www.project-moonshot.org Git - mech

dbus: Remove unused dict helper functions

There are no callers for these helper functions.

Signed-off-by: Jouni Malinen <j@w1.fi>

wpa_cli: Add support for vendor_elem_* commands

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>

tests: Clear config_methods at the end of wpas_ctrl_set_wps_params

It was possible for dev[2] to be left with non-default config_methods
parameter at the end of the test case and that could result issues in
following test cases. This hit a failure in the following sequence:
wpas_ctrl_set_wps_params p2ps_channel_active_go_and_station_same

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP peer: Clear ignore flag in INITIALIZE state

While this is not part of RFC 4137, the way m.check(eapReqData) is
implemented in wpa_supplicant allows an EAP method to not update the
ignore value even though each such call is really supposed to get a new
response. It seems to be possible to hit a sequence where a previous EAP
authentication attempt terminates with sm->ignore set from the last
m.check() call and the following EAP authentication attempt could fail
to go through the expected code path if it does not clear the ignore
flag. This is likely only hit in some error cases, though. The hwsim
test cases could trigger this with the following sequence:
eap_proto_ikev2 ap_wps_m1_oom

Signed-off-by: Jouni Malinen <j@w1.fi>

Add test programs for checking libwpa_client linking

libwpa_test1 and libwpa_test2 targets can now be used to check
libwpa_client linking for static and shared library cases respectively.

Signed-off-by: Jouni Malinen <j@w1.fi>

wpa_supplicant/Makefile: Fix libwpa_client build

Building libwpa_client requires src/utils/common.c for bin_clear_free()
else loading the library fails with:

Error relocating /usr/lib/libwpa_client.so: bin_clear_free: symbol not found

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>

TLS: Fix memory leak with multiple TLS server instances

When using CONFIG_TLS=internal and starting hostapd with multiple
configuration files that each initialize TLS server, the server
certificate and related data was not freed for all the interfaces on
exit path. Fix this by freeing the credential data that is stored
separately for each call to tls_init().

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Fix wifi_display_parsing

Due to a typo in a function name, this test case ended up running
without the final cleanup. That could result in the following test cases
failing, e.g., when running this sequence:
wifi_display_parsing dbus_p2p_go_neg_auth

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-SIM DB error cases

Signed-off-by: Jouni Malinen <j@w1.fi>

eap_sim_db: Implement eap_sim_db_expire_pending()

Expire pending DB request for EAP-SIM/AKA/AKA'. Timeout defaults to 1
second and is user configurable in hostapd.conf (eap_sim_db_timeout).

Signed-off-by: Frederic Leroy <frederic.leroy@b-com.com>

tests: VHT with 160 MHz channel width and no DFS

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Add frequency to operating class determination for 5 GHz 100..140

This extends ieee80211_freq_to_channel_ext() with knowledge of the
operating classes for the 5 GHz channels 100..140.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Add testcases for interface global properties

Signed-off-by: Dan Williams <dcbw@redhat.com>

dbus: Expose interface globals via D-Bus properties

All interface globals are now exposed as D-Bus properties of type
string, and parsed via the normal interface global parsing functions.

Signed-off-by: Dan Williams <dcbw@redhat.com>

dbus: Pass property description to getters/setters

We'll use it later for global interface properties.

Signed-off-by: Dan Williams <dcbw@redhat.com>

RSN: Check result of EAPOL-Key frame send request

Provide information on whether EAPOL-Key frame was sent successfully to
kernel for transmittion. wpa_eapol_key_send() will return
>= 0 on success and < 0 on failure. After receiving EAPOL-Key msg 3/4,
wpa_supplicant sends EAPOL-Key msg 4/4 and shows CTRL-EVENT-CONNECTED
only after verifying that the msg 4/4 was sent to kernel for
transmission successfully.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>

Allow -1 as value to disable frag_threshold

To be consistent with the internal representation of how to disable
framentation, allow -1 as a value to disable it in configuration.

Signed-off-by: Matthias May <matthias.may@neratec.com>

Extend the range of values for the RTS threshold

Since we have HT rates the maximum framesize is no longer 2346. The
usual maximum size of an A-MPDU is 65535. To disable RTS, the value -1
is already internally used. Allow it in the configuration parameter.

Signed-off-by: Matthias May <matthias.may@neratec.com>

tests: Update hapd_ctrl_set_error_cases RTS/fragmentation threshold

The previously used invalid values will become allowed with the
following commits, so change the test case to use values that both were
and will continue to be invalid to avoid unnecessary failures.

Signed-off-by: Jouni Malinen <j@w1.fi>

hostapd: Add feature to start all interfaces at the same time in sync

When multiple interfaces across mutiple radios are started using a
single instance of hostapd, they all come up at different times
depending upon how long the ACS and HT scan take on each radio. This
will result in stations (that already have the AP profile) associating
with the first interfaces that comes up. For example in a dual band
radio case (2G and 5G) with ACS enabled, 2G always comes up first
because the ACS scan takes less time on 2G and this results in all
stations associating with the 2G interface first.

This feature brings up all the interfaces at the same time. The list of
interfaces specified via hostapd.conf files on the command line are all
marked as sync interfaces. All the interfaces are synchronized in
hostapd_setup_interface_complete().

This feature is turned on with '-S' commmand line option.

Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>

Reserve QCA vendor specific nl80211 commands 110..114

These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Assign QCA commands and attributes for Tx power scaling and OTA testing

Assign nl80211vendor commands QCA_NL80211_VENDOR_SUBCMD_OTA_TEST and
QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE as well as corresponding
attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P device discovery and control character in Device Name

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Filter control chars in group client device name similarly to peer

P2P device discovery can add peer entries based on a message directly
from a peer and from a Probe Response frame from a GO for all the P2P
Clients in the group. The former case for filtering out control
characters from the device name while the latter was not. Make this
consistent and filter both cases in the same way to avoid confusing
external programs using the device name of a P2P peer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

TDLS: Do not send error case of TPK M3 if TX fails

There is no point in sending TPK M3 (TDLS Setup Confirm) with a failure
status if the first transmission attempt fails. Instead, just return a
failure by disabling the link rather than retransmitting the TPK M3
frame with an error status.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Fix scan flush in p2ps_channel_both_connected_same

Need to do this before associating with the AP and with the correct
devices.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Skip radius_acct_ipaddr if kernel does not support ProxyARP

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Fix build without CONFIG_ERP=y

hmac_sha256_kdf() got pulled in only if CONFIG_ERP=y is set. Fix
test_sha256() by making the test case conditional on the function being
present.

Signed-off-by: Jouni Malinen <j@w1.fi>

wpa_supplicant: Reopen debug log file upon receipt of SIGHUP signal

This is useful for logrotate to be able to rotate the file even if the
control interface is not enabled (e.g., when using DBus).

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>

Do not write ERROR level log entries if debug file is not used

wpa_debug_reopen_file() used to write an error message at MSG_ERROR
level if it was called with last_path == NULL (the last debug log file
path not known). This is not a fatal error, but a normal case if
wpa_debug_open_file() has not been used. Remove the error message and
return success in such case.

Signed-off-by: Jouni Malinen <j@w1.fi>

l2_packet: Add build option to disable Linux packet socket workaround

Linux packet socket workaround(*) has an impact in performance when the
workaround socket needs to be kept open to receive EAPOL frames. While
this is normally avoided with a kernel that has the issue addressed by
closing the workaround packet socket when detecting a frame through the
main socket, it is possible for that mechanism to not be sufficient,
e.g., when an open network connection (no EAPOL frames) is used.

Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the
workaround. This build option is disabled by default and can be enabled
explicitly on distributions which have an older kernel or a fix for the
kernel regression.

Also remove the unused variable num_rx.

(*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596
('bridge: respect RFC2863 operational state') from 2012 introduced a
regression for using wpa_supplicant with EAPOL frames and a station
interface in a bridge.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>

tests: WPA2-PSK AP with PMF required and PMF disabled on STA

Signed-off-by: Jouni Malinen <j@w1.fi>

RSN: Do not try to connect if PMF disabled and AP requires it

Instead of trying to associate in configuration that is known to result
in the AP rejecting the association, reject the BSS candidate based on
the MFPR=1 RSN capability when STA configuration has PMF disabled.

Signed-off-by: Jouni Malinen <j@w1.fi>

WNM: Verify WNM Sleep Mode element length

This element is required to have at least four octets of actual payload.
This was not previously verified before use and the extra buffer data
after the IE might have been used instead if a received WNM-Sleep Mode
Response frame was invalid.

Signed-off-by: Jouni Malinen <j@w1.fi>

WNM: Mark set TFS buffer const

This moves the type cast needed for the current driver interface to
ieee802_11_set_tfs_ie() to allow the WNM-Sleep parsing routines to use
const pointers.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: WNM Action protocol testing

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2P autonomous GO and no P2P IE in Probe Response scan results

autogo_scan verifies the special case where a Probe Response frame
without P2P IE has been received from a GO (e.g., due to a non-P2P
interface requesting a scan) and P2P information from a Beacon frame
needs to be used instead to determine that the group is persistent.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Move P2P helper functions to a separate file

This makes it easier to import these into the P2P test scripts.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Interworking network selection and ANQP format errors

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2P protocol tests for service discovery messages

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2P protocol tests for Group Info parsing

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Wi-Fi Display extensions to P2P and special parsing cases

Signed-off-by: Jouni Malinen <j@w1.fi>

privsep: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

wext: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

nl80211: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

ndis: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

hostap: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

atheros: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

PCSC: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

SAE: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

GAS server: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

RSN auth: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

AP: Avoid undefined behavior in pointer arithmetic in IE parsing

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

RADIUS: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

TLS: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

RSN: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P SD: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

HS 2.0: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

Avoid undefined behavior in pointer arithmetic in scan result IE parsing

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

WNM: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

Avoid undefined behavior in pointer arithmetic in BSS IE parsing

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

Interworking: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-IKEv2 peer: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-IKEv2 server: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-FAST peer: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-FAST server: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

Avoid undefined behavior in pointer arithmetic in IE parsing

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

FT: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

WPS: Avoid undefined behavior in pointer arithmetic

Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-GPSK error cases

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Add TEST_FAIL() condition to omac1_aes_vector()

This enables more error path testing.

Signed-off-by: Jouni Malinen <j@w1.fi>

EAP-GPSK: Check HMAC-SHA256 result in GKDF and MIC

hmac_sha256() and hmac_sha256_vector() return a result code now, so use
that return value to terminate HMAC-SHA256-based GKDF/MIC similarly to
what was already done with the CMAC-based GKDF/MIC.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: RADIUS Accounting and Framed-IP-Address

Signed-off-by: Jouni Malinen <j@w1.fi>

Add Framed-IP-Address to Accounting-Request if STA address is known

The recently added ProxyARP support (proxy_arp=1) in hostapd allows a
STA IPv4 address to be learned from DHCP or ARP messages. If that
information is available, add it to Account-Request messages in
Framed-IP-Address attribute.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Maximum STA count and limit on Probe Response frames

This verifies hostapd behavior with no_probe_resp_if_max_sta=1.

Signed-off-by: Jouni Malinen <j@w1.fi>

Option to reduce Probe Response frame responses during max STA

The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can
be used to request hostapd not to reply to broadcast Probe Request
frames from unassociated STA if there is no room for additional stations
(max_num_sta). This can be used to discourage a STA from trying to
associate with this AP if the association would be rejected due to
maximum STA limit.

Signed-off-by: Jouni Malinen <j@w1.fi>

Add "git describe" based version string postfix

If hostapd or wpa_supplicant is built from a git repository, add a
VERSION_STR postfix from the current git branch state. This is from "git
describe --dirty=+". VERSION_STR will thus look something like
"2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a
modified repository.

This behavior is enabled automatically if a build within git repository
is detected (based on ../.git existing). This can be disabled with
CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config.

Signed-off-by: Jouni Malinen <j@w1.fi>

eapol_test: Add -v for displaying version information

Signed-off-by: Jouni Malinen <j@w1.fi>

P2P: Add P2P_ASSOC_RESP to P2P vendor elements

Vendor specific IEs added to frame type P2P_ASSOC_RESP are saved in
the interface context, but as they are added as part of the P2P IEs,
they need to be saved in the global P2P context.

Fix this by directing vendor specific IEs added to P2P_ASSOC_RESP
frame type to the P2P context.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Change wpas_config_file test for dedicated P2P Device case

SAVE_CONFIG command on the global control interface tries to save
the config file on all interfaces. The test disabled updating the
config file only on one interface, thus for configurations that
support a dedicated P2P Device interface, saving the config file
would still have succeeded on the P2P Device interface.

Fix the test by disabling updating the configuration file on the global
control interface (which will, in practice, disable this for the P2P
Device interface) in addition to disabling it on the main interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Set MAC address in wpas_ctrl_interface_add2 test

mac80211_hwsim only supports 2 different MAC addresses.
Configurations that use a dedicated P2P Device interface already
use these 2 addresses, so adding another interface on the same
PHY results in a duplicated MAC address.

Fix this by changing the MAC address of the added interface to make
sure the new interface has a unique MAC address.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Set bridge ageing in ap_wpa2_bridge_fdb test

Set the bridge ageing to 1 sec to make the bridge clear unused
addresses after this interval. Otherwise the test depends on
the local configuration of brctl.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Fix ap_cipher_tkip_countermeasures_sta test

Write the main interface address to the tkip_mic_test debugfs file
to generate Michael MIC failure event (which is different than the
p2p_dev_addr when a dedicated P2P Device interface is used).

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

TDLS: On a TPK timeout, tear down the link before renewal by the initiator

On TPK lifetime expiration, tear down the direct link before renewing
the link in the case of TDLS initiator processing. The expired key
cannot be used anymore, so it is better to explicitly tear down the old
link first.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P GO Negotiation special cases

These test cases verify behavior with parallel scan operations while
going through GO Negotiation and duplicated GO Negotiation Request frame
RX with not-yet-ready sequence in GO Negotiation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Fix P2P message construction byte order for config_method

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Do not reply to GO Negotiation Request if peer is waiting for us

This improves robustness of GO Negotiation in special cases where GO
Negotiation Request frames from the peer may end up getting delivered
multiple times, e.g., due to interference and retransmitted frames not
getting properly filtered out in duplicate detection (which is something
that number of drivers do not implement for pre-associated state).

If we have already replied with GO Negotiation Response frame with
Status 1 (not yet ready), do not reply to another GO Negotiation Request
frame from the peer if we have already received authorization from the
user (P2P_CONNECT command) for group formation and have sent out our GO
Negotiation Request frame. This avoids a possible sequence where two
independent GO Negotiation instances could go through in parallel if the
MAC address based rule on avoiding duplicate negotiations is not able to
prevent the case. This can allow GO Negotiation to complete successfully
whereas the previous behavior would have likely resulted in a failure
with neither device sending a GO Negotiation Confirm frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Add more debug prints for Action frame TX clearing steps

This makes it easier to analyze debug logs for issues related to
multiple pending Action TX frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Portability fixes for FreeBSD - os_fdatasync()

Use fsync() when fdatasync() and F_FULLSYNC isn't available.

Signed-off-by: Rui Paulo <rpaulo@freebsd.org>

nl80211: Disable 11b rates for P2P (additional cases)

Some drivers (like mac80211) do not accept changing the TX bitrate mask
before the network interface is up. Thus, calling
nl80211_disable_11b_rates() before the interface is up fails, and the
P2P network interface continues to use invalid bitrates.

To fix this call nl80211_disable_11b_rates() immediately after the
interface is brought up (and also after rfkill is unblocked).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

Do not expire scan results based on aborted scan

Do not expire scan results entries based on scan results from a scan
that was aborted. The aborted scan did not scan all the requested
channels or SSIDs, so the fact that a BSS is missing from the scan
results does not mean it is not available.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

P2P: Set CTWindow only for P2P GO

CTWindow was set for all AP interfaces if the driver supports it and
this parameter is set in wpa_supplicant configuration. This results in
failing to start an AP that is not a P2P GO as this setting is rejected
by the driver.

Fix that by setting the CTWindow only for P2P GO interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

Escape DEL char (ASCII 127 decimal) in SSIDs

While testing, I noticed that printf_encode() makes control characters
human-readable, with one exemption, the DEL character (ASCII 127).
Assuming this exemption was unintentional, make it appear as an escaped
\x7f instead of a literal DEL character in the output.

Signed-off-by: Josh Lehan <krellan@krellan.net>

tests: Fix VM tests for Fedora

Binaries aren't always in /usr/bin/, plus kvm is sometimes 'qemu-kvm'.

Signed-off-by: Dan Williams <dcbw@redhat.com>

tests: Fix regulatory domain reset in FST test case failure cases

send_iface_detach_request() can fail and that resulted in skipping a
call to restore_reg_domain() and leaving unexpected country
configuration for following test cases. This could result in failures,
e.g., in this sequence: fst_proto wpas_mesh_open_5ghz

Fix this by ignoring exceptions from send_iface_detach_request() and
continuing to restore regulatory domain.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

atheros: Fix hapd_deinit() handler with generic IEs set

atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

nl80211: Increase buffer size for reporting scan frequencies

It is possible for a driver to support sufficient number of channels to
hit the previous limit of 200 characters for the "nl80211: Scan included
frequencies:" debug message. Increase the maximum buffer length to 300
characters to allow more complete list of scanned frequencies to be
written into the debug log. This limit is more in line with the
MAX_REPORT_FREQS (50) limit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Fix Suite B 192-bit AKM to use proper PMK length

In addition to the PTK length increasing, the length of the PMK was
increased (from 256 to 384 bits) for the 00-0f-ac:12 AKM. This part was
missing from the initial implementation and a fixed length (256-bit) PMK
was used for all AKMs.

Fix this by adding more complete support for variable length PMK and use
384 bits from MSK instead of 256 bits when using this AKM. This is not
backwards compatible with the earlier implementations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Remove unreachable PMKSA cache entry addition on Access-Accept

The previous implementation used an obsolete sm->eapol_key_crypt pointer
which was not set anywhere (i.e., was always NULL). In addition, the
condition of sm->eap_if->eapKeyAvailable was not valid here since this
is the case of MSK from an external authentication server and not the
internal EAP server. Consequently, the wpa_auth_pmksa_add() call here
was never used.

The PMKSA cache was still added, but it happened at the completion of
the 4-way handshake rather than at the completion of EAP authentication.
That later location looks better, so delete the unreachable code in
Access-Accept handling. In addition, remove the now complete unused
struct eapol_state_machine eapol_key_* variables.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>