www.project-moonshot.org Git - mech

P2P: Stop offchannel TX wait on P2P_STOP_FIND/P2P_LISTEN

Previously it was possible for the pending Action frame TX to be
cleared, but the offchannel TX operation being left in wait state in the
kernel. This would delay start of the next operation (e.g., that listen
operation requested by P2P_LISTEN) until the wait time for the
previously pending Action frame had expired.

Optimize this by explicitly stopping any pending offchannel Action frame
TX when clearing the internal offchannel TX state in
wpas_p2p_clear_pending_action_tx().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Revert "tests: vm: Output everything on console"

This reverts commit be9fe3d8aff394ea6868f1a2347e8c12609b086e. While I
did manage to complete multiple test runs without failures, it looks
like this change increases full test run duration by about 30 seconds
when using seven VMs. The most visible reason for that seems to be in
"breaking" active scanning quite frequently with the Probe Response
frame coming out about 40 ms (or more) after the Probe Request frame
which is long enough for the station to already have left the channel.

Since this logging change is not critical, it is simplest to revert it
for now rather than make changes to huge number of test cases to allow
more scan attempts to be performed before timing out.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Increase connection timeout for number of EAP test cases

The previously used 10 second timeout allowed only two scan attempts
(five seconds between scans) and it was possible to hit a failure every
now and then when running under heavy load and the Probe Response frame
got delayed by 40 ms or so twice in a row. Add more time for one more
scan attempt to reduce the likelihood of this happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Make scan test cases more robust by allowing retries

These test caases depended on a single active scan round finding the AP.
It is possible for the Probe Response frame to get delayed sufficiently
to miss the response especially when testing under heavy load with
multiple parallel VMs. Allow couple of scan retries to avoid reporting
failures from these test cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Make P2PS join-a-group cases more robust

Use the group SSID (if known) when requesting a join operation. This
makes some of the P2PS test cases more robust in cases where previously
executed tests have added older groups into the cached scan results with
the same MAC addresses and an incorrect BSS could have been picked
previously.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Add an option to specify group SSID in P2P_CONNECT join case

The new optional ssid=<hexdump> argument to P2P_CONNECT can be used to
make P2P Client operations during join-an-existing-group more robust by
filtering out scan results based on the SSID in addition to the P2P
Device/Interface Address. This can help if the same MAC address has been
used in multiple groups recently and the cached scan results may still
include an older BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Provide group SSID, if specified, to P2P Client join step

At least one of the wpas_p2p_connect() callers (NFC join case) already
had access to the Group SSID. Pass that information through
wpas_p2p_connect() to wpas_p2p_join() so that the join operation can
filter out incorrect groups more easily.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Do not accept any GO BSS entry if SSID is specified for join

Accept only a BSS entry matching the SSID when trying to find the
operating channel of a GO during join operation for which the SSID was
already specified. Previously, it could have been possible to pick an
incorrect BSS entry if the new GO was not found in the latest scan and
there was an older cached scan entry for the same BSSID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Use join SSID in the skip-PD cases

It was already possible to limit join operation to accept only a
specific SSID. However, this constraint was not used when starting a P2P
Client interface as a WPS Enrollee without going through a Provision
Discovery exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Do not accept any BSS entry for join if SSID is already known

Use wpa_bss_get() with the specific Group SSID instead of
wpa_bss_get_bssid_latest() if the SSID is already known. This makes the
P2P join operations more robust in case the frequency of the group was
not yet known and the same P2P Interface Address may have been used in
multiple group instances with an older group entry still present in the
cached scan results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Use group SSID, if known, for join operation even if no BSS entry

This allows the cases where a specific group SSID is known to filter out
groups on the P2P Client even if the specific BSS entry for the target
group is not yet available.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2PS: Add group SSID, if known, to the P2PS-PROV-DONE event

The new optional group_ssid=<hexdump> argument in the P2PS-PROV-DONE
event can be used to help in identifying the exact group if there have
been multiple groups with the same P2P Interface Address in short period
of time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Dump control interface sockets during FST operations

This makes it less likely to hit issues with running out of control
interface TX queue when running multiple FST test in a row. Number of
the FST operation sequences seemed to leave quite a few event messages
pending in one of the attached control interface sockets for wlan5 which
could result in test failure if the buffer space ran out and some of the
wpa_supplicant events were not delivered.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Use logger.info() instead of print in FST test cases

It is better to get these messages into the actual debug log instead of
hoping they will be noticed from stdout.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Clean up at the end of connect_cmd_disconnect_event

This test case used to leave the dynamically added wlan5 interface in a
state where it was still trying to reconnect to a network. This could
result in the following test cases being unable to clear the cfg80211
scan cache. Avoid this type of issues by explicitly stopping the
connection attempt and making sure that there are no scan results in the
cache at the end of connect_cmd_disconnect_event.

The following test case sequence triggered a failure due to the
remaining BSS table entry:
connect_cmd_disconnect_event connect_cmd_wep ap_hs20_random_mac_addr

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

FST: Fix handling of Rx FST Setup Request when session already exists

When we receive FST Setup Request when session already exists, the
following validations take place:
1. we drop the frame if needed according to MAC comparison
2. we drop the frame if the session is "not pending", i.e., if FST
   Setup Response was already exchanged (sent or received).

There are two issues with the above:
1. MAC comparison is relevant only before the Setup Response exchange.
   In other words, Setup Request should not be dropped due to MAC
   comparison after Setup Response has been exchanged.
2. Receiving Setup Request after Setup Response exchange most likely
   means that FST state machine is out of sync with the peer. Dropping
   the Setup Request will not help solve this situation.

The fix is:
1. do MAC comparison only if session is "pending", i.e., Setup Response
   was not yet exchanged.
2. In case Setup Response was already exchanged, reset our session and
   handle the Setup Request as if it arrived when session doesn't exist.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

TLS: Make tls_cert_chain_failure_event() more robust

Explicitly check for the failure event to include a certificate before
trying to build the event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

TLS: Remove storing of never-read value

While this could in theory be claimed to be ready for something to be
added to read a field following the server_write_IV, it does not look
likely that such a use case would show up. As such, just remove the
unused incrementing of pos at the end of the function to get rid of a
useless static analyzer complaint.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Remove unnecessary cleanup assignment in SHA1Final()

This makes some static analyzers complain about stored value never being
read. While it is good to clear some other temporary variables, this
local variable i has no security private information (it has a fixed
value of 20 here) and trying to clear it to 0 does not add any value.
Remove that part of the "wipe variables" to avoid one useless static
analyzer complaint.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Clear ignore_old_scan_res explicitly in test cases where it is used

This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Clear p2p_pref_chan explicitly in test cases where it is used

This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Clear p2p_go_intent explicitly in test cases where it is used

This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Clear p2p_add_cli_chan explicitly in test cases where it is used

This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Clear p2p_no_go_freq explicitly in test cases where it is used

This parameter is used only in couple of test cases and there is no need
to maintain the code to reset it in WpaSupplicant::reset().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

nl80211: Don't call linux_iface_up() for a dedicated P2P Device

As a dedicated P2P Device interface does not have a network
interface associated with it, trying to call linux_iface_up()
on it would always fail so this call can be skipped for
such an interface.

Getting interface nlmode can be done only after bss->wdev_id is
set, so move this call to wpa_driver_nl80211_finish_drv_init(),
and do it only in case the nlmode != NL80211_IFTYPE_P2P_DEVICE.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

mesh: Document Mesh Peering Management element structure in more detail

Provide details on the pointers to the subfields and rename "pmk" to
"chosen_pmk" and use SAE_PMKID_LEN macro with it to make the code more
readable.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

mesh: Check PMKID in AMPE Action frames

From IEEE Std 802.11-2012 13.3.5:

   If the incoming Mesh Peering Management frame is for AMPE and the
   Chosen PMK from the received frame contains a PMKID that does not
   identify a valid mesh PMKSA, the frame shall be silently discarded.

We were not checking the PMKID previously, and we also weren't parsing
it correctly, so fix both.

Signed-off-by: Bob Copeland <me@bobcopeland.com>

mesh: Fix PMKID to match the standard

IEEE Std 802.11-2012 11.3.5.4 specifies the PMKID for SAE-derived keys
as:

L((commit-scalar + peer-commit-scalar) mod r, 0, 128)

This is already calculated in the SAE code when the PMK is derived, but
not saved anywhere. Later, when generating the PMKID for plink action
frames, the definition for PMKID from 11.6.1.3 is incorrectly used.
Correct this by saving the PMKID when the key is generated and use it
subsequently.

Signed-off-by: Bob Copeland <me@bobcopeland.com>

wpa_supplicant: Do not wait for monitor on P2P Device interface

External programs are not aware of the creation of a
dedicated P2P Device interface, so it does not make sense
to wait for a monitor to connect on such an interface.

Fix this by not waiting on a dedicated P2P Device interface
for monitor to attach.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

Do not wait for monitor to attach if no control interface

In case an interface has started without a control interface
initialized, skip waiting for monitor to attach at the start of
wpa_supplicant (-W).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

Clone default LIBS value to LIBS_* for other tools

If LIBS is set with some global build system defaults, clone those for
LIBS_c, LIBS_h, LIBS_n, and LIBS_p to cover wpa_cli, wpa_passphrase,
hostapd_cli, hlr_auc_gw, and nt_password_hash as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Make ap_wps_probe_req_ie_oom more robust

It was possible to hit a race condition between WPS_CANCEL and
immediately following WPS_PIN command. Wait for a disconnection event to
avoid that. This was seen with the following test case sequence:
ap_wpa2_psk_supp_proto_wrong_group_key_len ap_wps_probe_req_ie_oom

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: wpa_supplicant AP mode with ACS

Signed-off-by: Jouni Malinen <j@w1.fi>

Add "GET_CAPABILITY acs" to allow ACS build option to be detected

This allows upper layer software to check whether wpa_supplicant can use
ACS for AP mode.

Signed-off-by: Jouni Malinen <j@w1.fi>

wpa_supplicant: Enable Automatic Channel Selection support for AP mode

Since hostapd supports ACS now, let's enable its support in
wpa_supplicant as well when starting AP mode.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
[u.oelmann@pengutronix.de: adjusted added text in defconfig]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>

Handle survey event properly in wpa_supplicant

Let's reuse hostapd code for such handling. This will be useful to get
ACS support into wpa_supplicant where this one needs to handle the
survey event so it fills in the result ACS subsystem will require.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>

tests: vm: Output everything on console

When running tests, make printk put all messages, including debug
messages, onto the serial console to go into the console file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

EAP-TNC peer: Remove dead code related to fragmentation

The data->state == WAIT_FRAG_ACK case is already handling all cases
where data->out_buf could be non-NULL, so this additional check after
the WAIT_FRAG_ACK steps cannot be reached. Remove the duplicated dead
code.

Signed-off-by: Jouni Malinen <j@w1.fi>

P2PS: Remove dead code

Commit f8a80e39b33212992f88ce2e638193f81664230a ('P2PS: Change
connection capability handling') added the identical P2PS_SETUP_CLIENT
check into two places within p2ps_group_capability(). However, only the
first one of these can be reached. In the second case, role can only
have values 0 or P2PS_SETUP_NEW and as such, the P2PS_SETUP_CLIENT case
is not possible. It looks like the first part of the commit is
sufficient, so remove the dead code added by the second part.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-TNC protocol tests

Signed-off-by: Jouni Malinen <j@w1.fi>

TNC: Print received IF-TNCCS message as debug ASCII hexdump

This makes it easier to see what TNCC is processing.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-TNC peer: Allow fragment_size to be configured

Previously, a fixed 1300 fragment_size was hardcoded. Now the EAP
profile parameter fragment_size can be used to override this.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Move P2P-REMOVE-AND-REFORM-GROUP cases more robust

Wait for the AP-DISABLED and AP-ENABLED group events before reading the
current group operation frequency after P2P-REMOVE-AND-REFORM-GROUP.
This reduces a possibility of a race condition making a test case fail
with the returned frequency being 0 when reading this before the
reformed group is fully up. This may help avoid false error reports for
the following test cases: p2p_go_move_reg_change p2p_go_move_scm
p2p_go_move_scm_peer_supports p2p_go_move_scm_multi.

Signed-off-by: Jouni Malinen <j@w1.fi>

RADIUS: Add EACCES to list of recognized send() errno values

This allows RADIUS failover to be performed if send() return EACCES
error which is what happens after a recent Linux kernel commit
0315e382704817b279e5693dca8ab9d89aa20b3f ('net: Fix behaviour of
unreachable, blackhole and prohibit') for a local sender when route type
is prohibit.

This fixes the hwsim test case radius_failover when running against a
kernel build that includes that commit.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: RADIUS Accounting and non-ASCII SSID

This shows an example of Called-Station-Id in Access-Request and
Accounting-Request with non-ASCII characters.

Signed-off-by: Jouni Malinen <j@w1.fi>

Fix RADIUS Called-Station-Id to not escape SSID

Commit 986de33d5c3e11dd08a26ed65eacede8b75aa339 ('Convert remaining SSID
routines from char* to u8*') started using wpa_ssid_txt() to print out
the SSID for the Called-Station-Id attribute in RADIUS messages. This
was further modified by commit 6bc1f95613cc2bedd8849564d30419bff82ed074
('Use printf escaping in SSID-to-printable-string conversion') to use
printf escaping (though, even without this, wpa_ssid_txt() would have
masked characters).

This is not desired for Called-Station-Id attribute. While it is defined
as a "String", RFC 2865 indicates that "a robust implementation SHOULD
support the field as undistinguished octets.".

Copy the SSID as an array of arbitrary octets into Called-Station-Id to
avoid any kind of masking or escaping behavior. This goes a step further
from the initial implementation by allowing even the possible (but
unlikely in practical use cases) 0x00 octet in the middle of an SSID.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-TLS with intermediate CAs and OCSP multi

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

TLS client: Multi-OCSP check to cover intermediate CAs

This extends multi-OCSP support to verify status for intermediate CAs in
the server certificate chain.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Add ocsp=3 configuration parameter for multi-OCSP

ocsp=3 extends ocsp=2 by require all not-trusted certificates in the
server certificate chain to receive a good OCSP status. This requires
support for ocsp_multi (RFC 6961). This commit is only adding the
configuration value, but all the currently included TLS library wrappers
are rejecting this as unsupported for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

TLS: Move variable declaration to the beginning of the block

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Minimal testing of OCSP stapling with ocsp_multi

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

TLS client: OCSP stapling with ocsp_multi option (RFC 6961)

This adds a minimal support for using status_request_v2 extension and
ocsp_multi format (OCSPResponseList instead of OCSPResponse) for
CertificateStatus. This commit does not yet extend use of OCSP stapling
to validate the intermediate CA certificates.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

TLS server: OCSP stapling with ocsp_multi option (RFC 6961)

This allows hostapd with the internal TLS server implementation to
support the extended OCSP stapling mechanism with multiple responses
(ocsp_stapling_response_multi).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Server configuration for OCSP stapling with ocsp_multi (RFC 6961)

This adds a new hostapd configuration parameter
ocsp_stapling_response_multi that can be used similarly to the existing
ocsp_stapling_response, but for the purpose of providing multiple cached
OCSP responses. This commit adds only the configuration parameter, but
does not yet add support for this mechanism with any of the supported
TLS implementations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

TLS server: OCSP stapling

This adds support for hostapd-as-authentication-server to be build with
the internal TLS implementation and OCSP stapling server side support.
This is more or less identical to the design used with OpenSSL, i.e.,
the cached response is read from the ocsp_stapling_response=<file> and
sent as a response if the client requests it during the TLS handshake.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Add dh_file parameter for integrated EAP server

This is needed for number of EAP test cases at least when using the
internal TLS server implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

GnuTLS: OCSP stapling on the server side

This adds support for hostapd-as-authentication-server to be build
against GnuTLS with OCSP stapling server side support. This is more or
less identical to the design used with OpenSSL, i.e., the cached
response is read from the ocsp_stapling_response=<file> and sent as a
response if the client requests it during the TLS handshake.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Use wpa_msg() for the "RSN: PMKID mismatch" message

This message is sent at MSG_INFO level and it is supposed to go out even
even debug messages were to be removed from the build. As such, use
wpa_msg() instead of wpa_dbg() for it.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

EAP-EKE: Merge identical error return paths

There is no need to maintain multiple copies of the same error return
path.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-EKE: Reject too long Prot() data when building a frame

This error case in own buffer lengths being too short was not handled
properly. While this should not really happen since the wpabuf
allocation is made large for the fixed cases that are currently
supported, better make eap_eke_prot() safer if this functionally ever
gets extended with a longer buffer need.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: WPA2-Enterprise connection using EAP-EKE (many connections)

This tries to make it more likely to hit the special case of pub_len <
prime_len for additional code coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP protocol tests with expanded header

Signed-off-by: Jouni Malinen <j@w1.fi>

Document previously missing key_mgmt values

Number of key_mgmt options were missing from the documentation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Add AP Location Public Identifier into gas_anqp_extra_elements

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: GAS fragmentation and comeback delay

Signed-off-by: Jouni Malinen <j@w1.fi>

GAS: Do not cancel initial offchannel wait with comeback delay 1

The minimum comeback delay 1 is used to indicate that fragmentation is
needed instead of indicating that the response is going to be available
only after some time. Do not cancel offchannel wait for this case
between the initial and comeback exchanges to avoid delaying the full
operation unnecessarily.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: GAS fragmentation with mac80211_hwsim MCC enabled

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Update gas_anqp_oom_hapd to match new implementation

Since wpa_supplicant is now retrying GAS comeback failures once, the
gas_anqp_oom_hapd test case started failing. Fix this by updating the
test case to expect success (on the retry).

Signed-off-by: Jouni Malinen <j@w1.fi>

GAS: Retry full GAS query if comeback response is not received

It is possible for a comeback response to get lost especially when going
through a large GAS exchange fragmented to multiple frames in an
environment with interference or other traffic. Make this less likely to
fail the full exchange by trying full GAS query again and using longer
wait time on the GAS comeback exchanges.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Modify gas_malformed_comeback_resp to allow GAS retries

This is in preparation of a wpa_supplicant change to allow GAS retries
which can result in the previous test case design showing failures due
to "unexpected" management frames (GAS Initial Request from the retry).

Signed-off-by: Jouni Malinen <j@w1.fi>

GAS server: Replenish temporary STA entry timeout on comeback request

Previously, the five second timeout was added at the beginning of the
full GAS query and it was not replenished during fragmented exchanges.
This could result in timing out a query if it takes significant time to
go through the possibly multiple fragments and long comeback delay.

Signed-off-by: Jouni Malinen <j@w1.fi>

GAS: Shorten the duration of the wait for GAS comeback response

When exchanging GAS frames with the AP, the initial response from the AP
may take a while to come, since the AP may need to fetch the info from a
server. The next fragments/comeback response frames should take much
less time since the AP already has all of the info, so the wait time
for these frames can be reduced.

In addition, some drivers, e.g., mac80211, try to combine ROC based flows,
to improve medium utilization. For example, if the requested ROC fits
entirely in a previous requested ROC they can be combined. Thus, reducing
the wait time for the next frames can improve medium utilization.

Shorten the duration of GAS comeback to improve medium utilization and
overall GAS exchange times.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>

GAS: Clear offchannel_tx_started when ending remain-on-channel

Commit 2c0d0ae370f72fbe6248feed7ea0635303e3dc5a ('GAS: End
remain-on-channel due to delayed GAS comeback request') started ending
the remain-on-channel operation between the initial request and the
following comeback request. However, it did not check or update the
offchannel_tx_started variable. While this alone would not necessarily
be problematic, this makes it more difficult to optimize wait time for
offchannel TX operations, so make sure the internal tracking variable
gets updated.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-PEAP phase1 TLS flags

This adds some more test coverage for phase1 parameters that had not
previously been included in any of the test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-TTLS with unsupported Phase 2 EAP method in configuration

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-TTLS/PEAP/FAST: Reject unsupported Phase 2 method in configuration

Instead of using default list of methods, reject a configuration with an
unsupported EAP method at the time the main TLS method is being
initialized.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-TLS: Merge common error paths

There is no need to keep these identical error paths separate.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-TLS and TLS Message Length in unfragmented packets

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-TLS and config blob missing

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Speed up TNC test cases with the use of a single channel scan

There is no need for these test cases to run a full scan.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: TNC PEAP-SoH local error cases

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-PEAP peer: Fix a memory leak on an error path

If memory allocation for adding SoH response fails, the SoH response was
not freed properly on the error path.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: TNC TTLS local error cases

Signed-off-by: Jouni Malinen <j@w1.fi>

Drop any pending EAPOL RX frame when starting a new connection

Such a pending frame cannot be valid anymore, so drop it instead of
risking of using an unexpected EAPOL frame after association if a
previous association received one at the end and the new association can
happen within 100 ms.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Fix scan result clearing in ssid_hidden*

These test cases were supposed to clear the cfg80211 and wpa_supplicant
scan caches in the end to avoid causing issues to the following test
cases. This did not work properly after introduction of the support for
aborting a pending scan. Fix this by using the flush_scan_cache()
function and waiting within the test case until the final scan operation
completes.

This issue was triggered by ssid_hidden/ssid_hidden2 followed by
ext_password_interworking (though, not every time).

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-TTLS/MSCHAP with password hash

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-TTLS local error cases

Signed-off-by: Jouni Malinen <j@w1.fi>

WPA: Explicitly clear the buffer used for decrypting Key Data

When AES-WRAP was used to protect the EAPOL-Key Key Data field, this was
decrypted using a temporary heap buffer with aes_unwrap(). That buffer
was not explicitly cleared, so it was possible for the group keys to
remain in memory unnecessarily until the allocated area was reused.
Clean this up by clearing the temporary allocation explicitly before
freeing it.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-PEAP local error cases

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-PEAP version forcing

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-PEAP peer: Check SHA1 result when deriving Compond_MAC

This handles a mostly theoretical case where hmac_sha1_vector() might
fail for some reason.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-PEAP session resumption with crypto binding

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-PEAP server: Add support for fast-connect crypto binding

IPMK and CMK are derived from TK when using TLS session resumption with
PEAPv0 crypto binding. The EAP-PEAP peer implementation already
supported this, but the server side did not.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-PEAP with peap_outer_success=0

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-PEAP peer: Remove unused return value and error path

eap_peap_parse_phase1() returned 0 unconditionally, so there was no need
for that return value or the code path that tried to address the error
case.

Signed-off-by: Jouni Malinen <j@w1.fi>

HS 2.0: Remove duplicate icon entries

Only one of the icon entries with a matching BSSID and file name can be
fetched from wpa_supplicant and as such, there is no need to maintain
the old data if it was not explicitly deleted before running a new fetch
for the same BSSID and icon. Remove older duplicated entries whenever
completing a pending icon fetch to optimize memory use.

Signed-off-by: Jouni Malinen <j@w1.fi>

HS 2.0: Convert icon storage to use dl_list

This simplifies the list operations quite a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: REQ_HS20_ICON and DEL_HS20_ICON

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

HS 2.0: Add a command to retrieve icon with in-memory storage

This adds a new command based Hotspot 2.0 icon retrieval option.

In short, here is the new command sequence:
1. REQ_HS20_ICON <bssid> <file-name>
2. event: RX-HS20-ICON <bssid> <file-name> <size>
3. GET_HS20_ICON <bssid> <file-name> <offset> <size>
(if needed, repeat with larger offset values until full icon is
fetched)
5. DEL_HS20_ICON <bssid> <file-name>

REQ_HS20_ICON is a new command that is analogous to HS20_ICON_REQUEST
with the slight difference that an entry to store the icon in memory is
prepared. The RX-HS20-ICON event has been augmented with BSSID,
file-name and size, and GET_HS20_ICON is used to retrieve a chunk of up
to <size> bytes of icon data at offset <offset>. Each chunk is returned
as a base64 encoded fragment, preceded by "HS20-ICON-DATA", BSSID, and
file-name as well as the starting offset of the data.

If there is no entry prepared for the icon when the ANQP result comes
back, hs20_process_icon_binary_file falls back to legacy behavior.

Finally the DEL_HS20_ICON command deletes (all) icons associated with
BSSID and file-name (there could be several if retries are used and they
have different dialog tokens).

Signed-off-by: Jan Nordqvist <jannq@google.com>

tests: Add rfkill tests for P2P Device operations

Add a couple of tests for rfkill with P2P Device operations
(with and without P2P Device interface).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>