www.project-moonshot.org Git - mech

Assign QCA commands and attributes for Tx power scaling and OTA testing

Assign nl80211vendor commands QCA_NL80211_VENDOR_SUBCMD_OTA_TEST and
QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE as well as corresponding
attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P device discovery and control character in Device Name

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Filter control chars in group client device name similarly to peer

P2P device discovery can add peer entries based on a message directly
from a peer and from a Probe Response frame from a GO for all the P2P
Clients in the group. The former case for filtering out control
characters from the device name while the latter was not. Make this
consistent and filter both cases in the same way to avoid confusing
external programs using the device name of a P2P peer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

TDLS: Do not send error case of TPK M3 if TX fails

There is no point in sending TPK M3 (TDLS Setup Confirm) with a failure
status if the first transmission attempt fails. Instead, just return a
failure by disabling the link rather than retransmitting the TPK M3
frame with an error status.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Fix scan flush in p2ps_channel_both_connected_same

Need to do this before associating with the AP and with the correct
devices.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Skip radius_acct_ipaddr if kernel does not support ProxyARP

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Fix build without CONFIG_ERP=y

hmac_sha256_kdf() got pulled in only if CONFIG_ERP=y is set. Fix
test_sha256() by making the test case conditional on the function being
present.

Signed-off-by: Jouni Malinen <j@w1.fi>

wpa_supplicant: Reopen debug log file upon receipt of SIGHUP signal

This is useful for logrotate to be able to rotate the file even if the
control interface is not enabled (e.g., when using DBus).

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>

Do not write ERROR level log entries if debug file is not used

wpa_debug_reopen_file() used to write an error message at MSG_ERROR
level if it was called with last_path == NULL (the last debug log file
path not known). This is not a fatal error, but a normal case if
wpa_debug_open_file() has not been used. Remove the error message and
return success in such case.

Signed-off-by: Jouni Malinen <j@w1.fi>

l2_packet: Add build option to disable Linux packet socket workaround

Linux packet socket workaround(*) has an impact in performance when the
workaround socket needs to be kept open to receive EAPOL frames. While
this is normally avoided with a kernel that has the issue addressed by
closing the workaround packet socket when detecting a frame through the
main socket, it is possible for that mechanism to not be sufficient,
e.g., when an open network connection (no EAPOL frames) is used.

Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the
workaround. This build option is disabled by default and can be enabled
explicitly on distributions which have an older kernel or a fix for the
kernel regression.

Also remove the unused variable num_rx.

(*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596
('bridge: respect RFC2863 operational state') from 2012 introduced a
regression for using wpa_supplicant with EAPOL frames and a station
interface in a bridge.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>

tests: WPA2-PSK AP with PMF required and PMF disabled on STA

Signed-off-by: Jouni Malinen <j@w1.fi>

RSN: Do not try to connect if PMF disabled and AP requires it

Instead of trying to associate in configuration that is known to result
in the AP rejecting the association, reject the BSS candidate based on
the MFPR=1 RSN capability when STA configuration has PMF disabled.

Signed-off-by: Jouni Malinen <j@w1.fi>

WNM: Verify WNM Sleep Mode element length

This element is required to have at least four octets of actual payload.
This was not previously verified before use and the extra buffer data
after the IE might have been used instead if a received WNM-Sleep Mode
Response frame was invalid.

Signed-off-by: Jouni Malinen <j@w1.fi>

WNM: Mark set TFS buffer const

This moves the type cast needed for the current driver interface to
ieee802_11_set_tfs_ie() to allow the WNM-Sleep parsing routines to use
const pointers.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: WNM Action protocol testing

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2P autonomous GO and no P2P IE in Probe Response scan results

autogo_scan verifies the special case where a Probe Response frame
without P2P IE has been received from a GO (e.g., due to a non-P2P
interface requesting a scan) and P2P information from a Beacon frame
needs to be used instead to determine that the group is persistent.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Move P2P helper functions to a separate file

This makes it easier to import these into the P2P test scripts.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Interworking network selection and ANQP format errors

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2P protocol tests for service discovery messages

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2P protocol tests for Group Info parsing

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Wi-Fi Display extensions to P2P and special parsing cases

Signed-off-by: Jouni Malinen <j@w1.fi>

privsep: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

wext: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

nl80211: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

ndis: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

hostap: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

atheros: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

PCSC: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

SAE: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

GAS server: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

RSN auth: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

AP: Avoid undefined behavior in pointer arithmetic in IE parsing

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

RADIUS: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

TLS: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

RSN: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P SD: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

HS 2.0: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

Avoid undefined behavior in pointer arithmetic in scan result IE parsing

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

WNM: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

Avoid undefined behavior in pointer arithmetic in BSS IE parsing

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

Interworking: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-IKEv2 peer: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-IKEv2 server: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-FAST peer: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-FAST server: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

Avoid undefined behavior in pointer arithmetic in IE parsing

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

FT: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

WPS: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-GPSK error cases

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Add TEST_FAIL() condition to omac1_aes_vector()

This enables more error path testing.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-GPSK: Check HMAC-SHA256 result in GKDF and MIC

hmac_sha256() and hmac_sha256_vector() return a result code now, so use
that return value to terminate HMAC-SHA256-based GKDF/MIC similarly to
what was already done with the CMAC-based GKDF/MIC.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: RADIUS Accounting and Framed-IP-Address

Signed-off-by: Jouni Malinen <j@w1.fi>

Add Framed-IP-Address to Accounting-Request if STA address is known

The recently added ProxyARP support (proxy_arp=1) in hostapd allows a
STA IPv4 address to be learned from DHCP or ARP messages. If that
information is available, add it to Account-Request messages in
Framed-IP-Address attribute.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Maximum STA count and limit on Probe Response frames

This verifies hostapd behavior with no_probe_resp_if_max_sta=1.

Signed-off-by: Jouni Malinen <j@w1.fi>

Option to reduce Probe Response frame responses during max STA

The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can
be used to request hostapd not to reply to broadcast Probe Request
frames from unassociated STA if there is no room for additional stations
(max_num_sta). This can be used to discourage a STA from trying to
associate with this AP if the association would be rejected due to
maximum STA limit.

Signed-off-by: Jouni Malinen <j@w1.fi>

Add "git describe" based version string postfix

If hostapd or wpa_supplicant is built from a git repository, add a
VERSION_STR postfix from the current git branch state. This is from "git
describe --dirty=+". VERSION_STR will thus look something like
"2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a
modified repository.

This behavior is enabled automatically if a build within git repository
is detected (based on ../.git existing). This can be disabled with
CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config.

Signed-off-by: Jouni Malinen <j@w1.fi>

eapol_test: Add -v for displaying version information

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P: Add P2P_ASSOC_RESP to P2P vendor elements

Vendor specific IEs added to frame type P2P_ASSOC_RESP are saved in
the interface context, but as they are added as part of the P2P IEs,
they need to be saved in the global P2P context.

Fix this by directing vendor specific IEs added to P2P_ASSOC_RESP
frame type to the P2P context.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Change wpas_config_file test for dedicated P2P Device case

SAVE_CONFIG command on the global control interface tries to save
the config file on all interfaces. The test disabled updating the
config file only on one interface, thus for configurations that
support a dedicated P2P Device interface, saving the config file
would still have succeeded on the P2P Device interface.

Fix the test by disabling updating the configuration file on the global
control interface (which will, in practice, disable this for the P2P
Device interface) in addition to disabling it on the main interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Set MAC address in wpas_ctrl_interface_add2 test

mac80211_hwsim only supports 2 different MAC addresses.
Configurations that use a dedicated P2P Device interface already
use these 2 addresses, so adding another interface on the same
PHY results in a duplicated MAC address.

Fix this by changing the MAC address of the added interface to make
sure the new interface has a unique MAC address.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Set bridge ageing in ap_wpa2_bridge_fdb test

Set the bridge ageing to 1 sec to make the bridge clear unused
addresses after this interval. Otherwise the test depends on
the local configuration of brctl.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Fix ap_cipher_tkip_countermeasures_sta test

Write the main interface address to the tkip_mic_test debugfs file
to generate Michael MIC failure event (which is different than the
p2p_dev_addr when a dedicated P2P Device interface is used).

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

TDLS: On a TPK timeout, tear down the link before renewal by the initiator

On TPK lifetime expiration, tear down the direct link before renewing
the link in the case of TDLS initiator processing. The expired key
cannot be used anymore, so it is better to explicitly tear down the old
link first.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P GO Negotiation special cases

These test cases verify behavior with parallel scan operations while
going through GO Negotiation and duplicated GO Negotiation Request frame
RX with not-yet-ready sequence in GO Negotiation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Fix P2P message construction byte order for config_method

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Do not reply to GO Negotiation Request if peer is waiting for us

This improves robustness of GO Negotiation in special cases where GO
Negotiation Request frames from the peer may end up getting delivered
multiple times, e.g., due to interference and retransmitted frames not
getting properly filtered out in duplicate detection (which is something
that number of drivers do not implement for pre-associated state).

If we have already replied with GO Negotiation Response frame with
Status 1 (not yet ready), do not reply to another GO Negotiation Request
frame from the peer if we have already received authorization from the
user (P2P_CONNECT command) for group formation and have sent out our GO
Negotiation Request frame. This avoids a possible sequence where two
independent GO Negotiation instances could go through in parallel if the
MAC address based rule on avoiding duplicate negotiations is not able to
prevent the case. This can allow GO Negotiation to complete successfully
whereas the previous behavior would have likely resulted in a failure
with neither device sending a GO Negotiation Confirm frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Add more debug prints for Action frame TX clearing steps

This makes it easier to analyze debug logs for issues related to
multiple pending Action TX frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Portability fixes for FreeBSD - os_fdatasync()

Use fsync() when fdatasync() and F_FULLSYNC isn't available.

Signed-off-by: Rui Paulo <rpaulo@freebsd.org>

nl80211: Disable 11b rates for P2P (additional cases)

Some drivers (like mac80211) do not accept changing the TX bitrate mask
before the network interface is up. Thus, calling
nl80211_disable_11b_rates() before the interface is up fails, and the
P2P network interface continues to use invalid bitrates.

To fix this call nl80211_disable_11b_rates() immediately after the
interface is brought up (and also after rfkill is unblocked).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

Do not expire scan results based on aborted scan

Do not expire scan results entries based on scan results from a scan
that was aborted. The aborted scan did not scan all the requested
channels or SSIDs, so the fact that a BSS is missing from the scan
results does not mean it is not available.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

P2P: Set CTWindow only for P2P GO

CTWindow was set for all AP interfaces if the driver supports it and
this parameter is set in wpa_supplicant configuration. This results in
failing to start an AP that is not a P2P GO as this setting is rejected
by the driver.

Fix that by setting the CTWindow only for P2P GO interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

Escape DEL char (ASCII 127 decimal) in SSIDs

While testing, I noticed that printf_encode() makes control characters
human-readable, with one exemption, the DEL character (ASCII 127).
Assuming this exemption was unintentional, make it appear as an escaped
\x7f instead of a literal DEL character in the output.

Signed-off-by: Josh Lehan <krellan@krellan.net>

tests: Fix VM tests for Fedora

Binaries aren't always in /usr/bin/, plus kvm is sometimes 'qemu-kvm'.

Signed-off-by: Dan Williams <dcbw@redhat.com>

tests: Fix regulatory domain reset in FST test case failure cases

send_iface_detach_request() can fail and that resulted in skipping a
call to restore_reg_domain() and leaving unexpected country
configuration for following test cases. This could result in failures,
e.g., in this sequence: fst_proto wpas_mesh_open_5ghz

Fix this by ignoring exceptions from send_iface_detach_request() and
continuing to restore regulatory domain.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

atheros: Fix hapd_deinit() handler with generic IEs set

atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

nl80211: Increase buffer size for reporting scan frequencies

It is possible for a driver to support sufficient number of channels to
hit the previous limit of 200 characters for the "nl80211: Scan included
frequencies:" debug message. Increase the maximum buffer length to 300
characters to allow more complete list of scanned frequencies to be
written into the debug log. This limit is more in line with the
MAX_REPORT_FREQS (50) limit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Fix Suite B 192-bit AKM to use proper PMK length

In addition to the PTK length increasing, the length of the PMK was
increased (from 256 to 384 bits) for the 00-0f-ac:12 AKM. This part was
missing from the initial implementation and a fixed length (256-bit) PMK
was used for all AKMs.

Fix this by adding more complete support for variable length PMK and use
384 bits from MSK instead of 256 bits when using this AKM. This is not
backwards compatible with the earlier implementations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Remove unreachable PMKSA cache entry addition on Access-Accept

The previous implementation used an obsolete sm->eapol_key_crypt pointer
which was not set anywhere (i.e., was always NULL). In addition, the
condition of sm->eap_if->eapKeyAvailable was not valid here since this
is the case of MSK from an external authentication server and not the
internal EAP server. Consequently, the wpa_auth_pmksa_add() call here
was never used.

The PMKSA cache was still added, but it happened at the completion of
the 4-way handshake rather than at the completion of EAP authentication.
That later location looks better, so delete the unreachable code in
Access-Accept handling. In addition, remove the now complete unused
struct eapol_state_machine eapol_key_* variables.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

hostapd: Fix WPA, IEEE 802.1X, and WPS deinit in cases where init fails

With driver wrappers that implement set_privacy(), set_generic_elem(),
set_ieee8021x(), or set_ap_wps_ie(), it was possible to hit a NULL
pointer dereference in error cases where interface setup failed and
the network configuration used WPA/WPA2, IEEE 802.1X, or WPS.

Fix this by skipping the driver operations in case the driver interface
is not initialized.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Fix p2ps_channel_both_connected_same

I modified this test case for commit
eabf083984230f7f608f28f61319f8cd67ba19cf ('tests: P2PS channel
handling') to use dev[2] instead of dev[0], but forgot to update the
p2ps_connect_p2ps_method() dev list to match that. Fix this to actually
use a concurrent connection.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: D-Bus ExpectDisconnect

Signed-off-by: Jouni Malinen <j@w1.fi>

D-Bus: Add a dbus handler for expected disconnection

Add a global D-Bus handler ExpectDisconnect for setting
wpa_s->own_disconnect_req flag. This flag will prevent wpa_supplicant
from adding blacklists and requesting incomplete scan upon the incoming
disconnection. This is mainly meant for a case where suspend/resume is
used and some external component knows about that and can provide the
information to wpa_supplicant before the disconnection happens.

Signed-off-by: Ningyuan Wang <nywang@google.com>

tests: Fix dbus_interface to restore P2P channel list to default

It was possible for the dbus_interface test case to leave the P2P
channel lists with 5 GHz channels enabled due to the special driver=none
case. This could make the following P2P test case fail due to selecting
an unexpected channel. Fix this by forcing P2P channel list update at
the end of the dbus_interface test case.

This was triggering with the following hwsim test case sequence:
dbus_interface p2ps_connect_adv_go_p2ps_method_group_iface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Clear own_disconnect_req on new connection attempt

It was possible for wpa_s->own_disconnect_req to be left set to 1 from a
disconnection attempt from a prior connection. This could then prevent
proper connection failure processing with the new connection in
wpas_connection_failed(). This was triggered by the following hwsim test
case sequence: wpas_mesh_secure sae_no_ffc_by_default. In this sequence,
the SAE failure due to unsupported group did not result in proper
wpas_connection_failed() processing and retry.

Fix this by clearing wpa_s->own_disconnect_req in
wpa_supplicant_associate() before starting a new connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: EAP-MSCHAPv2 error cases

Signed-off-by: Jouni Malinen <j@w1.fi>

OpenSSL: Add TEST_FAIL() checks to allow error path testing

This makes it easier to test various error paths related to key
derivation and authentication steps.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Dynamic radio in p2ps_channel_sta_connected_disallow_freq_mcc

Use a dynamic HWSimRadio in p2ps_channel_sta_connected_disallow_freq_mcc
to allow MCC test case to be executed in default setting (MCC disabled
for the default radios).

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Speed up P2PS test cases using join-a-group

Figure out GO operating frequency and use a single channel scan with
P2P_CONNECT-join.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Speed up p2ps_active_go_seeker by using a single-channel scan

There is no test coverage benefit from using all-channels scan in
P2P_CONNECT-join here.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Speed up p2ps_connect_adv_go_persistent

Stop the pending P2P_LISTEN operation priot to issuing P2P_GROUP_ADD to
start a GO. This avoids excessively long wait for the previous Listen
step to complete before being able to start the GO. This makes
p2ps_connect_adv_go_persistent take significantly less time.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Make P2PS tests less likely to fail in P2PS-PROV-DONE timeouts

The combination of starting P2P extended listen and issuing
P2P_ASP_PROVISION_RESP almost immediately after that while in P2P_LISTEN
state resulted in caes where the advertiser could end up going back to a
long listen state while trying to retransmit PD Request. This resulted
in p2ps_provision() timing out while waiting for P2PS-PROV-DONE
especially in p2ps_feature_capability_* test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2PS channel handling

Add tests to verify proper handling of channel considerations in P2PS
PD.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

tests: Add role parameter to asp_provision

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Do not add unnecessary attributes to PD Response

Don't add unnecessary P2PS attributes to PD Response depending on the
type of exchange.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

P2PS: Do not add unnecessary follow-on PD Request attributes

Don't add unnecessary P2PS follow-on PD Request attributes when
the request status is not P2P_SC_SUCCESS_DEFERRED.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

P2PS: Fix persistent group reporting in wpas_p2ps_prov_complete()

When one peer doesn't include a persistent group info in PD Request
the other peer shouldn't report a persistent group usage with this
peer even if such a persistent group exists locally. This condition
could be violated in the previous implementation.

In case a local persistent group exists and the
wpas_p2ps_prov_complete() function is called with persist_ssid parameter
set to NULL, wpa_supplicant reported P2PS-PROV-DONE with persist=<idx>
instead of conncap=<role> parameter.

This happened because the wpas_p2p_get_persistent() function was called
without verification whether the persist_ssid was set to NULL. In this
case the wpas_p2p_get_persistent() returns the first existing persistent
group matching the P2P Device Address without verifying the group's
SSID. After that the group ID is used as persist=<idx> parameter of
P2PS-PROV-DONE event.

Fix the issue by adding persist_ssid and persist_ssid_size verification
as a condition for the wpas_p2p_get_persistent() call.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

P2PS: Fix PD Request parameter handling

In P2PS PD Request processing in some error case scenarios, such as
verification of the WPS config method, the flow aborts before saving
mandatory P2PS PD Request attributes. This in turn causes the control
interface notification events to be sent with invalid parameters.

Fix this by changing the order of verification and processing steps of
the PD Request message handling.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

P2PS: Indicate the chosen operating frequency

On successful P2P PD, report the chosen frequency in case the local
device is going to be the P2P GO, so in can later be used to instantiate
the new P2P GO, etc.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Process channels in PD Response

In case the P2PS PD Response includes the P2P Channel List attribute,
update the peer device supported channels and verify that the local
device has common channels with the peer (only a sanity check).

If the Operating Channel attribute is included in the response, check
that it is included in the intersection and store it as the peer's
operating frequency (so it could later be used in the join flow, etc.).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>