Avraham Stern [Thu, 27 Mar 2014 06:58:31 +0000 (08:58 +0200)]
hostapd: Add vendor command support
Add support of vendor command to hostapd ctrl_iface.
Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]
The 3rd argument will be converted to binary data and then passed as
argument to the sub command.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Ilan Peer [Thu, 27 Mar 2014 06:58:29 +0000 (08:58 +0200)]
P2P: Do not initiate scan on P2P Device when enabled
Do not start a scan on a P2P Device interface when processing an
interface enabled event.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Pawel Kulakowski [Wed, 26 Mar 2014 12:18:29 +0000 (13:18 +0100)]
Fix issue with incorrect secondary_channel in HT40/HT80
When primary and secondary channel were switched and config was
reloaded, secondary channel was incorrectly overwritten.
Proceed as for other settings that should not be changed and don't
allow to overwrite.
Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
Sunil Dutt [Wed, 26 Mar 2014 16:04:50 +0000 (21:34 +0530)]
Pass TDLS peer capability information in tdls_mgmt
While framing the TDLS Setup Confirmation frame, the driver needs to
know if the TDLS peer is VHT/HT/WMM capable and thus shall construct the
VHT/HT operation / WMM parameter elements accordingly. Supplicant
determines if the TDLS peer is VHT/HT/WMM capable based on the presence
of the respective IEs in the received TDLS Setup Response frame.
The host driver should not need to parse the received TDLS Response
frame and thus, should be able to rely on the supplicant to indicate
the capability of the peer through additional flags while transmitting
the TDLS Setup Confirmation frame through tdls_mgmt operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 27 Mar 2014 12:50:39 +0000 (14:50 +0200)]
Sync with wireless-testing.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2014-03-25.
Signed-off-by: Jouni Malinen <j@w1.fi>
Maxime Bizon [Thu, 20 Mar 2014 18:29:44 +0000 (19:29 +0100)]
nl80211: Fix EAPOL frames not being delivered
When hostapd choose to reuse an existing interface, it does not add it
to the set of interfaces from which we accept EAPOL packets.
Make sure we always add it to that set.
Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
Jouni Malinen [Tue, 25 Mar 2014 23:17:29 +0000 (01:17 +0200)]
nl80211: Set interface address even if using old interface
If an existing interface is allowed to be used, its address better be
updated to match the requested one.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 25 Mar 2014 22:42:24 +0000 (00:42 +0200)]
nl80211: Print if_indices list in debug log
This makes it easier to debug dynamic interface addition/removal.
Signed-off-by: Jouni Malinen <j@w1.fi>
Maxime Bizon [Thu, 20 Mar 2014 18:25:18 +0000 (19:25 +0100)]
eloop: Add assert() on negative fd when using select() code path
Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
Jouni Malinen [Tue, 25 Mar 2014 21:58:22 +0000 (23:58 +0200)]
Add a note on using 'iw list' to determine multi-BSS support
This adds a pointer to hostapd.conf to using 'iw list' with the current
nl80211 drivers to determine supported interface combinations.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 25 Mar 2014 16:08:52 +0000 (18:08 +0200)]
tests: GAS/ANQP query for both IEEE 802.11 and Hotspot 2.0 elements
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Dmitry Shmidt [Tue, 25 Mar 2014 00:36:13 +0000 (17:36 -0700)]
HS 2.0: Extend ANQP_GET to accept Hotspot 2.0 subtypes
This allows a single ANQP query to be used to fetch both IEEE 802.11
defined ANQP elements and Hotspot 2.0 vendor specific elements.
ANQP_GET <addr> <info id>[,<info id>]...
[,hs20:<subtype>][...,hs20:<subtype>]
For example:
ANQP_GET 00:11:22:33:44:55:66 258,268,hs20:3,hs20:4
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Tue, 25 Mar 2014 15:57:54 +0000 (17:57 +0200)]
nl80211: Indicate HS 2.0 OSEN AKM in connect/associate command
This allows drivers that build the WPA/RSN IEs internally to use similar
design for building the OSEN IE.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 25 Mar 2014 15:56:55 +0000 (17:56 +0200)]
tests: HS 2.0 OSEN using nl80211 connect command
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 25 Mar 2014 15:42:17 +0000 (17:42 +0200)]
tests: Remove CONFIG_WPS2=y from example configuration files
This build parameter is not used anymore.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 25 Mar 2014 15:40:50 +0000 (17:40 +0200)]
WPS: Enable WSC 2.0 support unconditionally
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Sunil Dutt Undekari [Tue, 11 Mar 2014 09:54:17 +0000 (15:24 +0530)]
P2P: Set a timeout for a persistent reinvoke on a P2P Client
Use P2P group formation timeout to wait for the 4-way handshake to
complete on a persistent reinvocation on a P2P Client.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Rashmi Ramanna [Fri, 21 Mar 2014 12:56:02 +0000 (18:26 +0530)]
P2P: Optimize scan for GO during persistent group invocation
Scan for GO on the negotiated operating channel for few iterations
before searching on all the supported channels during persistent group
reinvocation. In addition, use the already known SSID of the group in
the scans. These optimizations reduce group formation time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 25 Mar 2014 11:43:56 +0000 (13:43 +0200)]
tests: P2P persistent group re-invocation with empty BSS table
This verifies P2P Client scanning behavior during group re-invocation in
a case where old scan results are not available to allow the scan to be
skipped completely.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Tue, 25 Mar 2014 13:08:07 +0000 (15:08 +0200)]
tests: Optimize scanning in wpa_supplicant-as-AP test case
Wait for the AP to be ready before initiating the scan to avoid
unnecessary five second extra wait. In addition, disconnect the station
to avoid possibility of starting a new scan at the end of the test case.
These remove unnecessary wait time from the test cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 24 Mar 2014 20:38:35 +0000 (22:38 +0200)]
ACS: Fix number of error path issues
Especially when multiple BSSes are used with ACS, number of the error
paths were not cleaning up driver initialization properly. This could
result in using freed memory and crashing the process if ACS failed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 23 Mar 2014 23:35:58 +0000 (01:35 +0200)]
tests: Add scripts to allow parallel execution of tests in VMs
"parallel-vm.sh <number of VMs> [arguments..]" can now be used to run
multiple VMs in parallel to speed up full test cycle significantly. In
addition, the "--split srv/total" argument used in this design would
also make it possible to split this to multiple servers to speed up
testing.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 23 Mar 2014 21:57:38 +0000 (23:57 +0200)]
tests: Extend OBSS scan coverage
Include another BSS in the scan results and run a test with a 40 MHz
intolerant neighboring BSS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 23 Mar 2014 21:56:50 +0000 (23:56 +0200)]
SME: Add more debug prints for OBSS scans and 20/40 MHz co-ex report
This makes it easier to debug wpa_supplicant behavior when reporting
20/40 MHz co-ex information based on OBSS scans.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 23 Mar 2014 21:54:50 +0000 (23:54 +0200)]
SME: Fix OBSS scan result processing for 20/40 MHz co-ex report
The 40 MHz intolerant bit needs to be checked before skipping the BSS
based on the channel already being in the lost (which could have
happened due to another BSS that does not indicate 40 MHz intolerant).
This fixed the 20/40 MHz co-ex report to indicate 20 MHz request
properly if there are both 40 MHz tolerant and intolerant BSSes on the
same channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 23 Mar 2014 21:50:37 +0000 (23:50 +0200)]
Allow hostapd to advertise 40 MHz intolerant HT capability
ht_capab=[40-INTOLERANT] can now be used to advertise that the BSS is 40
MHz intolerant to prevent other 20/40 MHz co-ex compliant APs from using
40 MHz channel bandwidth.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 23 Mar 2014 17:49:12 +0000 (19:49 +0200)]
tests: Verify HT/VHT required rejection
Previously, only the case of STA supporting HT/VHT was tested. Now both
cases are verified.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 23 Mar 2014 17:31:35 +0000 (19:31 +0200)]
tests: Additional AP parameters
This tests basic rate, short preamble, and spectrum management
configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 23 Mar 2014 17:23:16 +0000 (19:23 +0200)]
tests: Negative FT RRB test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 23 Mar 2014 16:31:58 +0000 (18:31 +0200)]
tests: FT pull PMK-R1
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 23 Mar 2014 16:13:03 +0000 (18:13 +0200)]
FT: Add support for postponing FT response
If the PMK-R1 needs to be pulled for the R0KH, the previous
implementation ended up rejecting the over-the-air authentication and
over-the-DS action frame unnecessarily while waiting for the RRB
response. Improve this by postponing the Authentication/Action frame
response until the pull response is received.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 23 Mar 2014 10:11:55 +0000 (12:11 +0200)]
tests: P2P broadcast SD query canceling
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 23 Mar 2014 09:24:01 +0000 (11:24 +0200)]
tests: P2P channel selection
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 23 Mar 2014 09:59:43 +0000 (11:59 +0200)]
tests: Allow test cases to receive additional parameters
The optional third argument to the test case functions can now be used
to receive additional parameters from run-tests.py. As the initial
parameter, logdir value is provided so that test cases can use it to
review the debug logs from the test run.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 23 Mar 2014 09:01:59 +0000 (11:01 +0200)]
P2P: Clean up channel selection code to use helper functions
This moves some of the p2p_prepare_channel_best() functionality into
separate helper functions to make the implementation easier to read.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 21:38:39 +0000 (23:38 +0200)]
tests: WPS AP PIN unlocked on timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 21:31:39 +0000 (23:31 +0200)]
WPS: Comment out unused AP WEP config write with WPS 2.0
The main WPS code rejects WEP parameters, so this code is not used and
can be commented out from WPS 2.0 builds. This is similar to the earlier
commit that commented out in-memory update.
Signed-off-by: Jouni Malinen <j@w1.fi>
Arif Hussain [Sat, 22 Mar 2014 19:50:55 +0000 (12:50 -0700)]
P2P: Update op_reg_class in random social channel case
Commit
94b84bc7253680a2b201d5c88d36ada91a3e20b4 missed one path where
p2p->op_reg_class should have been updated. Set this to 81 during
operating channel selection from 2.4 GHz.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Amar Singhal [Sat, 22 Mar 2014 19:31:15 +0000 (21:31 +0200)]
hostapd: Check driver DFS offload capability for channel disablement
If the driver supports full offloading of DFS operations, do not disable
a channel marked for radar detection. The driver will handle the needed
operations for such channels.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Amar Singhal [Sat, 22 Mar 2014 19:20:32 +0000 (21:20 +0200)]
nl80211: Fetch DFS offload capability from driver
This uses a QCA vendor extension to determine if the driver supports
fully offloaded DFS operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sat, 22 Mar 2014 19:12:06 +0000 (21:12 +0200)]
tests: WPS configuration file update
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 17:22:10 +0000 (19:22 +0200)]
WPS: Comment out unused AP WEP config update with WPS 2.0
The main WPS code rejects WEP parameters, so this code is not used and
can be commented out from WPS 2.0 builds.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 17:19:17 +0000 (19:19 +0200)]
tests: WPS and per-station PSK with non-writeable PSK file
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 16:57:44 +0000 (18:57 +0200)]
tests: hostapd GET_CONFIG key_mgmt values
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 16:57:00 +0000 (18:57 +0200)]
Add SAE and FT-SAE key_mgmt to hostapd GET_CONFIG
These options were missing from the current key_mgmt values.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 16:39:17 +0000 (18:39 +0200)]
tests: Print BSS data on ap_wps_ie_fragmention error case
This makes it easier to debug what failed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 15:14:44 +0000 (17:14 +0200)]
tests: Increase DFS coverage even without hwsim support
This allows some more of the hostapd DFS operations to be executed even
before mac80211_hwsim supports CAC.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 14:56:42 +0000 (16:56 +0200)]
tests: QoS Map ctrl_iface error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 14:46:51 +0000 (16:46 +0200)]
tests: WPS NFC failure cases in hostapd ctrl_iface
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 14:37:45 +0000 (16:37 +0200)]
tests: WPS_CHECK_PIN error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 14:35:29 +0000 (16:35 +0200)]
tests: WPS Enrollee PIN expiration on AP
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 14:25:38 +0000 (16:25 +0200)]
tests: Increase hostapd ctrl_iface test coverage
This tests various error conditions and less commonly used operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Mar 2014 14:24:57 +0000 (16:24 +0200)]
Remove unnecessary parameter validation
This is dead code since this helper function is always called with
non-NULL pointer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Arif Hussain [Fri, 21 Mar 2014 07:38:23 +0000 (00:38 -0700)]
P2P: Avoid unsafe pre-configured channel as channel preference
Do not select pre-configured channel as operating channel preference if
it is unavailable maybe due to interference or possible known
co-existence constraints, and try to select random available channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Dmitry Shmidt [Fri, 14 Mar 2014 20:55:25 +0000 (13:55 -0700)]
Add freq= parameter to 'set pno' command
This allows channels-to-be-scanned to be specified for PNO similarly to
the scan command.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Tomasz Bursztyka [Fri, 21 Mar 2014 11:48:08 +0000 (13:48 +0200)]
dbus: Implement P2P Peers info IEs buffer getter
Since it declares providing such property, let's expose it relevantly.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Tomasz Bursztyka [Fri, 21 Mar 2014 11:48:07 +0000 (13:48 +0200)]
dbus: Export the peer's device address as a property
This could be useful in some cases.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Tomasz Bursztyka [Fri, 21 Mar 2014 11:48:06 +0000 (13:48 +0200)]
dbus: Declare properly ServiceDiscoveryRequest method
It does return something: the reference of the request, as an integer,
which can be used then with ServiceDiscoveryCancelRequest to get
canceled.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Tomasz Bursztyka [Fri, 21 Mar 2014 11:48:05 +0000 (13:48 +0200)]
dbus: Cancelling a service request always reply by an error
p2p_sd_cancel_request returns -1 in case of error, so does
wpas_p2p_sd_cancel_request.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Tomasz Bursztyka [Fri, 21 Mar 2014 11:48:04 +0000 (13:48 +0200)]
dbus: Remove duplicate signal declaration
ServiceDiscoveryExternal is uselessly declared twice.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Pawel Kulakowski [Fri, 21 Mar 2014 07:18:00 +0000 (08:18 +0100)]
Don't overwrite channel on hostapd config reload
There was possibility that the current channel in Beacon information
element was incorrectly set. This problem was easily observed when
primary and secondary channel were switched and then some of hostapd
settings (for example password) were changed using WPS External
Registrar. This caused hostapd_reload_config() function overwrite the
current channel information from config file.
This patch prevents this situation and does not allow to overwrite
channel and some other settings when config is reloaded.
Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
Eduardo Abinader [Thu, 20 Mar 2014 12:43:31 +0000 (08:43 -0400)]
P2P: Fix GO failed interface init
Whenever an ongoing GO Neg has failed, due to interface init, the P2P
Device should cancel timeouts and issue wpas_p2p_group_formation_failed,
so the other peer detects faster group formation has failed.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Andrei Otcheretianski [Thu, 20 Mar 2014 07:24:11 +0000 (09:24 +0200)]
wpa_supplicant: Fix radio_remove_interface
Remove pending radio works when an interface is removed from a radio.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Dmitry Shmidt [Tue, 18 Mar 2014 22:52:27 +0000 (15:52 -0700)]
Android: Enable CONFIG_EAP_AKA_PRIME option
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Prameela Rani Garnepudi [Tue, 18 Mar 2014 12:05:22 +0000 (12:05 +0000)]
Add get_radio_name() driver wrapper for wpa_supplicant
Signed-off-by: Prameela Rani Garnepudi <prameela.g@samsung.com>
Guoqiang Liu [Mon, 17 Mar 2014 04:54:00 +0000 (12:54 +0800)]
D-Bus: Make p2p_no_group_iface configurable
Some old device need to set p2p_no_group_iface=1 to set up a P2P
connection, so add a D-Bus interface to configure it.
Signed-off-by: Guoqiang Liu <guoqiang.liu@archermind.com>
Jouni Malinen [Fri, 21 Mar 2014 18:04:01 +0000 (20:04 +0200)]
Fix hostapd.conf description of HT40+
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 20 Mar 2014 15:01:37 +0000 (17:01 +0200)]
WPS: Clear WPS data on init failure
It was possible for hapd->wps_beacon_ie and hapd->wps_probe_resp_ie to
be set if WPS initialization in hostapd failed after having set these
parameters (e.g., during UPnP configuration). In addition, many of the
other WPS configuration parameters that were allocated during the first
part of the initialization were not properly freed on error paths.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 20 Mar 2014 22:13:33 +0000 (00:13 +0200)]
tests: Verify Pre-authentication EAPOL status
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 20 Mar 2014 21:47:58 +0000 (23:47 +0200)]
tests: EAP-SIM/AKA with protected result indication
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 20 Mar 2014 13:13:48 +0000 (15:13 +0200)]
WPS: Do not advertise WPA/WPA2-Enterprise Auth Type Flags
While the device itself may support WPA/WPA2-Enterprise, enrollment of
credentials for EAP authentication is not supported through WPS. As
such, there is no need to claim support for these capabilities within
WPS information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 19 Mar 2014 22:16:00 +0000 (00:16 +0200)]
tests: Authentication server using PKCS#12 file
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 19 Mar 2014 22:02:00 +0000 (00:02 +0200)]
tests: Invalid ca_cert hash:// value
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 19 Mar 2014 21:50:57 +0000 (23:50 +0200)]
tests: TLS domain_suffix_match rejection due to incomplete label match
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 19 Mar 2014 21:46:53 +0000 (23:46 +0200)]
tests: Increase altsubject_match coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 18 Mar 2014 20:45:07 +0000 (22:45 +0200)]
nl80211: Do not indicate scan started event on scan_for_auth
The scan_for_auth workaround for cfg80211 missing a BSS entry for the
target BSS during authentication uses a single channel scan controlled
within driver_nl80211.c. This operation does not indicate
EVENT_SCAN_RESULTS to the upper layer code. However, it did report
EVENT_SCAN_STARTED and this resulted in the radio work protection code
assuming that an external program triggered a scan, but that scan never
completed. This resulted in all new radio work items getting stuck
waiting for this scan to complete.
Fix this by handling the scan_for_auth situation consistently within
driver_nl80211.c by filtering both the EVENT_SCAN_STARTED and
EVENT_SCAN_RESULTS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 17 Mar 2014 22:05:44 +0000 (00:05 +0200)]
HS 2.0R2: Clean up debug log during exit path
deinit_ctx() may print debug information, so do not call
wpa_debug_close_file() before deinit_ctx().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 17 Mar 2014 22:03:59 +0000 (00:03 +0200)]
HS 2.0R2: Do not mandate OCSP response for EST operations
OCSP validation is required only for the OSU operations and since the
EST server may use a different server certificate, it may not
necessarily support OCSP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 17 Mar 2014 21:56:17 +0000 (23:56 +0200)]
HS 2.0R2: Do not use OSU cert validation for EST
There is no requirement for the EST server to use an OSU server
certificate, so do not require friendly name and icon hash matches for
EST cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 17 Mar 2014 21:46:12 +0000 (23:46 +0200)]
HS 2.0R2: Configure OSU client trust root more consistently
Some of the code paths could have ended up ignoring CA file name from
command line due to overly complex way of setting ctx->ca_fname.
Configure this more consistently in osu_client.c as soon as the CA file
name has been determined.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 17 Mar 2014 21:12:25 +0000 (23:12 +0200)]
HS 2.0R2: Clean up debug from libcurl
Do not truncate CURLINFO entries on first linefeed to get full IN/OUT
headers and data into debug log. Use wpa_hexdump_ascii() if any
non-displayable characters are included. Remove the separate header/data
debug dumps since all that information is now available from the debug
callback.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 17 Mar 2014 16:23:13 +0000 (18:23 +0200)]
Fix AP mode default TXOP Limit values for AC_VI and AC_VO
These were previous set to 3.0 and 1.5 ms which ended up using values 93
and 46 in 36 usec inits. However, the default values for these are
actually defined as 3.008 ms and 1.504 ms (94/47) and those values are
also listed in the hostapd.conf example.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 16 Mar 2014 10:28:49 +0000 (12:28 +0200)]
TLS testing: Add new test cases for RSA-DHE primes
test-tls-4: Short 511-bit RSA-DHE prime
test-tls-5: Short 767-bit RSA-DHE prime
test-tls-6: Bogus RSA-DHE "prime" 15
test-tls-7: Very short 58-bit RSA-DHE prime in a long container
test-tls-8: Non-prime as RSA-DHE prime
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Mar 2014 10:27:52 +0000 (12:27 +0200)]
TLS client: Reject RSA-DHE prime if it shorter than 768 bits
Such short primes cannot really be considered secure enough for
authentication purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 16 Mar 2014 08:59:17 +0000 (10:59 +0200)]
TLS testing: Fix test_flags check for ApplData report
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 22:18:03 +0000 (00:18 +0200)]
tests: wpa_supplicant MIB command
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 22:13:23 +0000 (00:13 +0200)]
tests: Supplicant-enforced PTK rekey
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 22:03:07 +0000 (00:03 +0200)]
tests: TDLS discovery
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 21:52:43 +0000 (23:52 +0200)]
tests: EAP TLS parameters using configuration blobs
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 21:51:37 +0000 (23:51 +0200)]
Allow config blobs to be set through ctrl_iface
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
Michal Kazior [Fri, 28 Feb 2014 14:19:42 +0000 (15:19 +0100)]
ACS: Fix VHT20
The center segment0 calculation for VHT20 ACS was incorrect. This caused
ACS to fail with: "Could not set channel for kernel driver".
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Jouni Malinen [Sat, 15 Mar 2014 15:27:05 +0000 (17:27 +0200)]
tests: WPS AP PIN unlocking
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 15:21:05 +0000 (17:21 +0200)]
tests: WPS AP configuration using external settings management
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 15:11:14 +0000 (17:11 +0200)]
tests: WPS PIN request file
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 14:11:45 +0000 (16:11 +0200)]
tests: More HT40 co-ex scan cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 14:42:29 +0000 (16:42 +0200)]
Fix HT40 co-ex scan for some pri/sec channel switches
Secondary channel was compared incorrectly (-4/4 vs. actual channel
number) which broke matching neighboring 40 MHz BSSes and only the
no-beacons-on-secondary-channel rule was applied in practice. Once
sec_chan was fixed, this triggered another issue in this function where
both rules to switch pri/sec channels could end up getting applied in a
way that effectively canceled the switch.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 13:49:32 +0000 (15:49 +0200)]
tests: VLAN with tagged interface
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 11:46:01 +0000 (13:46 +0200)]
tests: AP using inactivity poll/disconnect
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 10:38:08 +0000 (12:38 +0200)]
tests: Go to listen state in go_neg_pin_authorized
Previusly, the responding device was left in p2p_find state as a
consequence of using discover_peer() if the peer was not already known.
This was not the sequence that was supposed to be used here. Go to
listen-only state when waiting for the peer to initiate a previously
authorized GO Negotiation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 15 Mar 2014 09:52:11 +0000 (11:52 +0200)]
tests: RSN pre-authentication
Signed-off-by: Jouni Malinen <j@w1.fi>