wpa_driver_capa data if the driver interface did not
support reporting of capabilities. While this would not really happen
with a driver wrapper that implements set_wowlan() and as such, would
not cause any difference in practice, it is better to clean this up to
make the code path easier to understand for static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P: Clean up coding style and indentation level

The multi-line for loop body and incorrect indentation level on the
return statement looked pretty confusing.

Signed-off-by: Jouni Malinen <j@w1.fi>

nl80211: Provide subtype and reason code for AP SME drivers

This allows drivers that implement AP SME internally to generate a
Deauthentication or Disassociation frame with the specified reason code.
This was already done with drivers that use hostapd/wpa_supplicant for
AP SME.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P group formation with WSC_Done missing

This verifies that GO is able to complete group formation even if the
P2P Client does not send WSC_Done message (or that message is dropped
for any reason) in case the P2P Client completes 4-way handshake
successfully.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: 4-way exchange using external EAPOL I/O

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Add external EAPOL transmission option for testing purposes

The new ext_eapol_frame_io parameter can be used to configure hostapd
and wpa_supplicant to use control interface for receiving and
transmitting EAPOL frames. This makes it easier to implement automated
test cases for protocol testing. This functionality is included only in
CONFIG_TESTING_OPTIONS=y builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Handle improper WPS termination on GO during group formation

A P2P Client may be able to connect to the GO even if the WPS
provisioning step has not terminated cleanly (e.g., P2P Client does not
send WSC_Done). Such group formation attempt missed the event
notification about started group on the GO and also did not set the
internal state corresponding to the successful group formation.

This commit addresses the missing part by completing GO side group
formation on a successful first data connection if WPS does not complete
cleanly. Also, this commit reorders the STA authorization indications to
ensure that the group formation success notification is given prior to
the first STA connection to handle such scenarios.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>