Commit graph

10236 commits

Author SHA1 Message Date
Ilan Peer
4acd5ac67b P2P: Cleanup handling of unknown peer in PD Request processing
If a Provision Discovery Request is received for an unknown peer, a new
device entry is being added, but the flow continues without updating the
local p2p_device pointer, requiring to check the pointer value before
every access.

1. Change this, so once a device is added, the flow updates the local
   p2p_device pointer and avoids the checks later in the flow.
2. If the device is not known even after adding it, skip the processing,
   send the PD Response, and return.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 12:38:07 +03:00
Jouni Malinen
f56478ab88 tests: P2PS advertisement as GO having persistent group (no peer entry)
This is a regression test case for the dev NULL pointer dereference in
p2p_build_prov_disc_resp().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-11 12:31:30 +03:00
Ilan Peer
572f1ead19 P2PS: Fix possible NULL pointer dereference in PD exchange
It is possible that p2p_build_prov_disc_resp() is called with a NULL
device entry, which might be dereferenced when calling
p2p->cfg->get_persistent_group() for the P2PS with persistent group
case. Fix this by checking the device pointer before accessing it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 12:29:19 +03:00
Jouni Malinen
cbb154973d OpenSSL: Make msg_callback debug prints easier to read
Write a text version of the content type and handshake type in debug log
to make it easier to follow TLS exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-11 11:35:35 +03:00
Jouni Malinen
faf8f29379 OpenSSL: Recognize special write_p == 2 in msg_callback
OpenSSL could use this to identify crypto tracing values if built with
OPENSSL_SSL_TRACE_CRYPTO.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-11 11:14:00 +03:00
Jouni Malinen
37211e15fa tests: EAP-MSCHAPv2 protocol tests
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-11 00:59:58 +03:00
Jouni Malinen
6f5b284b32 tests: Module test for hmac_sha256_kdf() maximum output length
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 18:57:14 +03:00
Jouni Malinen
0d2a7bad0f tests: MSCHAP UTF-8 to UCS-2 conversion error cases
This triggers all three error cases in utf8_to_ucs2().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 18:41:22 +03:00
Jouni Malinen
5a55c9b411 Fix MSCHAP UTF-8 to UCS-2 conversion check for three-byte encoding
The utf8_string_len comparison was off by one and ended up accepting a
truncated three-byte encoded UTF-8 character at the end of the string if
the octet was missing. Since the password string gets null terminated in
the configuration, this did not result in reading beyond the buffer, but
anyway, it is better to explicitly reject the string rather than try to
use an incorrectly encoded UTF-8 string as the password.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 18:38:37 +03:00
Jouni Malinen
d79ce4a6ce tests: Additional OCSP coverage
Verify OCSP stapling response that is signed by the CA rather than a
separate OCSP responder. In addition, verify that invalid signer
certificate (missing OCSP delegation) gets rejected.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 17:32:53 +03:00
Jouni Malinen
63d9bf81ab hs20-osu-client: Disable EST with BoringSSL to fix build
BoringSSL has dropped OpenSSL functionality that was used in the EST
implementation. For now, disable EST with BoringSSL to allow
hs20-osu-client to be built.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-10 00:07:32 +03:00
Jouni Malinen
cc2994024d HTTP (curl): Fix compilation with BoringSSL
Define the sk_*_{num,value}() macros in BoringSSL style if BoringSSL is
used instead of OpenSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-10 00:06:14 +03:00
Jouni Malinen
0c6185fc73 tests: Run through OCSP tests with BoringSSL
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-09 23:48:30 +03:00
Jouni Malinen
bdee6ca0e0 BoringSSL: Implement support for OCSP stapling
BoringSSL has removed the OpenSSL OCSP implementation (OCSP_*()
functions) and instead, provides only a minimal mechanism for include
the status request extension and fetching the response from the server.
As such, the previous OpenSSL-based implementation for OCSP stapling is
not usable with BoringSSL.

Add a new implementation that uses BoringSSL to request and fetch the
OCSP stapling response and then parse and validate this with the new
implementation within wpa_supplicant. While this may not have identical
behavior with the OpenSSL-based implementation, this should be a good
starting point for being able to use OCSP stapling with BoringSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-09 23:48:30 +03:00
Jouni Malinen
ef50e41028 Increase the maximum hostapd.conf line length to 4096 bytes
It was already possible to use longer values through the control
interface SET command, but the configuration file parser was still
limited to 512 byte lines. Increase this to 4096 bytes since some of the
configuration parameters (e.g., anqp_elem) can be longer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-08 12:10:24 +03:00
Ilan Peer
e4f90a6a27 P2PS: Add validation for P2PS PD Request
Validate that all the required attributes appear in a P2PS PD Request,
and in addition, in the case of follow-on PD Request, check that the
given values match those of the original PD Request.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:22 +03:00
Ilan Peer
20324d47f9 P2PS: Reduce indentation in p2p_process_prov_disc_req()
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:21 +03:00
Ilan Peer
f8a80e39b3 P2PS: Change connection capability handling
Change the connection capability handling so that in case there are no
active roles, the peer has an active GO, and the advertisement supports
operation as a client, the returned connection capability is set to
client.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:21 +03:00
Ilan Peer
ab804bcb6f P2PS: Re-factor p2ps_group_capability()
The code was iterating all the interfaces, and for each interface
iterated all the network blocks to count active P2P GO and P2P Client
interfaces.

Change the code to reuse wpas_p2p_get_go_group() to get a P2P GO
interface and add wpas_p2p_get_cli_group() and use it to find a
P2P Client interface, and use these objects when evaluating the
group capability.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:21 +03:00
Ilan Peer
8d5e73290f P2PS: Re-factor wpas_p2p_get_go_group() and wpas_p2p_group_go_ssid()
Re-factor wpas_p2p_get_go_group() to:

1. Skip the dedicated P2P Device management interface if it is used.
2. Instead of iterating all the interface configured networks,
   only access the current_ssid pointer to check if the current
   interface is acting as a persistent P2P GO.

To avoid code duplication, also re-factor wpas_p2p_group_go_ssid()
to call wpas_p2p_get_go_group().

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:21 +03:00
Max Stepanov
8cc4b06f75 tests: P2PS follow-on PD Request with status 11
Add a test case verifying deferred P2PS provision discovery when an
advertiser sends the status 11 (Fail: reject by user) in the follow-on
PD Request.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-10-07 17:07:21 +03:00
Max Stepanov
f94e4c20e4 P2PS: Send follow-on PD response only if status is 12
When a follow-on PD request is received, peer should not send a
follow-on PD response except the case when the PD request status value
is 12 (Success: accepted by user). Previously, the wpa_supplicant
implementation behaved differently sending the follow-on PD Response on
any follow-on PD Request.

Fix the issue by adding the following changes:

1. Don't send PD Response if the follow-on PD Request status is
   different than 12 (seeker side).
2. Don't wait for the follow-on PD Response if the follow-on PD
   Request was sent with the status different than 12 (advertiser
   side).
3. If the follow-on PD Request was sent with the status different
   than 12 use the follow-on PD Request ACK as PD completion event
   (advertiser side).
4. Notify ASP about the PD completion by sending P2PS-PROV-DONE with
   the PD Request status (advertiser side).

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-10-07 17:07:21 +03:00
Andrei Otcheretianski
9773ea38cf tests: Put seeker into extended listen when deferred PD is expected
Not doing so may result in a deferred PD flow failure (currently the
hwsim tests succeeded because seeker never stopped find, spending enough
time listening, so the follow-on PD would succeed).

Fix this by calling p2p_ext_listen when the seeker receives a deferred
PD failure event. Cancel extended listening when PD is done and also
stop find when seek is done.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-07 17:07:21 +03:00
Andrei Otcheretianski
a3dc75020a tests: Add extended listen functions to WpaSupplicant
Add p2p_ext_listen() and p2p_cancel_ext_listen() functions.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-07 17:07:21 +03:00
Andrei Otcheretianski
a3de16768b P2P: Cancel extended listen on p2p_flush()
It is expected that p2p_flush() should stop any ongoing p2p operation.
However, this was not the case with extended listen which was not
cancelled on p2p_flush() flows. Fix this, by cancelling the extended
listen in p2p_flush().

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
876e74aa5f Interworking: Fix wpa_supplicant build without CONFIG_HS20=y
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
1c532fd5c0 tests: GAS/ANQP and extra ANQP elements
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
695dbbea88 Interworking: Add support for configuring arbitrary ANQP-elements
The new hostapd configuration parameter anqp_elem can now be used to
configure arbitrary ANQP-elements for the GAS/ANQP server. In addition
to supporting new elements, this can be used to override previously
supported elements if some special values are needed (mainly for testing
purposes).

The parameter uses following format:
anqp_elem=<InfoID>:<hexdump of payload>

For example, AP Geospatial Location ANQP-element with unknown location:
anqp_elem=265:0000
and AP Civic Location ANQP-element with unknown location:
anqp_elem=266:000000

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
3f21b311b2 Interworking: Define new ANQP-element Info IDs
This adds the full set on ANQP-elements based on IEEE P802.11REVmc/D4.2.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
8c4a1026b8 Interworking: Support unknown ANQP-elements in BSS table
This allows wpa_supplicant to expose internally unknown ANQP-elements in
the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to
fetch the AP Geospatial Location ANQP-element and if the AP has this
information, the "BSS <BSSID>" command will include the response as
"anqp[265]=<hexdump>".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Adam Langley
aeeb0bca71 Android: Fix keystore-backed keys with BoringSSL
The switch to BoringSSL broke keystore-backed keys because
wpa_supplicant was using the dynamic ENGINE loading to load
the keystore module.
The ENGINE-like functionality in BoringSSL is much simpler
and this change should enable it.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-10-06 23:10:17 +03:00
Jouni Malinen
dd9a42efbc Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2015-05-06.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-06 23:10:17 +03:00
Maneesh Jain
234a17cc13 Fix couple of typos in hostapd.conf file
Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-10-06 23:10:17 +03:00
Dmitry Ivanov
9b285081ff Wait longer for inactive client probe (empty data frame)
Some devices cannot respond to inactive client probe (empty data frame)
within one second. For example, iPhone may take up to 3 secs. This
becomes a significant problem when ap_max_inactivity is set to lower
value such as 10 secs. iPhone can lose Wi-Fi connection after ~1 min
of user inactivity.

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
2015-10-06 23:09:55 +03:00
Helmut Schaa
e5d34da25a hostapd: Force RADIUS socket renewal on RADIUS auth failures
On RADIUS auth/acct failures hostapd will try a new server if one is
available. Reuse the failover logic to force a socket renewal if only
one RADIUS server is configured.

This fixes problems when a route for the RADIUS server gets added after
the socket was "connected". The RADIUS socket is still sending the
RADIUS requests out using the previous route.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2015-10-06 01:27:29 +03:00
Bob Copeland
681753f23c mesh: Generate proper AID for peer
IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on
the local node for each peer. Previously, we were using the peer link ID
(generated by the peer) which may not be unique among all peers. Correct
this by reusing the AP AID generation code.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-10-06 01:27:29 +03:00
Michael Braun
41d621075e Remove WEP support from VLAN
Commit d66dcb0d0b ('WEP: Remove VLAN
support from hostapd') already removed VLAN support for WEP encryption,
so vlan_setup_encryption_dyn() is no longer needed.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-06 01:27:27 +03:00
Michael Braun
ee2b0d19f5 tests: Verify group encryption is set up for VLANs early
Check that there are no unencrypted frames when using hostapd with VLANs
and WPA before the first station connects to the VLAN.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-06 01:25:39 +03:00
Michael Braun
7cebc8e210 Fix init of group state machine for static VLANs
This ensures that group key is set as long as the interface exists.

Additionally, ifconfig_up is needed as wpa_group will enter
FATAL_FAILURE if the interface is still down. Also vlan_remove_dynamic()
is moved after wpa_auth_sta_deinit() so vlan_remove_dynamic() can check
it was the last user of the wpa_group.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-06 01:25:36 +03:00
Jouni Malinen
a359c7bb23 tests: Read monitor messages more frequently
These test cases left at least one of the attached monitor sockets
blocking for excessive time: ap_wpa2_eap_aka_ext,
ap_hs20_req_conn_capab_and_roaming_partner_preference,
ap_hs20_min_bandwidth_and_roaming_partner_preference, ap_wpa_ie_parsing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 20:45:20 +03:00
Jouni Malinen
57ff37d0e8 tests: Speed up hostapd_oom_loop tests
At some point, these hostapd_oom_* test cases started to fail with
wpa_msg() allocation failure for the AP-ENABLED event. This resulted in
unnecessary long test execution (waiting 30 seconds for an event that
was dropped). Speed this up by using a shorter timeout.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 18:52:38 +03:00
Jouni Malinen
35d2e24bc7 tests: Read monitor events explicitly in wpas_ctrl_interface_add_many
This test case ended up hitting control socket output queue limit
unnecessarily due to the test script not reading pending event messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 18:52:38 +03:00
Jouni Malinen
12ea4cff6b Add forgotten list entry removal for control interface deinit
dl_list_del() must be called before freeing the list entries. Neither of
these cases caused problems because the full list data structure was
freed, but still, it is better to do this properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 18:52:38 +03:00
Jouni Malinen
d9052150eb tests: wpa_supplicant control socket and event burst
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 18:52:38 +03:00
Jouni Malinen
3fdaaa8fc4 Throttle control interface event message bursts
Some operations like a new scan result processing can result in large
number of wpa_supplicant control interface messages being generated.
Especially with multiple control interface monitors, this could result
in hitting the output queue length maximum and event messages getting
dropped. In worst case, that could even result in hitting ten
consecutive sendto() errors which could result in an attached monitor
socket getting detached.

Avoid this type of issues by throttling monitor event transmission based
on the output queue length. If more than half of the maximum send buffer
is used, postpone sending of following event messages until the pending
output queue has dropped below the limit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 18:52:15 +03:00
Jouni Malinen
a530fe778b Add wpa_supplicant EVENT_TEST control interface command
This testing command makes it easier to debug bursts of event message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 11:45:13 +03:00
Jouni Malinen
4b9d79b66e tests: Make it less likely to overflow wlan5 control iface socket
Number of test cases did not read all control interface socket events
from the dynamically added wlan5 interface. This could result in hitting
maximum socket TX queue length and failures in the following test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 01:42:42 +03:00
Jouni Malinen
7d56bd734c tests: Fix connect_cmd_roam with old scan results
connect_cmd_roam did not force a new scan to find the second AP. This
could result in failures due to the ROAM command getting rejected, e.g.,
in the following test case sequence: wext_pmksa_cache connect_cmd_roam.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 00:35:12 +03:00
Ilan Peer
cd27374f5f tests: Modify p2p_channel to also support CSA
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-03 21:42:33 +03:00
Johannes Berg
f227043711 tests: AP Channel Switch, one switch with only ECSA IE
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-10-03 21:37:28 +03:00