www.project-moonshot.org Git - mech

tests: Change wpas_config_file test for dedicated P2P Device case

SAVE_CONFIG command on the global control interface tries to save
the config file on all interfaces. The test disabled updating the
config file only on one interface, thus for configurations that
support a dedicated P2P Device interface, saving the config file
would still have succeeded on the P2P Device interface.

Fix the test by disabling updating the configuration file on the global
control interface (which will, in practice, disable this for the P2P
Device interface) in addition to disabling it on the main interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Set MAC address in wpas_ctrl_interface_add2 test

mac80211_hwsim only supports 2 different MAC addresses.
Configurations that use a dedicated P2P Device interface already
use these 2 addresses, so adding another interface on the same
PHY results in a duplicated MAC address.

Fix this by changing the MAC address of the added interface to make
sure the new interface has a unique MAC address.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Set bridge ageing in ap_wpa2_bridge_fdb test

Set the bridge ageing to 1 sec to make the bridge clear unused
addresses after this interval. Otherwise the test depends on
the local configuration of brctl.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

tests: Fix ap_cipher_tkip_countermeasures_sta test

Write the main interface address to the tkip_mic_test debugfs file
to generate Michael MIC failure event (which is different than the
p2p_dev_addr when a dedicated P2P Device interface is used).

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

TDLS: On a TPK timeout, tear down the link before renewal by the initiator

On TPK lifetime expiration, tear down the direct link before renewing
the link in the case of TDLS initiator processing. The expired key
cannot be used anymore, so it is better to explicitly tear down the old
link first.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: P2P GO Negotiation special cases

These test cases verify behavior with parallel scan operations while
going through GO Negotiation and duplicated GO Negotiation Request frame
RX with not-yet-ready sequence in GO Negotiation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Fix P2P message construction byte order for config_method

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Do not reply to GO Negotiation Request if peer is waiting for us

This improves robustness of GO Negotiation in special cases where GO
Negotiation Request frames from the peer may end up getting delivered
multiple times, e.g., due to interference and retransmitted frames not
getting properly filtered out in duplicate detection (which is something
that number of drivers do not implement for pre-associated state).

If we have already replied with GO Negotiation Response frame with
Status 1 (not yet ready), do not reply to another GO Negotiation Request
frame from the peer if we have already received authorization from the
user (P2P_CONNECT command) for group formation and have sent out our GO
Negotiation Request frame. This avoids a possible sequence where two
independent GO Negotiation instances could go through in parallel if the
MAC address based rule on avoiding duplicate negotiations is not able to
prevent the case. This can allow GO Negotiation to complete successfully
whereas the previous behavior would have likely resulted in a failure
with neither device sending a GO Negotiation Confirm frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Add more debug prints for Action frame TX clearing steps

This makes it easier to analyze debug logs for issues related to
multiple pending Action TX frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Portability fixes for FreeBSD - os_fdatasync()

Use fsync() when fdatasync() and F_FULLSYNC isn't available.

Signed-off-by: Rui Paulo <rpaulo@freebsd.org>

nl80211: Disable 11b rates for P2P (additional cases)

Some drivers (like mac80211) do not accept changing the TX bitrate mask
before the network interface is up. Thus, calling
nl80211_disable_11b_rates() before the interface is up fails, and the
P2P network interface continues to use invalid bitrates.

To fix this call nl80211_disable_11b_rates() immediately after the
interface is brought up (and also after rfkill is unblocked).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

Do not expire scan results based on aborted scan

Do not expire scan results entries based on scan results from a scan
that was aborted. The aborted scan did not scan all the requested
channels or SSIDs, so the fact that a BSS is missing from the scan
results does not mean it is not available.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

P2P: Set CTWindow only for P2P GO

CTWindow was set for all AP interfaces if the driver supports it and
this parameter is set in wpa_supplicant configuration. This results in
failing to start an AP that is not a P2P GO as this setting is rejected
by the driver.

Fix that by setting the CTWindow only for P2P GO interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>

Escape DEL char (ASCII 127 decimal) in SSIDs

While testing, I noticed that printf_encode() makes control characters
human-readable, with one exemption, the DEL character (ASCII 127).
Assuming this exemption was unintentional, make it appear as an escaped
\x7f instead of a literal DEL character in the output.

Signed-off-by: Josh Lehan <krellan@krellan.net>

tests: Fix VM tests for Fedora

Binaries aren't always in /usr/bin/, plus kvm is sometimes 'qemu-kvm'.

Signed-off-by: Dan Williams <dcbw@redhat.com>

tests: Fix regulatory domain reset in FST test case failure cases

send_iface_detach_request() can fail and that resulted in skipping a
call to restore_reg_domain() and leaving unexpected country
configuration for following test cases. This could result in failures,
e.g., in this sequence: fst_proto wpas_mesh_open_5ghz

Fix this by ignoring exceptions from send_iface_detach_request() and
continuing to restore regulatory domain.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

atheros: Fix hapd_deinit() handler with generic IEs set

atheros_set_opt_ie() needs to be called before freeing drv->wpa_ie to
avoid hitting double-free on the deinit path. Similarly,
drv->wps_beacon_ie and drv->wps_probe_resp_ie could have been used after
being freed. Fix these be moving the atheros_set_opt_ie() call in
atheros_deinit().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

nl80211: Increase buffer size for reporting scan frequencies

It is possible for a driver to support sufficient number of channels to
hit the previous limit of 200 characters for the "nl80211: Scan included
frequencies:" debug message. Increase the maximum buffer length to 300
characters to allow more complete list of scanned frequencies to be
written into the debug log. This limit is more in line with the
MAX_REPORT_FREQS (50) limit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Fix Suite B 192-bit AKM to use proper PMK length

In addition to the PTK length increasing, the length of the PMK was
increased (from 256 to 384 bits) for the 00-0f-ac:12 AKM. This part was
missing from the initial implementation and a fixed length (256-bit) PMK
was used for all AKMs.

Fix this by adding more complete support for variable length PMK and use
384 bits from MSK instead of 256 bits when using this AKM. This is not
backwards compatible with the earlier implementations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Remove unreachable PMKSA cache entry addition on Access-Accept

The previous implementation used an obsolete sm->eapol_key_crypt pointer
which was not set anywhere (i.e., was always NULL). In addition, the
condition of sm->eap_if->eapKeyAvailable was not valid here since this
is the case of MSK from an external authentication server and not the
internal EAP server. Consequently, the wpa_auth_pmksa_add() call here
was never used.

The PMKSA cache was still added, but it happened at the completion of
the 4-way handshake rather than at the completion of EAP authentication.
That later location looks better, so delete the unreachable code in
Access-Accept handling. In addition, remove the now complete unused
struct eapol_state_machine eapol_key_* variables.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

hostapd: Fix WPA, IEEE 802.1X, and WPS deinit in cases where init fails

With driver wrappers that implement set_privacy(), set_generic_elem(),
set_ieee8021x(), or set_ap_wps_ie(), it was possible to hit a NULL
pointer dereference in error cases where interface setup failed and
the network configuration used WPA/WPA2, IEEE 802.1X, or WPS.

Fix this by skipping the driver operations in case the driver interface
is not initialized.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Fix p2ps_channel_both_connected_same

I modified this test case for commit
eabf083984230f7f608f28f61319f8cd67ba19cf ('tests: P2PS channel
handling') to use dev[2] instead of dev[0], but forgot to update the
p2ps_connect_p2ps_method() dev list to match that. Fix this to actually
use a concurrent connection.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: D-Bus ExpectDisconnect

Signed-off-by: Jouni Malinen <j@w1.fi>

D-Bus: Add a dbus handler for expected disconnection

Add a global D-Bus handler ExpectDisconnect for setting
wpa_s->own_disconnect_req flag. This flag will prevent wpa_supplicant
from adding blacklists and requesting incomplete scan upon the incoming
disconnection. This is mainly meant for a case where suspend/resume is
used and some external component knows about that and can provide the
information to wpa_supplicant before the disconnection happens.

Signed-off-by: Ningyuan Wang <nywang@google.com>

tests: Fix dbus_interface to restore P2P channel list to default

It was possible for the dbus_interface test case to leave the P2P
channel lists with 5 GHz channels enabled due to the special driver=none
case. This could make the following P2P test case fail due to selecting
an unexpected channel. Fix this by forcing P2P channel list update at
the end of the dbus_interface test case.

This was triggering with the following hwsim test case sequence:
dbus_interface p2ps_connect_adv_go_p2ps_method_group_iface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Clear own_disconnect_req on new connection attempt

It was possible for wpa_s->own_disconnect_req to be left set to 1 from a
disconnection attempt from a prior connection. This could then prevent
proper connection failure processing with the new connection in
wpas_connection_failed(). This was triggered by the following hwsim test
case sequence: wpas_mesh_secure sae_no_ffc_by_default. In this sequence,
the SAE failure due to unsupported group did not result in proper
wpas_connection_failed() processing and retry.

Fix this by clearing wpa_s->own_disconnect_req in
wpa_supplicant_associate() before starting a new connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: EAP-MSCHAPv2 error cases

Signed-off-by: Jouni Malinen <j@w1.fi>

OpenSSL: Add TEST_FAIL() checks to allow error path testing

This makes it easier to test various error paths related to key
derivation and authentication steps.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Dynamic radio in p2ps_channel_sta_connected_disallow_freq_mcc

Use a dynamic HWSimRadio in p2ps_channel_sta_connected_disallow_freq_mcc
to allow MCC test case to be executed in default setting (MCC disabled
for the default radios).

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Speed up P2PS test cases using join-a-group

Figure out GO operating frequency and use a single channel scan with
P2P_CONNECT-join.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Speed up p2ps_active_go_seeker by using a single-channel scan

There is no test coverage benefit from using all-channels scan in
P2P_CONNECT-join here.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Speed up p2ps_connect_adv_go_persistent

Stop the pending P2P_LISTEN operation priot to issuing P2P_GROUP_ADD to
start a GO. This avoids excessively long wait for the previous Listen
step to complete before being able to start the GO. This makes
p2ps_connect_adv_go_persistent take significantly less time.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Make P2PS tests less likely to fail in P2PS-PROV-DONE timeouts

The combination of starting P2P extended listen and issuing
P2P_ASP_PROVISION_RESP almost immediately after that while in P2P_LISTEN
state resulted in caes where the advertiser could end up going back to a
long listen state while trying to retransmit PD Request. This resulted
in p2ps_provision() timing out while waiting for P2PS-PROV-DONE
especially in p2ps_feature_capability_* test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: P2PS channel handling

Add tests to verify proper handling of channel considerations in P2PS
PD.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

tests: Add role parameter to asp_provision

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Do not add unnecessary attributes to PD Response

Don't add unnecessary P2PS attributes to PD Response depending on the
type of exchange.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

P2PS: Do not add unnecessary follow-on PD Request attributes

Don't add unnecessary P2PS follow-on PD Request attributes when
the request status is not P2P_SC_SUCCESS_DEFERRED.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

P2PS: Fix persistent group reporting in wpas_p2ps_prov_complete()

When one peer doesn't include a persistent group info in PD Request
the other peer shouldn't report a persistent group usage with this
peer even if such a persistent group exists locally. This condition
could be violated in the previous implementation.

In case a local persistent group exists and the
wpas_p2ps_prov_complete() function is called with persist_ssid parameter
set to NULL, wpa_supplicant reported P2PS-PROV-DONE with persist=<idx>
instead of conncap=<role> parameter.

This happened because the wpas_p2p_get_persistent() function was called
without verification whether the persist_ssid was set to NULL. In this
case the wpas_p2p_get_persistent() returns the first existing persistent
group matching the P2P Device Address without verifying the group's
SSID. After that the group ID is used as persist=<idx> parameter of
P2PS-PROV-DONE event.

Fix the issue by adding persist_ssid and persist_ssid_size verification
as a condition for the wpas_p2p_get_persistent() call.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

P2PS: Fix PD Request parameter handling

In P2PS PD Request processing in some error case scenarios, such as
verification of the WPS config method, the flow aborts before saving
mandatory P2PS PD Request attributes. This in turn causes the control
interface notification events to be sent with invalid parameters.

Fix this by changing the order of verification and processing steps of
the PD Request message handling.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

P2PS: Indicate the chosen operating frequency

On successful P2P PD, report the chosen frequency in case the local
device is going to be the P2P GO, so in can later be used to instantiate
the new P2P GO, etc.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Process channels in PD Response

In case the P2PS PD Response includes the P2P Channel List attribute,
update the peer device supported channels and verify that the local
device has common channels with the peer (only a sanity check).

If the Operating Channel attribute is included in the response, check
that it is included in the intersection and store it as the peer's
operating frequency (so it could later be used in the join flow, etc.).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Process channels in PD Request

In case the P2PS PD Request includes the P2P Channel List attribute,
update the peer device supported channels and check if we have common
channels with the peer that can be used for the connection establishment
based on the connection capabilities:

1. In case of P2PS PD Request with no common channels, defer
   the flow unless auto accept equals true and the connection
   capabilities equals NEW (in which case the channels would be
   negotiated in the GO Negotiation).

2. In case of Follow up P2PS PD Request with no common channels,
   reject the request unless the connection capability is NEW.

In addition, in case of a successful P2PS PD, save the device
operating frequency (so it can be later used for join flow, etc.).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Add channel policy to PD Request

Add operating channel selection and channel list processing similar to
that done when building GO Negotiation Request, i.e., consider the
currently used channels, configured channels, etc.

P2PS introduces a flow where a responder needs to provide channel data
without being previously aware of the current constraints, i.e., the
channels currently in use by other interfaces. To handle this, extend
the get_group_capability() callback to also handle channel selection
aspects of group capabilities.

In case there is an active P2P GO that is going to be used for the P2PS
PD, force its current operating frequency in the PD attributes.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2P: Cleanup handling of unknown peer in PD Request processing

If a Provision Discovery Request is received for an unknown peer, a new
device entry is being added, but the flow continues without updating the
local p2p_device pointer, requiring to check the pointer value before
every access.

1. Change this, so once a device is added, the flow updates the local
p2p_device pointer and avoids the checks later in the flow.
2. If the device is not known even after adding it, skip the processing,
send the PD Response, and return.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

tests: P2PS advertisement as GO having persistent group (no peer entry)

This is a regression test case for the dev NULL pointer dereference in
p2p_build_prov_disc_resp().

Signed-off-by: Jouni Malinen <j@w1.fi>

P2PS: Fix possible NULL pointer dereference in PD exchange

It is possible that p2p_build_prov_disc_resp() is called with a NULL
device entry, which might be dereferenced when calling
p2p->cfg->get_persistent_group() for the P2PS with persistent group
case. Fix this by checking the device pointer before accessing it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

OpenSSL: Make msg_callback debug prints easier to read

Write a text version of the content type and handshake type in debug log
to make it easier to follow TLS exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>

OpenSSL: Recognize special write_p == 2 in msg_callback

OpenSSL could use this to identify crypto tracing values if built with
OPENSSL_SSL_TRACE_CRYPTO.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: EAP-MSCHAPv2 protocol tests

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Module test for hmac_sha256_kdf() maximum output length

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: MSCHAP UTF-8 to UCS-2 conversion error cases

This triggers all three error cases in utf8_to_ucs2().

Signed-off-by: Jouni Malinen <j@w1.fi>

Fix MSCHAP UTF-8 to UCS-2 conversion check for three-byte encoding

The utf8_string_len comparison was off by one and ended up accepting a
truncated three-byte encoded UTF-8 character at the end of the string if
the octet was missing. Since the password string gets null terminated in
the configuration, this did not result in reading beyond the buffer, but
anyway, it is better to explicitly reject the string rather than try to
use an incorrectly encoded UTF-8 string as the password.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Additional OCSP coverage

Verify OCSP stapling response that is signed by the CA rather than a
separate OCSP responder. In addition, verify that invalid signer
certificate (missing OCSP delegation) gets rejected.

Signed-off-by: Jouni Malinen <j@w1.fi>

hs20-osu-client: Disable EST with BoringSSL to fix build

BoringSSL has dropped OpenSSL functionality that was used in the EST
implementation. For now, disable EST with BoringSSL to allow
hs20-osu-client to be built.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

HTTP (curl): Fix compilation with BoringSSL

Define the sk_*_{num,value}() macros in BoringSSL style if BoringSSL is
used instead of OpenSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Run through OCSP tests with BoringSSL

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

BoringSSL: Implement support for OCSP stapling

BoringSSL has removed the OpenSSL OCSP implementation (OCSP_*()
functions) and instead, provides only a minimal mechanism for include
the status request extension and fetching the response from the server.
As such, the previous OpenSSL-based implementation for OCSP stapling is
not usable with BoringSSL.

Add a new implementation that uses BoringSSL to request and fetch the
OCSP stapling response and then parse and validate this with the new
implementation within wpa_supplicant. While this may not have identical
behavior with the OpenSSL-based implementation, this should be a good
starting point for being able to use OCSP stapling with BoringSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Increase the maximum hostapd.conf line length to 4096 bytes

It was already possible to use longer values through the control
interface SET command, but the configuration file parser was still
limited to 512 byte lines. Increase this to 4096 bytes since some of the
configuration parameters (e.g., anqp_elem) can be longer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

P2PS: Add validation for P2PS PD Request

Validate that all the required attributes appear in a P2PS PD Request,
and in addition, in the case of follow-on PD Request, check that the
given values match those of the original PD Request.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Reduce indentation in p2p_process_prov_disc_req()

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Change connection capability handling

Change the connection capability handling so that in case there are no
active roles, the peer has an active GO, and the advertisement supports
operation as a client, the returned connection capability is set to
client.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Re-factor p2ps_group_capability()

The code was iterating all the interfaces, and for each interface
iterated all the network blocks to count active P2P GO and P2P Client
interfaces.

Change the code to reuse wpas_p2p_get_go_group() to get a P2P GO
interface and add wpas_p2p_get_cli_group() and use it to find a
P2P Client interface, and use these objects when evaluating the
group capability.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

P2PS: Re-factor wpas_p2p_get_go_group() and wpas_p2p_group_go_ssid()

Re-factor wpas_p2p_get_go_group() to:

1. Skip the dedicated P2P Device management interface if it is used.
2. Instead of iterating all the interface configured networks,
only access the current_ssid pointer to check if the current
interface is acting as a persistent P2P GO.

To avoid code duplication, also re-factor wpas_p2p_group_go_ssid()
to call wpas_p2p_get_go_group().

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

tests: P2PS follow-on PD Request with status 11

Add a test case verifying deferred P2PS provision discovery when an
advertiser sends the status 11 (Fail: reject by user) in the follow-on
PD Request.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

P2PS: Send follow-on PD response only if status is 12

When a follow-on PD request is received, peer should not send a
follow-on PD response except the case when the PD request status value
is 12 (Success: accepted by user). Previously, the wpa_supplicant
implementation behaved differently sending the follow-on PD Response on
any follow-on PD Request.

Fix the issue by adding the following changes:

1. Don't send PD Response if the follow-on PD Request status is
   different than 12 (seeker side).
2. Don't wait for the follow-on PD Response if the follow-on PD
   Request was sent with the status different than 12 (advertiser
   side).
3. If the follow-on PD Request was sent with the status different
   than 12 use the follow-on PD Request ACK as PD completion event
   (advertiser side).
4. Notify ASP about the PD completion by sending P2PS-PROV-DONE with
   the PD Request status (advertiser side).

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>

tests: Put seeker into extended listen when deferred PD is expected

Not doing so may result in a deferred PD flow failure (currently the
hwsim tests succeeded because seeker never stopped find, spending enough
time listening, so the follow-on PD would succeed).

Fix this by calling p2p_ext_listen when the seeker receives a deferred
PD failure event. Cancel extended listening when PD is done and also
stop find when seek is done.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

tests: Add extended listen functions to WpaSupplicant

Add p2p_ext_listen() and p2p_cancel_ext_listen() functions.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

P2P: Cancel extended listen on p2p_flush()

It is expected that p2p_flush() should stop any ongoing p2p operation.
However, this was not the case with extended listen which was not
cancelled on p2p_flush() flows. Fix this, by cancelling the extended
listen in p2p_flush().

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

Interworking: Fix wpa_supplicant build without CONFIG_HS20=y

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

tests: GAS/ANQP and extra ANQP elements

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Interworking: Add support for configuring arbitrary ANQP-elements

The new hostapd configuration parameter anqp_elem can now be used to
configure arbitrary ANQP-elements for the GAS/ANQP server. In addition
to supporting new elements, this can be used to override previously
supported elements if some special values are needed (mainly for testing
purposes).

The parameter uses following format:
anqp_elem=<InfoID>:<hexdump of payload>

For example, AP Geospatial Location ANQP-element with unknown location:
anqp_elem=265:0000
and AP Civic Location ANQP-element with unknown location:
anqp_elem=266:000000

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Interworking: Define new ANQP-element Info IDs

This adds the full set on ANQP-elements based on IEEE P802.11REVmc/D4.2.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Interworking: Support unknown ANQP-elements in BSS table

This allows wpa_supplicant to expose internally unknown ANQP-elements in
the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to
fetch the AP Geospatial Location ANQP-element and if the AP has this
information, the "BSS <BSSID>" command will include the response as
"anqp[265]=<hexdump>".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

Android: Fix keystore-backed keys with BoringSSL

The switch to BoringSSL broke keystore-backed keys because
wpa_supplicant was using the dynamic ENGINE loading to load
the keystore module.
The ENGINE-like functionality in BoringSSL is much simpler
and this change should enable it.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

Sync with mac80211-next.git include/uapi/linux/nl80211.h

This brings in nl80211 definitions as of 2015-05-06.

Signed-off-by: Jouni Malinen <j@w1.fi>

Fix couple of typos in hostapd.conf file

Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>

Wait longer for inactive client probe (empty data frame)

Some devices cannot respond to inactive client probe (empty data frame)
within one second. For example, iPhone may take up to 3 secs. This
becomes a significant problem when ap_max_inactivity is set to lower
value such as 10 secs. iPhone can lose Wi-Fi connection after ~1 min
of user inactivity.

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>

hostapd: Force RADIUS socket renewal on RADIUS auth failures

On RADIUS auth/acct failures hostapd will try a new server if one is
available. Reuse the failover logic to force a socket renewal if only
one RADIUS server is configured.

This fixes problems when a route for the RADIUS server gets added after
the socket was "connected". The RADIUS socket is still sending the
RADIUS requests out using the previous route.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

mesh: Generate proper AID for peer

IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on
the local node for each peer. Previously, we were using the peer link ID
(generated by the peer) which may not be unique among all peers. Correct
this by reusing the AP AID generation code.

Signed-off-by: Bob Copeland <me@bobcopeland.com>

Remove WEP support from VLAN

Commit d66dcb0d0b584afdbaba00adcfe661741703094d ('WEP: Remove VLAN
support from hostapd') already removed VLAN support for WEP encryption,
so vlan_setup_encryption_dyn() is no longer needed.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

tests: Verify group encryption is set up for VLANs early

Check that there are no unencrypted frames when using hostapd with VLANs
and WPA before the first station connects to the VLAN.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

Fix init of group state machine for static VLANs

This ensures that group key is set as long as the interface exists.

Additionally, ifconfig_up is needed as wpa_group will enter
FATAL_FAILURE if the interface is still down. Also vlan_remove_dynamic()
is moved after wpa_auth_sta_deinit() so vlan_remove_dynamic() can check
it was the last user of the wpa_group.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

tests: Read monitor messages more frequently

These test cases left at least one of the attached monitor sockets
blocking for excessive time: ap_wpa2_eap_aka_ext,
ap_hs20_req_conn_capab_and_roaming_partner_preference,
ap_hs20_min_bandwidth_and_roaming_partner_preference, ap_wpa_ie_parsing.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Speed up hostapd_oom_loop tests

At some point, these hostapd_oom_* test cases started to fail with
wpa_msg() allocation failure for the AP-ENABLED event. This resulted in
unnecessary long test execution (waiting 30 seconds for an event that
was dropped). Speed this up by using a shorter timeout.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Read monitor events explicitly in wpas_ctrl_interface_add_many

This test case ended up hitting control socket output queue limit
unnecessarily due to the test script not reading pending event messages.

Signed-off-by: Jouni Malinen <j@w1.fi>

Add forgotten list entry removal for control interface deinit

dl_list_del() must be called before freeing the list entries. Neither of
these cases caused problems because the full list data structure was
freed, but still, it is better to do this properly.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: wpa_supplicant control socket and event burst

Signed-off-by: Jouni Malinen <j@w1.fi>

Throttle control interface event message bursts

Some operations like a new scan result processing can result in large
number of wpa_supplicant control interface messages being generated.
Especially with multiple control interface monitors, this could result
in hitting the output queue length maximum and event messages getting
dropped. In worst case, that could even result in hitting ten
consecutive sendto() errors which could result in an attached monitor
socket getting detached.

Avoid this type of issues by throttling monitor event transmission based
on the output queue length. If more than half of the maximum send buffer
is used, postpone sending of following event messages until the pending
output queue has dropped below the limit.

Signed-off-by: Jouni Malinen <j@w1.fi>

Add wpa_supplicant EVENT_TEST control interface command

This testing command makes it easier to debug bursts of event message.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Make it less likely to overflow wlan5 control iface socket

Number of test cases did not read all control interface socket events
from the dynamically added wlan5 interface. This could result in hitting
maximum socket TX queue length and failures in the following test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Fix connect_cmd_roam with old scan results

connect_cmd_roam did not force a new scan to find the second AP. This
could result in failures due to the ROAM command getting rejected, e.g.,
in the following test case sequence: wext_pmksa_cache connect_cmd_roam.

Signed-off-by: Jouni Malinen <j@w1.fi>

tests: Modify p2p_channel to also support CSA

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

tests: AP Channel Switch, one switch with only ECSA IE

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

hostapd: Add testing option to use only ECSA

Some APs don't include a CSA IE when an ECSA IE is generated,
and mac80211 used to fail following their channel switch. Add
a testing option to hostapd to allow reproducing the behavior.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

Handle VHT operating classes correctly

Fix and extend the ieee80211_freq_to_channel_ext() function to deal
correctly with VHT operating classes (128, 129, 130).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

Set channel and operating class in hostapd_fill_csa_settings()

The CSA channel and operating class values need to be set for all types
of channel switch (i.e., either if it's triggered by the control
interfaces or due to the GO-follows-STA flow). To do so, move the code
that sets them from the GO-follows-STA flow to the more generic
hostapd_fill_csa_settings() function.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>

Use ieee80211_freq_to_chan() when getting segment indices

The hostapd_hw_get_channel() function can't be used to convert center
frequencies to channel numbers, because the hw mode lists don't have all
the center frequencies. The hw mode lists have the main channel
frequencies and flags to indicate the channel topography.

For instance, channel 5805 with VHT80- has the channel center frequency
segment 0 at 5775. This segment is only indicated indirectly in the hw
mode list by the HOSTAPD_CHAN_VHT_50_30 flag. The hw mode list doesn't
have any elements with frequency 5775 to allow the conversion to a
channel number. Thus, we need to use ieee80211_freq_to_chan() instead.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>

Provide an offset to CSA counters in Probe Response frames

Pass to the driver a list of CSA counter offsets when sending Probe
Response frames during a CSA period. This allows the kernel to correctly
update the CSA/eCSA elements.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

nl80211: Specify CSA offsets in send_mlme() driver op

Some management frames contain CSA counters which should be updated by
kernel. Change driver op send_mlme() allowing to send a frame,
specifying an array of offsets to the CSA counters which should be
updated. For example, CSA offsets parameters should be specified when
sending Probe Response frames during CSA period.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

Advertise Supported Operating Classes elements in Beacon/Probe Response

Advertise current operating class in Beacon and Probe Response frames.
This Supported Operating Classes element is required by the standard
when extended channel switch is supported. However, since this element
doesn't reflect correctly the sub-band spectrum breakdown and can't be
effectively used by clients, publish only the minimal required part
which is the current operating class.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>