Eduardo Abinader [Tue, 25 Feb 2014 21:27:03 +0000 (17:27 -0400)]
tests: Fix trace parameter invocation
If trace-cmd command does not exist, run-tests.py could end up hanging
in a loop waiting for input. Fix this simply by checking whether the
trace-cmd command can be executed sucessfully and exiting the script if
not.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Simon Wunderlich [Mon, 10 Feb 2014 15:04:17 +0000 (16:04 +0100)]
hostapd: Process management frames only once per BSS
At least in nl80211, broadcast management frames like Probe Request
frames, may be processed multiple times per BSS if multi-BSS is active
and NL80211_CMD_FRAME event is used to deliver them. In the case of
Probe Request frames, hostapd will create multiple redundant Probe
Response frames which are problematic when many BSS are on one channel.
This problem is caused by driver_nl80211 generating an event for
wpa_supplicant_event() for each BSS, and hostapd_mgmt_rx() calls
ieee802_11_mgmt() for each BSS, too.
Fix this by processing broadcast events only for the BSS the driver
intended to. The behavior is not changed for drivers not setting a BSS.
Signed-hostap: Simon Wunderlich <simon@open-mesh.com>
Simon Wunderlich [Thu, 6 Feb 2014 18:30:39 +0000 (19:30 +0100)]
hostapd: Allow to switch to usable DFS channels
If channels are "available", change to "usable" DFS channels as a
fallback, too. This requires CAC, but it is still better to do that
instead of stopping service completely.
Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
Simon Wunderlich [Thu, 6 Feb 2014 18:30:38 +0000 (19:30 +0100)]
hostapd: Allow to switch to DFS channels if available
If DFS channels are marked as "available", an AP can switch to them
immediately without performing CAC. Therefore, the channel selection
function should consider these channels even though these are radar
channels.
Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
Simon Wunderlich [Thu, 6 Feb 2014 18:30:37 +0000 (19:30 +0100)]
hostapd: Add config option chanlist for DFS channels
Different channels allow different transmission power, at least in ETSI
countries. Also, ETSI requires a "channel plan" for DFS operation, and
channels should be randomly choosen from these channels.
Add a channel list configuration option for users to add channels
hostapd may pick from.
Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
Jouni Malinen [Tue, 11 Mar 2014 15:04:33 +0000 (17:04 +0200)]
tests: Fix trace-cmd output for host case
Both the output file path and the current working directory included the
log directory and this failed if log directory was not absolute (e.g.,
when using the default logs/current in the case a VM is not used).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 11 Mar 2014 14:33:05 +0000 (16:33 +0200)]
Use internal FIPS 186-2 PRF if needed
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto
libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF
function was not implemented. This resulted in somewhat confusing error
messages since the placeholder functions were silently returning an
error. Fix this by using the internal implementation of FIP 186-2 PRF
(including internal SHA-1 implementation) with crypto libraries that do
not implement this in case EAP-SIM/AKA/AKA' is included in the build.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 11 Mar 2014 13:03:38 +0000 (15:03 +0200)]
tests: Fix reporting of skipped cipher suite tests
The return value was lost and GCMP, CCMP-256, and GCMP-256 test cases
were reporting PASS instead of SKIP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 11 Mar 2014 13:00:09 +0000 (15:00 +0200)]
Fix PTK derivation for CCMP-256 and GCMP-256
Incorrect PTK length was used in PMK-to-PTK derivation and the Michael
MIC TX/RX key swapping code was incorrectly executed for these ciphers
on supplicant side.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 11 Mar 2014 12:59:15 +0000 (14:59 +0200)]
nl80211: Add debug print of KEY_DATA and KEY_SEQ
While these were already available from elsewhere in the debug log, it
is convenient to have the values also available at the location where
the actual nl80211 command is issued.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 10 Mar 2014 09:34:31 +0000 (11:34 +0200)]
tests: HS 2.0 session information URL
Verify that session information is stored from Access-Accept and sent to
the station at the requested timeout. Verify that station processes this
notification.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 10 Mar 2014 09:16:29 +0000 (11:16 +0200)]
tests: RADIUS Class attribute
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 10 Mar 2014 09:05:48 +0000 (11:05 +0200)]
tests: RADIUS attributes in Access-Request and Accounting-Request
This verifies that hostapd can add extra RADIUS attributes using
radius_auth_req_attr and radius_acct_req_attr.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 10 Mar 2014 08:58:01 +0000 (10:58 +0200)]
tests: hostapd as P2P Device manager
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 10 Mar 2014 08:49:49 +0000 (10:49 +0200)]
tests: Set country code and use 5 GHz band
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 10 Mar 2014 08:42:41 +0000 (10:42 +0200)]
tests: hostapd adding vendor elements to Beacon/Probe Response frames
This verifies that the configuration parameter vendor_elements works
correctly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 10 Mar 2014 08:39:23 +0000 (10:39 +0200)]
tests: hostapd control interface - STATUS commands
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 10 Mar 2014 08:27:58 +0000 (10:27 +0200)]
Remove unused hostapd_wep_key_cmp()
The only user was removed five years ago in commit
fb6d3575322369f33693a52d8e57759f6856ca9d.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 9 Mar 2014 22:51:14 +0000 (00:51 +0200)]
tests: PMKSA cache and Chargeable-User-Identity
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 9 Mar 2014 22:44:26 +0000 (00:44 +0200)]
Fix error path handling on radius_accept_attr
This error path must not try to free the user entry since that entry was
already added to the BSS list and will be freed when BSS is freed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 9 Mar 2014 22:27:15 +0000 (00:27 +0200)]
tests: Displayable message in EAP Request-Identity
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 9 Mar 2014 22:18:49 +0000 (00:18 +0200)]
tests: Authenticator-initiated EAP reauthentication
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 1 Mar 2014 22:43:59 +0000 (00:43 +0200)]
TLS testing: Allow hostapd to be used as a TLS testing tool
The internal TLS server implementation and RADIUS server implementation
in hostapd can be configured to allow EAP clients to be tested to
perform TLS validation steps correctly. This functionality is not
included in the default build; CONFIG_TESTING_OPTIONS=y in
hostapd/.config can be used to enable this.
When enabled, the RADIUS server will configure special TLS test modes
based on the received User-Name attribute value in this format:
<user>@test-tls-<id>.<rest-of-realm>. For example,
anonymous@test-tls-1.example.com. When this special format is used, TLS
test modes are enabled. For other cases, the RADIUS server works
normally.
The following TLS test cases are enabled in this commit:
1 - break verify_data in the server Finished message
2 - break signed_params hash in ServerKeyExchange
3 - break Signature in ServerKeyExchange
Correctly behaving TLS client must abort connection if any of these
failures is detected and as such, shall not transmit continue the
session.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 1 Mar 2014 22:07:50 +0000 (00:07 +0200)]
RADIUS server: Allow TLS implementation add log entries
This allows the internal TLS implementation to write log entries to the
same authlog with rest of the RADIUS server and EAP server
functionality.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 28 Feb 2014 12:41:42 +0000 (14:41 +0200)]
RADIUS server: Allow EAP methods to log into SQLite DB
This extends RADIUS server logging capabilities to allow EAP server
methods to add log entries.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 28 Feb 2014 12:11:13 +0000 (14:11 +0200)]
RADIUS server: Add option for storing log information to SQLite DB
If eap_user_file is configured to point to an SQLite database, RADIUS
server code can use that database for log information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 9 Mar 2014 16:19:32 +0000 (18:19 +0200)]
TLS client: Send decrypt_error on verify_data validation error
Previously, this was silently dropped which left the connection waiting
for timeout. decrypt_error alert can be used here to avoid that.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 9 Mar 2014 15:11:58 +0000 (17:11 +0200)]
TLS: Share a helper function for verifying Signature
This same design is used in both the server and the client roles in the
internal TLS implementation. Instead of duplicated implementation, use a
helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 9 Mar 2014 14:26:27 +0000 (16:26 +0200)]
TLS: Use a helper function for calculating ServerKeyExchange hash
Instead of separate server and client side implementations, use a common
set of helper functions for calculating the ServerParams hash for
ServerKeyExchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 9 Mar 2014 13:43:50 +0000 (15:43 +0200)]
TLS: Add support for DHE-RSA cipher suites
This extends the internal TLS implementation to support DHE-RSA
cipher suites in both server and client roles.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 9 Mar 2014 09:57:05 +0000 (11:57 +0200)]
TLS server: Enable SHA256-based cipher suites
The SHA256-based RSA-AES-128/256 cipher suites were already implemented
and enabled for the internal TLS client, but they had not been enabled
for the server.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 19:25:47 +0000 (21:25 +0200)]
tests: Protocol tests for unexpected/invalid GO Neg Resp
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 22:58:46 +0000 (00:58 +0200)]
tests: Fix a typo in check_p2p_response error path
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 22:57:29 +0000 (00:57 +0200)]
tests: Simultaneous GO Neg initiation
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 22:29:07 +0000 (00:29 +0200)]
tests: RADIUS interim accounting update
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 18:23:21 +0000 (20:23 +0200)]
tests: Non-compliant reject-by-user indication in GO Neg Req
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 18:21:21 +0000 (20:21 +0200)]
wpa_supplicant: Allow external management frame processing for testing
This enables more convenient protocol testing of AP and P2P
functionality in various error cases and unexpected sequences without
having to implement each test scenario within wpa_supplicant.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX). This is
similar to the test interface that was added to hostapd previously, but
allows more control on offchannel operations and more direct integration
with the internal P2P module.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 09:49:23 +0000 (11:49 +0200)]
tests: HS 2.0 subscription remediation notification
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 09:29:35 +0000 (11:29 +0200)]
tests: VLAN tests using RADIUS tunnel attributes
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 29 Oct 2013 22:16:36 +0000 (00:16 +0200)]
tests: Add test cases for AP VLAN
These verify dynamic AP VLAN interface addition with open and WPA2-PSK
network.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 09:21:58 +0000 (11:21 +0200)]
Enable RADIUS message dumps with excessive debug verbosity
Previously, this was enabled only at msgdump verbosity level, but any
level that is more verbose than it should also be included.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 8 Mar 2014 08:54:26 +0000 (10:54 +0200)]
Revert "bridge: Track inter-BSS usage"
This reverts commit
4345fe963e7bc6461b7547766d47fd4722d72130. That
introduced number of memory leaks and since the rest of the VLAN changes
did not yet go in, it is easier to revert this for now and bring back
the changes after fixes if there is sufficient interest for them in the
future.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 7 Mar 2014 21:21:17 +0000 (23:21 +0200)]
tests: Verify HS 2.0 deauth request from RADIUS Access-Accept
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 7 Mar 2014 21:19:52 +0000 (23:19 +0200)]
Allow arbitrary RADIUS attributes to be added into Access-Accept
This extends the design already available for Access-Request packets to
the RADIUS server and Access-Accept messages. Each user entry can be
configured to add arbitrary RADIUS attributes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 7 Mar 2014 21:23:41 +0000 (23:23 +0200)]
Fix PMF protect disconnection on session timeout
Request the driver to send a Deauthentication frame before doing
any other disconnection steps on the session timeout path. This is
needed when PMF is negotiated for the association since the driver
will need to find the STA entry and the PTK for it to be able to
protect the robust Deauthentication frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 7 Mar 2014 20:37:03 +0000 (22:37 +0200)]
Fix hostapd error path regression
Commit
354c903f8e47ae0fb41fb54ecc018e61d9573506 added setting of
driver_ap_teardown on the hostapd exit path without taking into account
that this may also be called on an error path where the interface has
not been initialized. Fix the resulting NULL pointer dereference to
allow hostapd to exit cleanly in error case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Ilan Peer [Mon, 2 Sep 2013 12:41:00 +0000 (15:41 +0300)]
wpa_supplicant: Add a configuration file for the P2P_DEVICE parameters
Add an option to specify a configuration file that can be used to hold
the P2P_DEVICE configuration parameters. If this option is not used, the
P2P_DEVICE configuration parameters will be read from interface
configuration file.
Note that it is advised to use this option in some cases such as:
If a P2P_DEVICE is supported by the driver, the wpa_supplicant creates a
dedicated P2P Device interface, where the configuration file used for
the main interface is used. As a consequence, if the configuration file
includes network definition etc., the wpa_supplicant will try to perform
station specific flows on the P2P Device interface which will fail.
If a P2P_DEVICE is supported by the driver and update_config is used,
the P2P Device configuration data will override the main interface
configuration data.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Pawel Kulakowski [Thu, 6 Mar 2014 09:40:54 +0000 (10:40 +0100)]
Disable interface if ACS fails
In case of Automatic Channel Selection (ACS) failure, we do not have a
real fallback path. Interface still remains in ACS state. To reflect we
did not succeed with ACS, simply disable the interface and indicate this
to user/upper layer entity so that a suitable recovery or error
notification can be performed.
Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
Jouni Malinen [Thu, 6 Mar 2014 21:10:48 +0000 (23:10 +0200)]
tests: Verify open mode IBSS and beacon_int configuration
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 6 Mar 2014 21:09:20 +0000 (23:09 +0200)]
Configure beacon interval for IBSS command
wpa_supplicant already allowed beacon interval to be configured for AP
mode operations, but this was not passed to the driver for IBSS even
though the same parameter can used for that case. Add this for the
nl80211 driver interface to allow beacon interval to be controlled for
IBSS as well.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 6 Mar 2014 20:59:38 +0000 (22:59 +0200)]
tests: Verify open mode AP functionality
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 6 Mar 2014 20:48:37 +0000 (22:48 +0200)]
HS 2.0R2: Check for OSEN when determining whether to authorize STA
handle_assoc_cb() got this addition, but the check in
hostapd_new_assoc_sta() was not modified to be aware of the OSEN special
case for EAPOL state machines to be used for marking a STA authorized.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt Undekari [Tue, 25 Feb 2014 17:02:02 +0000 (22:32 +0530)]
Set the station to authorized on assoc event for open authentication
This was done in handle_assoc_cb() in ieee802_11.c for drivers that use
hostapd SME/MLME. However, drivers that include SME/MLME implementation
do not use that function and the STA flag needs to be set when
processing the association notification. This is needed to get the STA
entry into showing the proper authorized state and to get the
AP-STA-CONNECTED/DISCONNECTED events on the control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Bartosz Markowski [Wed, 26 Feb 2014 09:39:47 +0000 (10:39 +0100)]
hostapd: Fix vht_capab 'Maximum A-MPDU Length Exponent' handling
As per IEEE Std 802.11ac-2013, 'Maximum A-MPDU Length Exponent' field
value is in the range of 0 to 7. Previous implementation assumed EXP0 to
be the maximum length (bits 23, 24 and 25 set) what is incorrect.
This patch adds options to set it up within the 0 to 7 range.
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
Eduardo Abinader [Thu, 27 Feb 2014 15:18:36 +0000 (11:18 -0400)]
tests: Fix current log dir symbolic link
Fix updating of the current symbolic link when LOGDIR is already set.
The current symbolic link was only set, if LOGDIR has not been
previously defined. If the user had chosen to cancel the running test
iteration and run it again by running start.sh again, the current
symbolic link was not updated.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Michal Kazior [Wed, 5 Mar 2014 08:12:11 +0000 (09:12 +0100)]
ACS: Fix VHT80 segment picking
For example, the previous implementation considered [44, 48, 52, 56] to
be a valid VHT80 channel -- which it is not. This resulted in, e.g.,
failure to start CAC when channels on overlapped segments included DFS
channels.
Add a check similar to the HT40 one to prevent that. The check is
performed this way as the ACS implementation assumes the primary channel
to be the first channel in a given segment.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Janusz Dziedzic [Wed, 5 Mar 2014 08:21:20 +0000 (09:21 +0100)]
DFS: Print error in case CAC fails
Previously, we printed this message as a debug one, which was confusing
in case verbose debug messages were disabled. User could think CAC
started but never ended. Add more parameterss to DFS_EVENT_CAC_START, so
external programs can more easily check what was wrong in case of
errors.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Moshe Benji [Wed, 5 Mar 2014 12:55:29 +0000 (14:55 +0200)]
AP/GO interface teardown optimization
This commit adds an option to optimize AP teardown by leaving the
deletion of keys (including group keys) and stations to the driver.
This optimization option should be used if the driver supports stations
and keys removal when stopping an AP.
For example, the optimization option will always be used for cfg80211
drivers since cfg80211 shall always remove stations and keys when
stopping an AP (in order to support cases where the AP is disabled
without the knowledge of wpa_supplicant/hostapd).
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Rahul Jain [Wed, 26 Feb 2014 06:18:07 +0000 (11:48 +0530)]
Use P2P_IE_VENDOR_TYPE more consistently
Previously, both this and combination of OUI_WFA and P2P_OUI_TYPE were
used. Using the full 32-bit value as a single operation saves a bit in
code size, so start moving towards using it more consistently when
writing or finding the P2P vendor specific element.
Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
Rahul Jain [Wed, 26 Feb 2014 12:09:49 +0000 (17:39 +0530)]
WPS: Parse Registrar Configuration Methods
This new subelement was added into the WFA Vendor Extension.
Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
Jouni Malinen [Wed, 5 Mar 2014 20:37:50 +0000 (22:37 +0200)]
tests: Group formation and two peers at the same time
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 5 Mar 2014 20:23:01 +0000 (22:23 +0200)]
tests: Persistent group formation with reverse roles
This increase test coverage a bit for the Persistent group flag in GO
Negotiation Response.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 5 Mar 2014 20:14:15 +0000 (22:14 +0200)]
tests: Extended listen timing in GO Negotiation messages
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 5 Mar 2014 20:04:44 +0000 (22:04 +0200)]
tests: P2P GO Negotiation with PBC vs. PIN
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 5 Mar 2014 15:19:58 +0000 (17:19 +0200)]
nl80211: Extend the new vendor command for testing nl80211
CONFIG_TESTING_OPTIONS=y build of wpa_supplicant now allows arbitrary
cfg80211 commands to be performed through the new VENDOR ctrl_iface
command by using a special vendor_id
ffffffff. The command identifier
(NL80211_CMD_*) is encoded as the subcmd and the attributes in the
hexformatted data area. Response attributes are returned as a hexdump.
For example, this shows a NL80211_CMD_FRAME and a response (cookie
attribute) on a little endian host:
wpa_cli -i wlan0 vendor
ffffffff 59
080003004d0000000800260085090000....
0c00580000d7868c0388ffff
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 4 Mar 2014 22:26:16 +0000 (00:26 +0200)]
tests: More thorough P2P GO Negotiation Request protocol checks
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 5 Mar 2014 10:36:20 +0000 (12:36 +0200)]
tests: WPS 2.0 rejection of WEP credential
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 4 Mar 2014 22:36:37 +0000 (00:36 +0200)]
tests: PD-before-GO-Neg workaround
Signed-off-by: Jouni Malinen <j@w1.fi>
Eliad Peller [Mon, 3 Mar 2014 12:53:23 +0000 (14:53 +0200)]
P2P: Do not start scan for P2P Device interfaces at driver init
wpa_supplicant started delayed sched scan also on P2P Device interfaces,
resulting in erroneous scans and connection attempts. Skip that on
driver init when the interface is dedicated only for P2P management
purposes.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
David Spinadel [Mon, 3 Mar 2014 12:53:20 +0000 (14:53 +0200)]
P2P: Do not initialize bgscan on P2P interfaces
As a P2P group has a unique SSID and one security domain, it does
not make sense to enable background scanning for roaming purposes.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Andrei Otcheretianski [Mon, 3 Mar 2014 12:53:19 +0000 (14:53 +0200)]
nl80211: Fix RTM event handling for dynamic interfaces
When an interface is disabled through rtm event, wpa_supplicant's
EVENT_INTERFACE_DISABLED is generated, which in turn, may
completely destroy wpa_driver_nl80211_data struct (drv). This
scenario happens now when P2P GO interface is disabled. Since this
struct may be used later in this function it causes segmentation fault.
Fix it by trying to find drv again in the interface list after
wpa_supplicant's event handling.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Alexander Bondar [Mon, 3 Mar 2014 12:53:18 +0000 (14:53 +0200)]
config: Add bgscan option when saving global configuration
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
David Spinadel [Mon, 3 Mar 2014 12:53:17 +0000 (14:53 +0200)]
bgscan: Do not initialize bgscan if disabled by user
Do not initialize bgscan if the user explicitly set bgscan to an empty
string. Without this patch wpa_supplicant tries to initialize bgscan to
the first option if the string is empty.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Beni Lev [Mon, 3 Mar 2014 11:09:50 +0000 (13:09 +0200)]
nl80211: Add vendor command support
Add a callback to the driver interface that allows vendor specific
commands to be sent. In addition, a control interface command is added
to expose this new interface outside wpa_supplicant:
Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]
The 3rd argument will be converted to binary data and then passed as
argument to the sub command.
This interface is driver independent, but for now, this is only
implemented for the nl80211 driver interface using the cfg80211 vendor
commands.
Signed-off-by: Beni Lev <beni.lev@intel.com>
Felix Fietkau [Fri, 28 Feb 2014 14:41:49 +0000 (15:41 +0100)]
nl80211: Fix tearing down WDS STA interfaces
wpa_driver_nl80211_if_remove() checks bss->if_added before deleting an
interface, which is 0 for the first BSS. The only part of
wpa_driver_nl80211_if_remove() that should get called for WDS STA
interfaces is the call to nl80211_remove_iface(), which can be pulled in
here directly.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Jouni Malinen [Sun, 2 Mar 2014 11:18:18 +0000 (13:18 +0200)]
tests: Add protocol tests for P2P message processing
This commit includes number of test frames for attribute parsing.
Invitation Request and Provision Discovery processing is also covered.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 20:22:29 +0000 (22:22 +0200)]
tests: P2P PD retries and timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 18:44:05 +0000 (20:44 +0200)]
tests: P2P Device management with connect command
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 09:51:38 +0000 (11:51 +0200)]
Redirect more frames with ext_mgmt_frame_handling=1
This allows Action frames from not-associated stations to be processed
by external test tools.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 15:01:32 +0000 (17:01 +0200)]
RADIUS server: Copy IPv4 address only when IPv6 is not used
The local addr variable is valid only when !ipv6, so there is no point
in copying it for the IPv6 case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 14:44:18 +0000 (16:44 +0200)]
dbus: Clean up error reporting for TDLS peer address parsing
Passing a pointer to an error reply message is not very robust since
memory allocation could fail even for that error message. Instead, use a
separate error value as the return value from get_peer_hwaddr_helper()
and return a pointer to the error message through a pointer-to-pointer
so that the error case will always be clear.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 14:23:28 +0000 (16:23 +0200)]
WPS: Remove duplicate variable setting
There is no need to use a for loop here since the h variable is
set identically at the beginning of the body anyway.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 14:19:41 +0000 (16:19 +0200)]
Remove unnecessary variable initialization
The following if statements set the new_op_mode value in all cases,
so there is no need to initialize this to 0 first. This removes a
static analyzer warning.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 14:18:38 +0000 (16:18 +0200)]
dbus: Remove duplicated variable assignment
This gets rid of a static analyzer warning.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 14:16:48 +0000 (16:16 +0200)]
Remove a static analyzer warning about unused variable write
The pos variable was not used between its first and second assignment.
Clean this up by using the pos variables instead of the buf (start of
the buffer).
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 14:14:09 +0000 (16:14 +0200)]
Do not use a separate variable for tracking first entry in a list
The pos pointer can be compared to the start of the buffer pointer to
determine whether the entry is the first one in the list. This gets rid
of some static analyzer warnings about unused variable writes.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 14:03:22 +0000 (16:03 +0200)]
WPA: Clean up cipher suite counting in write routines
There is no need to maintain a separate counter for this in addition to
the pointer to the current location. In addition, this gets rid of
warnings about unused variable write.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 13:52:10 +0000 (15:52 +0200)]
Remove unused gid_str pointer update
The group name is not used on these paths, so just remove it from the
directory name without updating gid_str to point to the unused group
name.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 13:35:11 +0000 (15:35 +0200)]
Debug print trailing WPA/RSN IE bytes, if any
This silences a never-used analyzer warning in addition to making the
debug log entry somewhat more useful.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 13:32:27 +0000 (15:32 +0200)]
OpenSSL: Avoid never-used analyzer warning
Use #ifdef blocks more cleanly to avoid unnecessary never-used
assignment of a variable.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 13:29:26 +0000 (15:29 +0200)]
Clean up hostapd add_iface error path operations
If hapd_iface->bss[i] == NULL, this could have resulted in NULL pointer
dereference in the debug print. Avoid this by skipping the message in
case of NULL pointer. In addition, clear iface->bss[i] to NULL for
additional robustness even though this array gets freed immediately.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 13:21:59 +0000 (15:21 +0200)]
WNM: Check wpa_s->current_bss more consistently
The scan result comparison routine would not make much sense without
current BSS level known, so return from the function without going
through the iteration that could have dereferenced the pointer if
wpa_s->current_bss == NULL.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 13:16:45 +0000 (15:16 +0200)]
EAP-FAST: Use clear eap_get_config() result validation
This was previously checked through the eap_peer_tls_ssl_init() call
which made it difficult for static analyzers. Add an explicit check for
config == NULL into the beginnign of eap_fast_init() since this will
always result in initialization failing anyway.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 13:12:21 +0000 (15:12 +0200)]
roboswitch: Verify that register read succeeds before comparing result
If wpa_driver_roboswitch_read() fails before such comparison, the values
that are being compared are not initialized properly and as such, there
is not much point in comparing them either.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 13:05:28 +0000 (15:05 +0200)]
DFS: Make sure center frequency is always initialized for VHT
This seemed to be fine on most code paths, but the code was complex
enough to make the analysis difficult (and a bit too much for static
analyzers). There is no harm in forcing these parameters to be
initialized, so do that to make sure they cannot be left uninitialized.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 11:57:11 +0000 (13:57 +0200)]
trace: Fix memory use on no-function name path
bfd_demangle() call could be skipped if data.function == NULL. Make sure
the already freed aname pointer cannot be used again in such a case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 11:41:05 +0000 (13:41 +0200)]
test: Use more consistent NULL checking for associate ssid parameter
This was checked once against NULL, but not on the following uses.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 2 Mar 2014 11:37:11 +0000 (13:37 +0200)]
Make code path easier for static analyzers
record->type == NULL case was handled through the record->type_length
comparison. While this was correct, it is a bit difficult for static
analyzers to understand, so add an extra check for NULL to avoid false
reports on this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 1 Mar 2014 20:26:20 +0000 (22:26 +0200)]
tests: Verify offchannel TX using remain-on-channel
This is the older design that some drivers may still use if they do not
support offloaded offchannel TX operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 1 Mar 2014 20:24:55 +0000 (22:24 +0200)]
nl80211: Allow old r-o-c offchannel TX to be tested
no_offchannel_tx=1 driver parameter can now be used to force the older
remain-on-channel -based offchannel TX design to be used with
mac80211_hwsim. This can be used to increase test coverage with the
hwsim test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>