Tomasz Bursztyka [Mon, 2 Jun 2014 14:42:06 +0000 (17:42 +0300)]
dbus: Remove GroupMember object type and use Peer instead
GroupMember is unusable in itself and all the necessary informations are
stored in Peer objects, thus replace the use of GroupMember by Peer.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Tomasz Bursztyka [Mon, 2 Jun 2014 14:42:05 +0000 (17:42 +0300)]
dbus: Add a Groups property to a Peer object on which it belongs
If only the Peer is part of one or more group, this property will tell
those via listing their object paths.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Tomasz Bursztyka [Mon, 2 Jun 2014 14:42:04 +0000 (17:42 +0300)]
P2P: Add utility functions to get GO/client interface
This will be useful for a peer to know if it is part of a group either
as a client of our local GO or as the peer GO.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Tomasz Bursztyka [Mon, 2 Jun 2014 14:42:03 +0000 (17:42 +0300)]
P2P Add a utility to run a callback on all available groups
This will be useful in wpa_supplicant to match group's SSIDs against a
specific one.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Tomasz Bursztyka [Mon, 2 Jun 2014 14:42:02 +0000 (17:42 +0300)]
P2P: Add a utility function to get the group configuration
This will be useful for finding the interface related to this group
after formation based on the group SSID.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Jouni Malinen [Sun, 29 Jun 2014 09:29:50 +0000 (12:29 +0300)]
TDLS: Clean up add/set peer operations
Use a helper function to avoid multiple copies of the same long list of
argument parameters to wpa_sm_tdls_peer_addset() from the peer entry.
Signed-off-by: Jouni Malinen <j@w1.fi>
Arik Nemtsov [Wed, 25 Jun 2014 14:41:55 +0000 (17:41 +0300)]
TDLS: Tear down connection on malformed Setup Confirm
Otherwise the peer will erroneously assume we have a working direct
link.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Arik Nemtsov [Wed, 25 Jun 2014 14:41:54 +0000 (17:41 +0300)]
TDLS: Abort local setup when failing to add STA
The driver might not always be able to add the new station. Abort the
setup when this happens.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Arik Nemtsov [Wed, 25 Jun 2014 14:41:53 +0000 (17:41 +0300)]
TDLS: Update peer STA as soon as full peer info is available
Update the peer STA with full info sending TDLS Setup Response/Confirm
frames instead of after the full setup exchange. This makes it easier
for some drivers to properly negotiate QoS and HT information on the
direct link.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Arik Nemtsov [Wed, 25 Jun 2014 14:41:52 +0000 (17:41 +0300)]
TDLS: Remove peer from global peer-list on free
There is no need to keep the peer entry in memory after the link has
been removed.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Tested-by: Ilan Peer <ilan.peer@intel.com>
Michal Kazior [Fri, 27 Jun 2014 12:19:30 +0000 (14:19 +0200)]
hostapd: Use channel switch fallback on error
It's worth giving a try to fallback to re-starting BSSes at least once
hoping it works out instead of just leaving BSSes disabled.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Michal Kazior [Fri, 27 Jun 2014 12:19:29 +0000 (14:19 +0200)]
hostapd: Perform multi-BSS CSA for DFS properly
Currently hostapd data structures aren't ready for multi-channel BSSes,
so make DFS work now at least with single-channel multi-BSS channel
switching.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Michal Kazior [Fri, 27 Jun 2014 12:19:28 +0000 (14:19 +0200)]
hostapd: Make chan_switch command per-interface not per-BSS
Currently hostapd data structures aren't ready for multi-channel BSSes,
so make the command work now at least with single-channel multi-BSS
channel switching.
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Michal Kazior [Fri, 27 Jun 2014 12:19:27 +0000 (14:19 +0200)]
hostapd: Move CSA parameters to hostapd_data
This prepares CSA structure and logic in hostapd for multi-BSS channel
switching.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Dmitry Shmidt [Mon, 23 Jun 2014 19:13:20 +0000 (12:13 -0700)]
eapol_test: Fix -R option to not replace -s option value
Commit
e9852462d58750e2ec4be498e82db0e0a2dfaf7f ('eapol_test: Add PC/SC
reader and PIN command line arguments') did not add break to the switch
statement for the new -R command line option.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Christopher Wiley [Thu, 26 Jun 2014 20:13:07 +0000 (13:13 -0700)]
Change channel before IBSS associations
Fix a bug where changing the mode of the interface to IBSS
fails because the interface is sitting on a channel where IBSS is
disallowed because of a previous association.
Signed-off-by: Christopher Wiley <wiley@chromium.org>
Christopher Wiley [Thu, 26 Jun 2014 20:13:06 +0000 (13:13 -0700)]
nl80211: Refactor mode switch logic
In preparation for another wrinkle around switching into IBSS mode,
refactor existing mode switch logic for simplicity at the expense
of some brevity.
Signed-off-by: Christopher Wiley <wiley@chromium.org>
Pontus Fuchs [Tue, 3 Jun 2014 08:24:54 +0000 (10:24 +0200)]
nl80211: Improve debug output by printing SA and DA in frames
Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
Pontus Fuchs [Tue, 3 Jun 2014 08:24:53 +0000 (10:24 +0200)]
Print frame type name in debug output
"stype=4" becomes "stype=4 (WLAN_FC_STYPE_PROBE_REQ)" etc.
Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
Johannes Berg [Wed, 4 Jun 2014 09:21:40 +0000 (11:21 +0200)]
nl80211: Use low-priority scan for OBSS scan
Some drivers may support low-priority scans, if they do then
use that for OBSS scanning.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Sat, 21 Jun 2014 21:17:18 +0000 (00:17 +0300)]
tests: P2P passphrase length configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 21 Jun 2014 21:15:53 +0000 (00:15 +0300)]
P2P: Allow passphrase length to be configured
Previously, eight character random passphrase was generated
automatically for P2P GO. The new p2p_passphrase_len parameter can be
used to increase this length to generate a stronger passphrase for cases
where practicality of manual configuration of legacy devices is not a
concern.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 21 Jun 2014 19:46:28 +0000 (22:46 +0300)]
eapol_test: Add PC/SC reader and PIN command line arguments
The new command line arguments -R<reader> and -P<PIN> can now be used to
specify which PC/SC reader (prefix match) and PIN are to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 21 Jun 2014 19:45:31 +0000 (22:45 +0300)]
Use pcsc_reader configuration in one for scard_init() call
This allows PC/SC reader to be identified with the pcsc_reader
configuration parameter.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 20 Jun 2014 17:58:54 +0000 (20:58 +0300)]
tests: EAP-SIM/AKA/AKA' protocol tests
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 21 Jun 2014 16:26:04 +0000 (19:26 +0300)]
tests: EAP-SIM external_sim error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 21 Jun 2014 09:18:56 +0000 (12:18 +0300)]
EAP-SIM': Fix AT_KDF parser to avoid infinite loop
Hitting maximum number of AT_KDF attributes could result in an infinite
loop due to the attribute parser not incrementing the current position
properly when skipping the extra KDF.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 21 Jun 2014 08:21:12 +0000 (11:21 +0300)]
tests: EAP-AKA external_sim error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 20 Jun 2014 21:25:40 +0000 (00:25 +0300)]
EAP-SIM/AKA: Remove unused RESULT_FAILURE state
This was not set anywhere, so remove the unnecessary code trying to
handle the unused state.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 20 Jun 2014 07:54:22 +0000 (10:54 +0300)]
tests: EAP-SIM/AKA invalid Milenage key configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 19 Jun 2014 17:59:46 +0000 (20:59 +0300)]
tests: SA Query rate limiting on burst of unprotected Deauth
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 19 Jun 2014 17:56:32 +0000 (20:56 +0300)]
Rate limit SA Query procedure initiation on unprotected disconnect
There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 18 Jun 2014 14:14:59 +0000 (17:14 +0300)]
EAP-GPSK: Clean up CSuite_List length validation (CID 62854)
Use a local variable and size_t in length comparison to make this easier
for static analyzers to understand. In addition, set the return list and
list_len values at the end of the function, i.e., only in success case.
These do not change the actual behavior of the only caller for this
function, but clarifies what the helper function is doing.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Wed, 18 Jun 2014 13:42:15 +0000 (16:42 +0300)]
EAP-FAST: Clean up TLV length validation (CID 62853)
Use size_t instead of int for storing and comparing the TLV length
against the remaining buffer length to make this easier for static
analyzers to understand.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 17 Jun 2014 21:45:48 +0000 (00:45 +0300)]
VHT: Remove useless validation code from Operating Mode Notification
This was added by commit
8a45811638d3d5c913175c4b8fc17a9bff0178e1
('hostapd: Add Operating Mode Notification support'), but the validation
steps cannot be true either for the channel width (which is a two-bit
subfield that cannot encode more than the list four values) or Rx NSS
(which cannot encode a value larger 7). Furthermore, the VHT_CHANWIDTH_*
defines do not match the definition of the Channel Width subfield
values.
Since this check cannot ever match, it is better to remove it to make
the code easier to understand and to avoid getting complaints about dead
code from static analyzers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Tue, 17 Jun 2014 21:13:56 +0000 (00:13 +0300)]
tests: EAP-PSK protocol test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Arik Nemtsov [Tue, 10 Jun 2014 18:19:10 +0000 (21:19 +0300)]
TDLS: Do not bail when failing to process IEs in Discovery Request
Some APs (Cisco) may tack on a weird IE to the end of a TDLS Discovery
Request packet. This needn't fail the response, since the required IEs
are verified separately.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Arik Nemtsov [Tue, 10 Jun 2014 18:19:07 +0000 (21:19 +0300)]
TDLS: Do not reject TPK M3 when failing to process IEs
Some APs (Cisco) may tack on a weird IE to the end of the TDLS confirm
packet, which can fail negotiation. As an interoperability workaround,
ignore IE parser failures and reject the frame only if any of the
mandatory IEs are not included.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Jouni Malinen [Mon, 16 Jun 2014 22:55:36 +0000 (01:55 +0300)]
TDLS: Fix TPK M1 error case (CID 68214)
Commit
342bce63cdb375bc64ce1cbcdb9e6f48acdea1e3 introduced a possibility
of a NULL pointer dereference on the error path if a new peer entry
fails to get added (i.e., memory allocation failure). Fix that by
skipping the wpa_tdls_peer_free() call if necessary.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jithu Jance [Mon, 16 Jun 2014 21:40:55 +0000 (00:40 +0300)]
nl80211: Fix non-hostapd interface addition to not call add_ifidx()
Commit
b36935be1a14341771b0fd5491808c3f6fdcb603 ('nl80211: Fix EAPOL
frames not being delivered') and commit
147848ec4d26613d5a117d4b35dbc7ff98dd65d1 ('nl80211: Do not add all
virtual interfaces to drv->if_indices') were not fully in sync and it
was possible for some non-hostapd use cases to end up adding undesired
ifindexes into the list of interfaces from which events and EAPOL frames
are processed on the parent interface. This could result, e.g., in P2P
Device management interface on getting unexpected events, including
RTM_NEWLINK event that could end up getting interpreted as an
indication of the interface being down and unavailable.
Make both add_ifidx() calls use the same criteria for adding interfaces
to the local list. This is not really a complete solution, but it is
good enough for now to fix the most visible side effects of this issue.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Arik Nemtsov [Tue, 10 Jun 2014 18:19:08 +0000 (21:19 +0300)]
TDLS: Add ctrl_iface option for flushing all TDLS peers
"TDLS_TEARDOWN *" can now be used to tear down the direct links to all
TDLS peers. This is useful for debugging purposes.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Arik Nemtsov [Tue, 10 Jun 2014 18:19:05 +0000 (21:19 +0300)]
TDLS: Bail on STA add failure in tpk_m1 processing
The driver might not be able to add the TDLS STA. Fail if this happens.
Also fix the error path to always reset the TDLS peer data.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Arik Nemtsov [Tue, 10 Jun 2014 18:19:04 +0000 (21:19 +0300)]
TDLS: Handle unreachable link teardown for external setup
If a link is unreachable, the specification mandates we should send a
teardown packet via the AP with a specific teardown reason. Force this
by first disabling the link and only then sending the teardown packet
for the LOW_ACK event.
Rename the TDLS LOW_ACK event handler to better reflect its purpose.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Jouni Malinen [Mon, 16 Jun 2014 14:07:25 +0000 (17:07 +0300)]
tests: Make concurrent_grpform_while_connecting2 more robust
It was possible for this test case to fail due to PBC overlap that was
detected based on previous test case having used PBC. Make that false
positive less likely to happen by explicitly clearing the scan cache on
dev[1].
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Amarnath Hullur Subramanyam [Mon, 16 Jun 2014 13:22:36 +0000 (16:22 +0300)]
hostapd: Configure driver ACL even if MAC address list is empty
Earlier commit related to MAC address based access control list
offloaded to the driver was not sending ACL configuration to the driver
if the MAC address list was empty. Remove this check as empty access
control list is a valid use case and sending ACL parameters should not
be dependent on whether the list is empty.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 15 Jun 2014 16:35:22 +0000 (19:35 +0300)]
Fix CONFIG_MODULE_TESTS=y build without CONFIG_P2P=y
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 15 Jun 2014 16:31:53 +0000 (19:31 +0300)]
P2P: Clean up by moving ifdef CONFIG_P2P to p2p_suppplicant.h
This removes number of unnecessary #ifdef CONFIG_P2P blocks from generic
code by hiding the conditional build into p2p_supplicant.h with empty
inline functions.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 15 Jun 2014 16:01:59 +0000 (19:01 +0300)]
tests: EAP protocol test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 15 Jun 2014 14:36:53 +0000 (17:36 +0300)]
tests: EAP-PAX protocol test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Avraham Stern [Tue, 10 Jun 2014 17:50:38 +0000 (20:50 +0300)]
tests: GO configured preferred channels are disallowed
Verify that when all configured preferred channels are disallowed,
the GO is instantiated on a random channel.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Ilan Peer [Mon, 19 May 2014 07:05:39 +0000 (10:05 +0300)]
P2P: Use another interface operating channel as listen channel
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.
To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.
The optimization can be configured in the configuration file and
is disabled by default.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer [Mon, 19 May 2014 07:05:38 +0000 (10:05 +0300)]
P2P: Try using one of the social channels for GO
In case there is no preference for the GO operating channel,
try using one of 1, 6, 11 (randomly), and only if the random
selection is not suitable traverse all the channels 1..11.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Ilan Peer [Fri, 23 May 2014 17:03:01 +0000 (20:03 +0300)]
P2P: Modify p2p_get_pref_freq
In p2p_get_pref_freq, if the channels argument is NULL, select a
preferred channel that is also one of the P2P Device configured
channels.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Avraham Stern [Mon, 19 May 2014 07:05:36 +0000 (10:05 +0300)]
P2P: Remove duplicated code from get_shared_radio_freqs_data()
Remove the seperation between getting the local interface frequency and
other interfaces frequencies since going over all the radio interfaces
includes the local interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Jouni Malinen [Mon, 26 May 2014 13:16:17 +0000 (16:16 +0300)]
Remove unused dump_freq_array()
This function is not used anymore.
Signed-off-by: Jouni Malinen <j@w1.fi>
Ilan Peer [Mon, 19 May 2014 07:05:35 +0000 (10:05 +0300)]
P2P: Collect and use extended data on used frequencies
When the number of frequencies supported by the kernel is bigger than
one, and there is a need to pick a frequency for a new flow such as P2P
GO Negotiation or P2P Invitation, the flow should be able to pick the
best frequency among all the frequencies currently used by the device.
In order to prioritize between the currently used frequencies, add
the ability to collect additional data about each used frequency
(if the frequency is used by a station interface or P2P Client)
and when needed select the best frequency, where:
1. Infrastructure interfaces have highest priority
2. P2P Client interfaces have higher priority over AP/GO
interfaces.
The rational is that the frequency of an AP/GO can change while
that of a station interface cannot.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Avraham Stern [Mon, 19 May 2014 07:05:36 +0000 (10:05 +0300)]
P2P: Remove unused code from get_shared_radio_freqs_data()
Remove the check for get_radio_name support from
get_shared_radio_freqs_data() since get_radio_name is no longer in use
in this function.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Tue, 10 Jun 2014 17:50:42 +0000 (20:50 +0300)]
tests: Autonomous GO random channel selection
Verify that a standalone GO selects a random channel from the social
channels in case no other preference is set.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Tue, 10 Jun 2014 17:50:41 +0000 (20:50 +0300)]
tests: P2P GO negotiation when two peers force different freq
Verify that when trying to form a P2P group but each peer forces a
different frequency, the group formation fails.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Tue, 10 Jun 2014 17:50:40 +0000 (20:50 +0300)]
tests: Frequency set as no GO
Verify that when setting frequency as no_go_freq and setting up
autonomous GO, the GO is instantiated on a different frequency, but
when forming a P2P group and becoming a client this frequency can be
used.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Tue, 10 Jun 2014 17:50:39 +0000 (20:50 +0300)]
tests: GO with preferred channel and station on a disallowed channel
Verify that when setting up autonomous GO with configured preferred
channel and a station interface is connected on a channel that is
disallowed for P2P, the GO is instantiated on the preferred channel.
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Tue, 10 Jun 2014 17:50:37 +0000 (20:50 +0300)]
tests: Autonomous GO with preferred channel and station on another channel
Verify that when setting up an autonomous GO with configured preferred
channel and a station interface is on another channel, the GO is
instantiated on the same channel as the station interface and not on the
configured preferred channel.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Tue, 10 Jun 2014 17:50:36 +0000 (20:50 +0300)]
tests: GO negotiation with forced freq different than station interface
Verify that when a station interface is on one frequency, and GO
negotiation is started in which both sides force a different frequency,
the P2P group is formed on the forced frequency (both as GO and client).
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Haim Dreyfuss [Tue, 10 Jun 2014 17:50:35 +0000 (20:50 +0300)]
tests: Autonomous GO force different channel than station interface
After station interface is connected on a specific channel, create
autonomous GO with forced different channel.
Requires MCC.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Avraham Stern [Tue, 10 Jun 2014 17:50:34 +0000 (20:50 +0300)]
tests: GO negotiation with station interface on a P2P-disallowed channel
Verify that when P2P group is formed and a station interface is
connected on a channel that is disallowed for P2P, the group is formed
on a different channel than the BSS (both as GO and client).
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Tue, 10 Jun 2014 17:50:33 +0000 (20:50 +0300)]
tests: GO with station interface on a P2P-disallowed channel
Verify that when setting up an autonomous GO and station interface is
connected on a channel that is disallowed for P2P uses, the GO is
instantiated on a different channel than the station mode connection.
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Avraham Stern [Tue, 10 Jun 2014 17:50:32 +0000 (20:50 +0300)]
tests: GO negotiation with station interface is connected
Verify that when station interface is connected and GO negotiation is
initiated, the P2P group is formed on the same channel as the station
connection.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Haim Dreyfuss [Tue, 10 Jun 2014 17:50:31 +0000 (20:50 +0300)]
tests: Autonomous GO channel selection following BSS
This test verifies that if a GO is instantiated after a connection of a
station interface, the chosen operating channel is that of the station
interface.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Haim Dreyfuss [Tue, 10 Jun 2014 17:50:30 +0000 (20:50 +0300)]
tests: Add wpasupplicant get_mcc helper function
The function returns the number of concurrent channels supported by the
driver.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Haim Dreyfuss [Tue, 10 Jun 2014 17:50:29 +0000 (20:50 +0300)]
tests: Add channels argument to run-all.sh and start.sh
Add an option to run-all.sh and start.sh to get as an argument the
number of concurrent channels that mac80211_hwsim will be loaded with.
To start mac80211_hwsim with more than one channel, the following
parameter should be added to command line: channels=<num_channels>
The default is one channel (no concurrent channels).
The driver should be loaded with multi channel support in order to run
some tests.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Jouni Malinen [Sat, 14 Jun 2014 16:02:46 +0000 (19:02 +0300)]
Clean up EAPOL-Key Key Data processing
Use a single location in wpa_sm_rx_eapol() for preparing the pointer to
the Key Data field and to its validated length instead of fetching that
information in number of processing functions separately.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 14 Jun 2014 15:31:14 +0000 (18:31 +0300)]
Clean up EAPOL-Key processing
Re-order wpa_sm_rx_eapol() to first go through all EAPOL (802.1X) header
validation steps using the original message buffer and re-allocate and
copy the frame only if this is a valid EAPOL frame that contains an
EAPOL-Key. This makes the implementation easier to understand and saves
unnecessary memory allocations and copying should other types of EAPOL
frames get here.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 14 Jun 2014 14:27:12 +0000 (17:27 +0300)]
tests: EAP-EKE protocol test cases
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 14 Jun 2014 14:15:07 +0000 (17:15 +0300)]
EAP-EKE: Fix typos in debug message
These error messages had an incorrect frame name (likely copy-pasted
from the commit message handler) and couple of typos.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 13 Jun 2014 22:29:42 +0000 (01:29 +0300)]
dbus: Check return value more consistently (CID 62841)
Most of these calls are checked to return success and there is no reason
why these wouldn't, so be more consistent. This addresses CID 62841,
CID 62840, CID 62839, CID 62838, CID 62837, CID 62836.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 13 Jun 2014 22:24:06 +0000 (01:24 +0300)]
wext: Verify set_ssid results consistently (CID 62842)
Note in debug log if SSID clearing to stop pending cfg80211 association
attempts fail.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 13 Jun 2014 22:20:18 +0000 (01:20 +0300)]
Note chmod() failure in debug log even in ignore case (CID 62843)
If this chmod() call fails, the global control interface is allowed to
be used since there was no change to its group. Anyway, it can be
helpful to note the error case in debug log instead of silently ignoring
it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 13 Jun 2014 22:05:18 +0000 (01:05 +0300)]
WPS: Check wps_build_wfa_ext() return value consistently (CID 68104)
While this call cannot really fail, check the return value to be more
consistent with all the other wps_build_wfa_ext() calls.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 13 Jun 2014 22:01:18 +0000 (01:01 +0300)]
EAP-MSCHAPv2: Check hash function results more consistently (CID 68105)
While the hash functions would be very unlikely to fail in practice,
they do have option of returning an error. Check that return value more
consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 13 Jun 2014 21:20:04 +0000 (00:20 +0300)]
Fix validation of EAPOL-Key length with AES key wrap (CID 62859)
The additional eight octet field was removed from keydatalen without
proper validation of the Key Data Length field. It would have been
possible for an invalid EAPOL-Key frame to be processed in a way that
ends up reading beyond the buffer. In theory, this could have also
resulted in writing beyond the EAPOL-Key frame buffer, but that is
unlikely to be feasible due to the AES key wrap validation step on
arbitrary memory contents.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 13 Jun 2014 13:03:45 +0000 (16:03 +0300)]
EAP-TNC: Limit maximum message buffer to 75000 bytes (CID 62873)
Since there is a limit on the EAP exchange due to maximum number of
roundtrips, there is no point in allowing excessively large buffers to
be allocated based on what the peer device claims the total message to
be. Instead, reject the message if it would not be possible to receive
it in full anyway.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 13 Jun 2014 12:29:48 +0000 (15:29 +0300)]
tests: Validate parsing and rejection of invalid WFD subelement
This is a regression test for wifi_display_subelem_hex() bounds checking
issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 13 Jun 2014 12:25:39 +0000 (15:25 +0300)]
P2P: Fix wfd_dev_info parsing for P2P-DEVICE-FOUND (CID 68127)
Commit
b125c48fce823f28d22ebd68297c5b94366c6aa1 ('P2P: Add wfd_dev_info=
field for device found event') added Wi-Fi Display device info to the
P2P-DEVICE-FOUND events. However, it did not include proper bounds
checking in wifi_display_subelem_hex() and could accept subelements with
invalid length field values. This could result in buffer read overflow
of up to 64 kB and inclusion of heap memory in the local control
interface event and/or process crash due to invalid memory access. Fix
this by checking the validity of the length field before writing a
hexdump of the data.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 21:48:21 +0000 (00:48 +0300)]
dbus: Clean up P2P group vendor ext getter
The vendor_ext[i] = NULL setting did not make any sense since
num_vendor_ext should have been used to index the vendor_ext array. The
old code did not do any harm since i >= num_vendor_ext and none of the
already set entries could have been cleared. Anyway, better clean this
by making it skip the setting to NULL similarly to what was already done
in the P2P peer vendor ext getter.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 21:36:42 +0000 (00:36 +0300)]
HS 2.0R2: Fix OSEN IE parsing for in cipher setup (CID 68132)
The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 20:33:33 +0000 (23:33 +0300)]
WNM: Use cleaner way of generating pointer to a field (CID 68100)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 19:36:02 +0000 (22:36 +0300)]
WNM: Use cleaner way of generating pointer to a field (CID 68099)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 19:10:43 +0000 (22:10 +0300)]
GAS server: Fix request frame length validation (CID 68098)
There seemed to be an off-by-one error in the validation of GAS request
frames. If a Public Action frame without the Action code field would
have reached this function, the length could have been passed as
(size_t) -1 which would likely have resulted in a crash due to reading
beyond the buffer. However, it looks like such frame would not be
delivered to hostapd at least with mac80211-based drivers. Anyway, this
function better be more careful with length validation should some other
driver end up reporting invalid Action frames.
In addition, the Action code field is in a fixed location, so the
IEEE80211_HDRLEN can be used here to clean up bounds checking to avoid
false reports from static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 19:09:05 +0000 (22:09 +0300)]
tests: Truncated GAS query request
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 18:46:30 +0000 (21:46 +0300)]
HT: Use cleaner way of generating pointer to a field (CID 68097)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 17:18:15 +0000 (20:18 +0300)]
P2P: Use cleaner way of generating pointer to a field (CID 68096)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 17:13:50 +0000 (20:13 +0300)]
P2P: Use cleaner way of generating pointer to a field (CID 68095)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 17:08:00 +0000 (20:08 +0300)]
dbus: Add explicit break statements to switch-default
There were couple of missing breaks in switch-default (before/after).
While these did not have any noticeable issues due to falling over to
the next step that just exited from the switch statement, it is cleaner
and more robust to have each case use an explicit break.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 17:02:00 +0000 (20:02 +0300)]
dbus: Initialize temporary entry properly (CID 62877)
The tmpentry variable was not initialized and
_wpa_dbus_dict_entry_get_byte_array() does not set tmpentry.type, so it
would have been possible for the error path to end up trying to free
unexpected type of an entry or not free the memory at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 16:42:50 +0000 (19:42 +0300)]
Use clearer way of getting pointer to a frame (CID 62835)
This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a
pointer is taken to the specified field in a frame and not to a single
octet. Bounds checking was already handled separately.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 15:42:29 +0000 (18:42 +0300)]
WPS: Clean up indentation level (CID 68109)
The implementation here was doing what it was supposed to, but the code
was indented in a way that made it quite confusing in the context of a
single line if statement body.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 15:38:31 +0000 (18:38 +0300)]
Fix HS20_GET_NAI_HOME_REALM_LIST hex length check (CID 68108)
Due to an incorrect operation (MOD vs. AND), the code that was supposed
to return an error if the hex string has odd length was not really
reporting any failures. Instead of reporting an error, the invalid
control interface command would have been truncated. This is not an
issue in practice, but better fix the implementation anyway.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 14:36:56 +0000 (17:36 +0300)]
dbus: Avoid theoretical memory leaks with duplicated dict entries
If a dict would include duplicated items, the parsing code here would
have leaked memory by overwriting old os_strdup() result with the new
one. Fix this by explicitly freeing the previous entry. This addresses
CID 62852, CID 62851, CID 62850, CID 62849, CID 62847, CID 62846.
Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 12 Jun 2014 14:26:58 +0000 (17:26 +0300)]
dbus: Fix a potential double-free in on error path (CID 62880)
It would have been at least theoretically possible to hit the first
error in the loop and end up jumping to error handling which would call
os_free(value) without the value having been cleared after the os_free()
call at the end of the previous loop iteration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Philippe De Swert [Tue, 27 May 2014 10:42:39 +0000 (13:42 +0300)]
TNC: Fix minor memory leak (CID 62848)
In tncc_read_config(), the memory allocted for the config
did not get freed if an error occured.
Signed-off-by: Philippe De Swert <philippe.deswert@jollamobile.com>