Paul Stewart [Fri, 10 Jun 2016 15:29:55 +0000 (08:29 -0700)]
nl80211: Fix use-after-free in qca_nl80211_get_features()
Any data accessible from nla_data() is freed before the
send_and_recv_msgs() function returns, therefore we need to allocate
space for info.flags ourselves.
Signed-off-by: Paul Stewart <pstew@google.com>
Jouni Malinen [Fri, 10 Jun 2016 18:17:34 +0000 (21:17 +0300)]
tests: GAS/ANQP query and Address 3 value selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 10 Jun 2016 18:43:25 +0000 (21:43 +0300)]
hostapd Make GAS Address3 field selection behavior configurable
gas_address3=1 can now be used to force hostapd to use the IEEE 802.11
standards compliant Address 3 field value (Wildcard BSSID when not
associated) even if the GAS request uses non-compliant address (AP
BSSID).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 10 Jun 2016 18:35:11 +0000 (21:35 +0300)]
hostapd: Fix Public Action frame TX status processing for wildcard BSSID
Previously all TX status events with wildcard BSSID were ignored. This
did not allow Public Action frame TX status to be processed with the
corrected wildcard BSSID use. Fix this to be allowed. In practice, this
affects only test cases since Action frame TX status was not used for
anything else.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 10 Jun 2016 18:30:03 +0000 (21:30 +0300)]
hostapd: Fix Public Action frame addressing (BSSID field)
IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies
that the wildcard BSSID value is used in Public Action frames that are
transmitted to a STA that is not a member of the same BSS. hostapd used
to use the actual BSSID value for all such frames regardless of whether
the destination STA is a member of the BSS.
Fix this by using the wildcard BSSID in cases the destination STA is not
a member of the BSS. Leave group addressed case as-is (i.e., the actual
BSSID), since both values are accepted. No such frames are currently
used, though.
This version is still using the AP BSSID value in the Address 3 field
for GAS response frames when replying to a GAS request with AP BSSID
instead of Wildcard BSSID. This is left as a workaround to avoid
interoperability issues with deployed STA implementations that are still
using the non-compliant address and that might be unable to process the
standard compliant case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 10 Jun 2016 17:58:23 +0000 (20:58 +0300)]
wpa_supplicant: Make GAS Address3 field selection behavior configurable
IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies
that the wildcard BSSID value is used in Public Action frames that are
transmitted to a STA that is not a member of the same BSS.
wpa_supplicant used to use the actual BSSID value for all such frames
regardless of whether the destination STA is a member of the BSS.
P2P does not follow this rule, so P2P Public Action frame construction
must not be changed. However, the cases using GAS/ANQP for non-P2P
purposes should follow the standard requirements.
Unfortunately, there are deployed AP implementations that do not reply
to a GAS request sent using the wildcard BSSID value. The previously
used behavior (Address3 = AP BSSID even when not associated) continues
to be the default, but the IEEE 802.11 standard compliant addressing
behavior can now be configured with gas_address3=1.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 5 Jun 2016 08:43:37 +0000 (11:43 +0300)]
tests: Mesh peering management protocol testing
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 5 Jun 2016 08:17:00 +0000 (11:17 +0300)]
tests: Secure mesh network and PMKID mismatch
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 22:20:28 +0000 (01:20 +0300)]
tests: Secure mesh network and missing MIC
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 21:24:47 +0000 (00:24 +0300)]
tests: Mesh and failure to derive random nonce
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 21:20:06 +0000 (00:20 +0300)]
tests: Secure mesh network and PMKSA caching failing due to OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 21:03:38 +0000 (00:03 +0300)]
tests: Mesh scan element parse error
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 19:01:33 +0000 (22:01 +0300)]
tests: Mesh network setup failing due to driver command failure
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 19:00:52 +0000 (22:00 +0300)]
nl80211: Add TEST_FAIL() to command generation and set_mode
This makes it easier to test error paths for failing driver command
cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 19:00:30 +0000 (22:00 +0300)]
mesh: Remove extra newline from the end of an error message
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 18:47:22 +0000 (21:47 +0300)]
tests: Mesh and default beacon interval
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 18:44:19 +0000 (21:44 +0300)]
tests: Extend coverage for mesh OOM testing
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 18:31:51 +0000 (21:31 +0300)]
tests: Open mesh network on VHT 160 MHz channel
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 18:30:51 +0000 (21:30 +0300)]
mesh: Allow 160 MHz channel to be configured
This allows minimal testing with 160 MHz channel with country code ZA
that happens to be the only one with a non-DFS 160 MHz frequency. DFS
with mesh is not yet supported.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 18:30:18 +0000 (21:30 +0300)]
nl80211: Update drv->assoc_freq on mesh join
This is needed to provide the correct frequency in SIGNAL_POLL command.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 17:56:39 +0000 (20:56 +0300)]
tests: Mesh and invalid frequency configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 4 Jun 2016 17:56:55 +0000 (20:56 +0300)]
mesh: Remove unreachable code
ssid->frequency cannot be 0 in wpa_supplicant_mesh_init() since
wpas_supplicant_join_mesh() rejects such a configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 3 Jun 2016 21:40:38 +0000 (00:40 +0300)]
tests: Mesh and local failures
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 3 Jun 2016 21:25:21 +0000 (00:25 +0300)]
tests: Mesh and local SAE failures
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 3 Jun 2016 21:08:16 +0000 (00:08 +0300)]
tests: Mesh with invalid SAE group configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
Kanchanapally, Vidyullatha [Tue, 12 Apr 2016 08:01:42 +0000 (13:31 +0530)]
nl80211: Use extended capabilities per interface type
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 31 May 2016 15:48:39 +0000 (18:48 +0300)]
Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-05-31.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Mon, 30 May 2016 21:11:42 +0000 (00:11 +0300)]
Report connection timeouts in CTRL-EVENT-ASSOC-REJECT
Add a new "timeout" argument to the event message if the nl80211 message
indicates that the connection failure is not due to an explicit AP
rejection message. This makes it easier for external programs to figure
out why the connection failed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 30 May 2016 18:15:30 +0000 (21:15 +0300)]
tests: wpa_supplicant secure MESH and SAE group negotiation
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 30 May 2016 18:14:08 +0000 (21:14 +0300)]
mesh: Support simple SAE group negotiation case
This allows the simplest case of SAE group negotiation to occur by
selecting the next available group if the peer STA indicates the
previous one was not supported. This is not yet sufficient to cover all
cases, e.g., when both STAs need to change their groups, but at least
some cases are no covered.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 30 May 2016 17:17:10 +0000 (20:17 +0300)]
tests: Secure mesh network setup local failure
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 30 May 2016 17:15:16 +0000 (20:15 +0300)]
mesh: Fix error path handling for RSN (MGTK init)
wpa_deinit() got called twice if the random_get_bytes() fails to
generate the MGTK. This resulted in double-freeing the rsn->auth
pointer. Fix this by allowing mesh_rsn_auth_init() handle freeing for
all error cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 30 May 2016 17:03:32 +0000 (20:03 +0300)]
tests: wpa_supplicant mesh scan results and OOM
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jonathan Afek [Sun, 29 May 2016 12:03:40 +0000 (15:03 +0300)]
tests: Support P2P group interfaces in hwsim remote tests
Start using the wpa_supplicant remote UDP interface for the control and
monitor sockets for P2P group interfaces so that P2P tests would work on
real hardware. Also have the group requests and events show in the test
log with the hostname and the interface name of the group interface.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Jouni Malinen [Mon, 30 May 2016 14:40:05 +0000 (17:40 +0300)]
D-Bus: Remove unused wpas_dbus_signal_p2p_group_started() parameter
The ssid pointer was not used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Nishant Chaprana [Mon, 30 May 2016 07:38:31 +0000 (13:08 +0530)]
D-Bus: Indicate whether created group is persistent or not
This adds an extra parameter in GroupStarted signal to indicate whether
the created group is Persistent or not. It is similar to the
[PERSISTENT] tag which comes in P2P-GROUP-STARTED over the control
interface.
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Jouni Malinen [Sun, 29 May 2016 22:50:09 +0000 (01:50 +0300)]
tests: wpa_supplicant mesh with dynamic interface addition failing
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 May 2016 22:49:22 +0000 (01:49 +0300)]
mesh: Fix MESH_INTERFACE_ADD error path cleanup
If wpa_supplicant_add_iface() fails, we need to remove the added netdev,
not the existing wpa_s instance.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 May 2016 21:33:56 +0000 (00:33 +0300)]
tests: Mesh network setup failing due to OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 29 May 2016 22:04:00 +0000 (01:04 +0300)]
mesh: Fix error path handling in init OOM cases
hostapd deinit functions were not ready to handle a case where the data
structures were not fully initialized. Make these more robust to allow
wpa_supplicant mesh implementation to use the current deinit design in
OOM error cases without causing NULL pointer dereferences.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 28 May 2016 20:28:15 +0000 (23:28 +0300)]
tests: More coverage in ap_reassociation_to_same_bss
The extra wait forces the special reattach-scan case to be reached in
wpa_supplicant_scan().
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 28 May 2016 20:00:42 +0000 (23:00 +0300)]
tests: More coverage in wpas_ctrl_sched_scan_plans
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 28 May 2016 19:54:00 +0000 (22:54 +0300)]
Remove dead code from wpas_sched_scan_plans_set()
scan_plan->interval was checked against 0 twice; the latter case cannot
happen.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 28 May 2016 19:28:14 +0000 (22:28 +0300)]
tests: Scan with SET freq_list and scan_cur_freq
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 28 May 2016 19:16:47 +0000 (22:16 +0300)]
Improve reattach scan OOM failure handling
Instead of reporting the memory allocation failure and stopping, run the
scan even if the frequency list cannot be created due to allocation
failure. This allows the wpa_s->reattach flag to be cleared and the scan
to be completed even if it takes a bit longer time due to all channels
getting scanned.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 28 May 2016 19:06:03 +0000 (22:06 +0300)]
tests: Duplicate SSID removal with scan_id list
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 28 May 2016 19:01:32 +0000 (22:01 +0300)]
tests: Increase scan_fail coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 28 May 2016 19:35:30 +0000 (22:35 +0300)]
Indicate scan failure event on parameter cloning failure
This is more consistent with the radio_add_work() error case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 28 May 2016 13:34:58 +0000 (16:34 +0300)]
tests/remote: Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
Jonathan Afek [Thu, 19 May 2016 13:06:50 +0000 (16:06 +0300)]
tests/remote: Fix execution of setup_hw
The code contained some places that used an additional argument for
setup_hw after -R and also contained places where setup_hw cmdline was
passed as a string instead of an argument list. It also contained places
where the ifname was only treated as a single interface and disregarded
the possiblity of multiple interfaces. This commit fixes these issues
and executes setup_hw from a single function for all cases.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Jonathan Afek [Thu, 19 May 2016 13:06:49 +0000 (16:06 +0300)]
tests: Add support for wlantest for remote hwsim tests
Use a monitor interface given in the command line that is not also a
station or an AP as a monitor running wlantest on the channel used by
the test. This makes all the tests that use wlantest available for
execution on real hardware on remote hosts.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Jonathan Afek [Thu, 19 May 2016 13:06:48 +0000 (16:06 +0300)]
tests/remote: Fix usage of a non existing variable
In monitor.py in the remote tests code there is fucntion create() that
creates standalone monitor interfaces. In this function there is an
iteration of the ifaces of the host by using the ifaces variable but
this variable is non-existing. This patch creates this variable before
its usage.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Jonathan Afek [Thu, 19 May 2016 13:06:47 +0000 (16:06 +0300)]
wpaspy: Fix potentially referencing non existing attribute
In wpaspy.py in the Ctrl object constructor there is a try/except. In
the except part the code references the s attribute of the object. This
attribute is only created later in the try part. If an exception occurs
before the attribute creation then the except part references a non
existing attribute. Fix that by assigning None to the s attribute at the
beginning of the try part.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Jonathan Afek [Thu, 19 May 2016 13:06:46 +0000 (16:06 +0300)]
tests/remote: Fix style and typos
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Jonathan Afek [Thu, 19 May 2016 13:06:45 +0000 (16:06 +0300)]
tests/remote: Extend get_monitor_params() to support P2P interfaces
This function is used for remote tests when a monitor interface is
needed on the channel on which the AP operates. This change enables us
to also query P2P interfaces for the channel information to use for
monitor interfaces.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Jonathan Afek [Thu, 19 May 2016 13:06:44 +0000 (16:06 +0300)]
tests/remote: Use a function to add a log file to a remote host
Instead of accessing the logs list member of the remote host directly,
use a function to add logs to the remote host to be collected after the
test. This enables us to later have different implementation of remote
hosts or logs collection without requiring to have this list as the
implementation.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Jonathan Afek [Tue, 24 May 2016 11:02:33 +0000 (14:02 +0300)]
tests: Use 10 retries for over-the-air broadcast connectivity
The regular hwsim tests use both unicast and broadcast frames to test
the connectivity between 2 interfaces. For real hardware (remote hwsim
tests) the broadcast frames will sometimes not be seen by all connected
stations since they can be in low power mode during DTIM or because
broadcast frames are not ACKed. Use 10 retries for broadcast
connectivity tests for real hardware so that the test will pass if we
successfully received at least one of them.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
Jörg Krause [Mon, 23 May 2016 15:11:47 +0000 (17:11 +0200)]
wpa_cli: Run action file in case of an AP event
Run the action script in case of AP events "AP-ENABLED" and
"AP-DISABLED".
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
David Benjamin [Tue, 17 May 2016 17:24:43 +0000 (13:24 -0400)]
OpenSSL: Comment out tls_connection_get_eap_fast_key without EAP-FAST
This avoids internal access of structs and also removes the dependency
on the reimplemented TLS PRF functions when EAP-FAST support is not
enabled. Notably, BoringSSL doesn't support EAP-FAST, so there is no
need to access its internals with openssl_get_keyblock_size().
Signed-Off-By: David Benjamin <davidben@google.com>
Jouni Malinen [Mon, 23 May 2016 17:36:40 +0000 (20:36 +0300)]
tests: Fix ap_wpa2_eap_fast_prf_oom with the updated PRF implementation
This is needed to work with the tls_openssl.c changes that renamed the
function that is used for deriving the EAP-FAST keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
David Benjamin [Mon, 16 May 2016 15:47:37 +0000 (11:47 -0400)]
TLS: Split tls_connection_prf() into two functions
Most protocols extracting keys from TLS use RFC 5705 exporters which is
commonly implemented in TLS libraries. This is the mechanism used by
EAP-TLS. (EAP-TLS actually predates RFC 5705, but RFC 5705 was defined
to be compatible with it.)
EAP-FAST, however, uses a legacy mechanism. It reuses the TLS internal
key block derivation and derives key material after the key block. This
is uncommon and a misuse of TLS internals, so not all TLS libraries
support this. Instead, we reimplement the PRF for the OpenSSL backend
and don't support it at all in the GnuTLS one.
Since these two are very different operations, split
tls_connection_prf() in two. tls_connection_export_key() implements the
standard RFC 5705 mechanism that we expect most TLS libraries to
support. tls_connection_get_eap_fast_key() implements the
EAP-FAST-specific legacy mechanism which may not be implemented on all
backends but is only used by EAP-FAST.
Signed-Off-By: David Benjamin <davidben@google.com>
David Benjamin [Mon, 16 May 2016 14:17:31 +0000 (10:17 -0400)]
OpenSSL: Remove two more accesses of ssl_ctx->cert_store
Commit
68ae4773a40b601126fc1f7cf5284e159c84ab3d ('OpenSSL: Use library
wrapper functions to access cert store') fixed most of these, but missed
a few.
Signed-Off-By: David Benjamin <davidben@google.com>
Jouni Malinen [Sun, 22 May 2016 15:10:19 +0000 (18:10 +0300)]
tests: Scan failures
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 22 May 2016 15:09:23 +0000 (18:09 +0300)]
scan: Fix a memory leak on an error path
If preassoc_mac_addr is used and updating the MAC address fails in
wpas_trigger_scan_cb(), the cloned scan parameters were leaked. Fix that
and also send a CTRL-EVENT-SCAN-FAILED event in this and another error
case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 22 May 2016 15:08:55 +0000 (18:08 +0300)]
nl80211: Add TEST_FAIL() to nl80211_set_mac_addr()
This makes it easier to test some error paths in wpa_supplicant.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 22 May 2016 14:44:28 +0000 (17:44 +0300)]
scan: Clean up code a bit - phase1 is used in all WPS cases
There is no need to have a separate if statement to skip the cases where
phase1 is not set. Just check it with the strstr comparison since this
case is not really used in practice.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 22 May 2016 13:23:28 +0000 (16:23 +0300)]
scan: Clean up code a bit - ssid cannot be NULL here
wpa_s->current_ssid is set to a non-NULL ssid pointer value here, so
there is no need for the extra if statement.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 21 May 2016 17:26:56 +0000 (20:26 +0300)]
Update ChangeLog files for v2.6
This adds a summary of changes since the v2.5 release.
Signed-off-by: Jouni Malinen <j@w1.fi>
Lior David [Wed, 30 Mar 2016 11:57:31 +0000 (14:57 +0300)]
Fix sending non-Public Action frames over P2P Device interface
The P2P Device interface can only send Public Action frames. Non-Public
Action frames must be sent over a group interface. The previous
implementation sometimes tried to send non-Public Action frames such as
GO Discoverability over the P2P Device interface, however, the source
address of the frame was set to the group interface address so the code
in offchannel.c knew to select the correct interface for the TX.
The check breaks when the P2P Device and group interfaces have the same
MAC address. In this case the frame will be sent over the P2P Device
interface and the send will fail.
Fix this problem in two places:
1. In offchannel, route non-Public Action frames to the GO
interface when the above conditions are met.
2. When a TX_STATUS event arrives on such routed frame, it will
arrive on the GO interface but it must be handled by the P2P Device
interface since it has the relevant state logic.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Kanchanapally, Vidyullatha [Fri, 20 May 2016 14:41:55 +0000 (20:11 +0530)]
nl80211: Register for only for specific Action frames in AP mode
This makes changes such that hostapd (and wpa_supplicant AP mode)
registers to kernel for specific Action frames instead of generically
registering for all Action frames. This makes it easier for other
programs to register for some Action frames that hostapd does not handle
today without having to somehow coordinate directly with hostapd.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 20 May 2016 20:37:51 +0000 (23:37 +0300)]
tests: P2P group formation using P2PS method without specifying PIN
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Purushottam Kushwaha [Fri, 29 Apr 2016 10:50:12 +0000 (16:20 +0530)]
P2PS: Allow P2P_CONNECT command for P2PS connection with/without PIN
This allows using P2PS config method with or without PIN for connection.
wpa_supplicant should internally handle the default PIN "
12345670" and
shall also allow connection irrespective of PIN used in P2P_CONNECT.
For example,
1. P2P_CONNECT 02:2a:fb:22:22:33 p2ps
2. P2P_CONNECT 02:2a:fb:22:22:33 xxxxxxxx p2ps
Where the second one is maintained for backwards compatibility.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Purushottam Kushwaha [Fri, 29 Apr 2016 10:46:44 +0000 (16:16 +0530)]
P2PS: Correct config_methods for different P2P cases
Add P2PS config flag only when config_methods are set. This restores the
pre-P2PS behavioer for the cases where Display or Keypad config method
is specified for a peer (i.e., do not add the new P2PS method in that
case).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 16 May 2016 19:26:37 +0000 (22:26 +0300)]
EAP-SAKE: Do not debug print result if eap_sake_compute_mic() fails
This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_sake_errors test case where the result was used after the
failed eap_sake_compute_mic() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 16 May 2016 19:25:25 +0000 (22:25 +0300)]
EAP-PAX: Do not debug print result if eap_pax_mac() fails
This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_pax_errors test case where the result was used after the
failed eap_pax_mac() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 16 May 2016 19:24:01 +0000 (22:24 +0300)]
EAP-FAST: Check sha1_t_prf() result in eap_fast_get_cmk()
This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_fast_errors test case where the result was used after the
failed sha1_t_prf() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 16 May 2016 18:06:44 +0000 (21:06 +0300)]
WPS: Check sha256_vector() result in wps_build_oob_dev_pw()
This gets rid of a valgrind warning on uninitialized memory read in the
wpas_ctrl_error test case where the result was used after the failed
sha256_vector() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 16 May 2016 17:08:53 +0000 (20:08 +0300)]
Check md5_vector() result in decrypt_ms_key()
This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap_connect test case where the result is used after
failed md5_vector() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 16 May 2016 17:06:46 +0000 (20:06 +0300)]
Check hmac_md5() result in radius_msg_verify_msg_auth()
This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap_connect test case where memcmp is used after failed
hmac_md5() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 16 May 2016 17:04:29 +0000 (20:04 +0300)]
Check md5_vector() result in radius_msg_verify()
This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap test case where memcmp is used after failed
md5_vector() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 16 May 2016 16:35:03 +0000 (19:35 +0300)]
WPS: Fix debug prints in wps_derive_psk() error case
Check for hmac_sha256() failures and exit from wps_derive_psk() without
printing out the derived keys if anything fails. This removes a valgrind
warning on uninitialized value when running the ap_wps_m3_oom test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 16 May 2016 16:04:54 +0000 (19:04 +0300)]
Fix external radio work debug printing on removal
work->type was pointing to the allocated work->ctx buffer and the debug
print in radio_work_free() ended up using freed memory if a started
external radio work was removed as part of FLUSH command operations. Fix
this by updating work->type to point to a constant string in case the
dynamic version gets freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 14 May 2016 16:43:13 +0000 (19:43 +0300)]
tests: wpa_supplicant AP mode - WPS disabled
Signed-off-by: Jouni Malinen <j@w1.fi>
Lior David [Tue, 12 Apr 2016 15:13:22 +0000 (18:13 +0300)]
wpa_supplicant: Add wps_disabled parameter to network block
Add a new parameter wps_disabled to network block (wpa_ssid). This
parameter allows WPS functionality to be disabled in AP mode.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Jouni Malinen [Sat, 14 May 2016 16:41:46 +0000 (19:41 +0300)]
Set wpa_psk_set in wpa_supplicant AP mode is PSK is available
While this is unlikely to make any practical difference, it is better to
keep consistent with hostapd configuration parser.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 14 May 2016 16:40:40 +0000 (19:40 +0300)]
Fix AP mode key_mgmt configuration in wpa_supplicant default case
If the network profile key_mgmt parameter was not set, wpa_supplicant
defaulted to enabling both WPA-PSK and WPA-EAP. This is not correct for
AP mode operations, so remove WPA-EAP in such a case to fix WPA-PSK
without explicit key_mgmt parameter.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 14 May 2016 16:39:10 +0000 (19:39 +0300)]
P2P: Do not enable P2P group processing for non-P2P AP mode
wpa_supplicant was starting P2P group processing for all AP mode
interfaces in CONFIG_P2P=y builds. This is unnecessary and such
operations should be enabled only for actual GO interfaces.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 14 May 2016 15:59:47 +0000 (18:59 +0300)]
tests: Fix WEXT testing
Commit
afb2e8b8913f131e5fb3a1031aacae3ab2b91287 ('tests: Store P2P
Device ifname in class WpaSupplicant') did not take into account the
possibility of capa.flags not existing in get_driver_status() and broke
WEXT test cases. Fix this by checking that capa.flags is present before
looking at its value.
Signed-off-by: Jouni Malinen <j@w1.fi>
Janusz Dziedzic [Fri, 29 Apr 2016 05:07:37 +0000 (07:07 +0200)]
tests/remote: Add hwsim wrapper
This allow to run hwsim test cases.
duts go to apdev while refs go to dev
For now I tested:
./run-tests.py -d hwsim0 -r hwsim1 -h ap_open -h dfs
./run-tests.py -r hwsim0 -r hwsim1 -h ibss_open -v
./run-tests.py -r hwsim0 -r hwsim1 -r hwsim2 -d hwsim3 -d hwsim4 -h ap_vht80 -v
./run-tests.py -r hwsim0 -r hwsim1 -r hwsim2 -d hwsim3 -d hwsim4 -h all -k ap -k vht
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Fri, 29 Apr 2016 05:07:36 +0000 (07:07 +0200)]
tests/remote: Add test_example.py
This is simple example how to write a simple test case.
modprobe mac80211_hwsim radios=4
run example:
./run-tests.py -d hwsim0 -r hwsim1 -t example
run example with monitors:
./run-tests.py -d hwsim0 -r hwsim1 -t example -m all -m hwsim2
run example with trace record:
./run-tests.py -d hwsim0 -r hwsim1 -t example -T
run example with trace and perf:
./run-tests.py -d hwsim0 -r hwsim1 -t example -T -P
restart hw before test case run:
./run-tests.py -d hwsim0 -r hwsim1 -t example -R
run example verbose
./run-tests.py -d hwsim0 -r hwsim1 -t example -v
For perf/trace you need to write own hw specyfic scripts:
trace_start.sh, trace_stop.sh
perf_start.sh, perf_stop.sh
In any case you will find logs in the logs/current/ directory.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Fri, 29 Apr 2016 05:07:35 +0000 (07:07 +0200)]
tests/remote: Add utils file
Add rutils.py for remote tests.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Fri, 29 Apr 2016 05:07:34 +0000 (07:07 +0200)]
tests/remote: Add monitor.py
Add monitor support. This supports monitors added to the current
interfaces. This also support standalone monitor with multi interfaces
support. This allows to get logs from different channels at the same
time to one pcap file.
Example of t3-monitor added to config.py file.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Fri, 29 Apr 2016 05:07:33 +0000 (07:07 +0200)]
tests: Add remote directory to tests
Add tests/remote directory and files:
config.py - handle devices/setup_params table
run-tests.py - run test cases
test_devices.py - run basic configuration tests
You can add own configuration file, by default this is cfg.py, and put
there devices and setup_params definition in format you can find in
config.py file. You can use -c option or just create cfg.py file.
Print available devices/test_cases:
./run-tests.py
Check devices (ssh connection, authorized_keys, interfaces):
./run-test.py -t devices
Run sanity tests (test_sanity_*):
./run-test.py -d <dut_name> -t sanity
Run all tests:
./run-tests.py -d <dut_name> -t all
Run test_A and test_B:
./run-tests.py -d <dut_name> -t "test_A, test_B"
Set reference device, and run sanity tests:
./run-tests.py -d <dut_name> -r <ref_name> -t sanity
Multiple duts/refs/monitors could be setup:
e.g.
./run-tests.py -d <dut_name> -r <ref1_name> -r <ref2_name> -t sanity
Monitor could be set like this:
./run-tests.py -d <dut_name> -t sanity -m all -m <standalone_monitor>
You can also add filters to tests you would like to run
./run-tests.py -d <dut_name> -t all -k wep -k g_only
./run-tests.py -d <dut_name> -t all -k VHT80
./run-test.py doesn't start/terminate wpa_supplicant or hostpad,
test cases are resposible for that, while we don't know test
case requirements.
Restart (-R) trace (-T) and perf (-P) options available.
This request trace/perf logs from the hosts (if possible).
As parameters each test case get:
- devices - table of available devices
- setup_params
- duts - names of DUTs should be tested
- refs - names of reference devices should be used
- monitors - names of monitors list
Each test could return append_text.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Janusz Dziedzic [Fri, 29 Apr 2016 05:07:32 +0000 (07:07 +0200)]
tests: remotehost.py use join
Use join instead of for.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Ilan Peer [Mon, 25 Apr 2016 08:24:58 +0000 (11:24 +0300)]
Send CTRL-EVENT-REGDOM-CHANGE event on the parent interface
The NL80211_CMD_WIPHY_REG_CHANGE can be handled by any of the
interfaces that are currently controlled by the wpa_supplicant.
However, some applications expect the REGDOM_CHANGE event to be
sent on the control interface of the initially added interface
(and do not expect the event on any of child interfaces).
To resolve this, when processing NL80211_CMD_WIPHY_REG_CHANGE,
find the highest parent in the chain, and use its control interface
to emit the CTRL-EVENT-REGDOM-CHANGE event.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Jouni Malinen [Fri, 13 May 2016 17:50:11 +0000 (20:50 +0300)]
tests: Secure mesh and the first plink Open dropped
This is a regression test case to verify that MTK is calculated properly
also in this unexpected sequence.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 13 May 2016 17:48:00 +0000 (20:48 +0300)]
Add MGMT_RX_PROCESS test command for wpa_supplicant
This makes it easier to write hwsim test cases to verify management
frame processing sequences with dropped or modified frames. When
ext_mgmt_frame_handling is used, this new command can be used to request
wpa_supplicant to process a received a management frame, e.g., based on
information reported in the MGMT-RX events.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Peter Oh [Fri, 29 Apr 2016 21:27:58 +0000 (14:27 -0700)]
mesh: Calculate MTK before sending it to MAC in case Open is dropped
IEEE Std 802.11-2012 13.5.6.3 State transitions require an action
sending SETKEYS primitive to MAC when OPN_ACPT event occurs in CNF_RCVD
state in case of AMPE is used, but since MTK calculation is missed in
this condition, all zero valued key are passed to MAC and cause unicast
packet decryption error. This could happen if the first transmission of
plink Open frame is dropped and Confirm frame is processed first
followed by retransmitted Open frame.
Fix this by calculating the MTK also in this sequence of unexpected
messages.
Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
Peter Oh [Fri, 29 Apr 2016 22:04:41 +0000 (15:04 -0700)]
mesh: Add missing action to cancel timer
IEEE Std 802.11-2012 Table 13-2, MPM finite state machine requires to
clear retryTimer when CNF_ACPT event occurs in OPN_SNT state which is
missing, so add it to comply with the standard.
This was found while debugging an MTK issue and this commit fixes a
potential issue that mesh sends invalid event (PLINK_OPEN) which will
lead another invalid timer register such as MeshConfirm Timer. This
behaviour might lead to undefined mesh state.
Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
Saurav Babu [Wed, 11 May 2016 05:37:23 +0000 (11:07 +0530)]
D-Bus: Check driver capability for IBSS in Modes property of Capabilities
Instead of hardcoding "ad-hoc" in the array of supported capabilities,
add this only if the driver indicates support for IBSS.
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>