Commit graph

6034 commits

Author SHA1 Message Date
Jouni Malinen
eeefe187bc tests: Verify WPS AP auto upgrade from WPA/TKIP to WPA/TKIP+WPA2/CCMP
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
75d1d0f7b6 WPS: Allow testing mode to disable 2.0 functionality
Previously, wps_version_number was used only to test extensibility to
newer version numbers, but it can also be used to enable testing of
older versions (1.0), e.g., to avoid hitting some 2.0 specific
validation steps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
d658205a89 tests: Verify PIN mismatch behavior
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
f7e2542f28 Remove unused wps_device_data_dup()
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
6645ff5094 tests: Verify WPS AP Setup Locking on AP PIN failures
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
10ea684830 tests: Verify WPS extensibility (version and new attribute)
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
c89d9dba9c Remove unnecessary extra tracking of eloop registration
It is fine to try to cancel a registration that does not exist, so there
is no need to have the duplicated checks for eloop timeout and socket
registration.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
c86bf160a7 Replace unnecessary hex_value() with hex2byte()
There is no need to maintain two functions for doing
the same type of hex-to-binary conversion.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
bff3ac5b3c tests: Verify EAP-WSC fragmentation and mixed mode WPA+WPA2
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
7b02375a41 Clear wps_fragment_size on FLUSH command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
6f62809b4b tests: Verify FT EAP
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
6e658cc42d tests: Verify FT SAE
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
aa189ac9dd Enable FT with SAE
It was already possible to configure hostapd and wpa_supplicant to use
FT-SAE for the key management, but number of places were missing proper
AKM checks to allow FT to be used with the new AKM.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
2b00519431 tests: WPA2-Enterprise with PMF required
Increase test coverage with PMF required configuration and SHA256-based
AKM in one of the EAP test cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
71390dc87e tests: Verify WPA-Enterprise functionality
All the previous EAP test cases were using WPA2-Enterprise.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
910d2ca7c1 tests: Verify IBSS with WPA-None
The actual data connection does not seem to work with mac80211_hwsim, so
the hwsim_test results are ignored for now.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
b553eab1a9 tests: Verify FT-over-DS
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
2d2ecf51aa nl80211: Fix protected Action frame reporting for AP mode
Action frame RX report through EVENT_RX_ACTION did not indicate whether
the frame was protected or not even though that information is available
in mlme_event_mgmt(). hostapd_rx_action() has a workaround for setting
the protected flag for SA Query frames, but that did not apply for other
frames, like FT Action. This broke FT-over-DS when PMF is enabled with
newer kernel versions (i.e., the ones that do not use monitor interface
for receiving management frames).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
4a5a5792f1 tests: Verify PeerKey handshake
NOTE: Actual use of the direct link (DLS) is not supported in
mac80211_hwsim, so this operation fails at setting the keys after
successfully completed 4-way handshake. This test case does allow the
key negotiation part to be tested for coverage, though.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
db76aa64f1 Fix PeerKey 4-way handshake
The earlier changes to buffer EAPOL frames when not associated to avoid
race conditions (especially commit
3ab35a6603 but maybe something even before
that) broke PeerKey 4-way handshake. Fix this by using a separate check
before the race condition workaround to process PeerKey 4-way handshake
EAPOL-Key messages differently.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
773272989a Fix PeerKey deinit behavior
PeerKey entries need to be removed on disassociation and this needs to
be done in a way that cancels the possibly pending eloop timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
4472aafbe0 tests: Generate a combined code coverage report
This combines coverage from all three separate reports into a single
report.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
75b2b9cfb0 tests: Verify EAP fast reauthentication
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
698f8324c6 tests: Verify PEAPv0 Crypto-Binding
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
6435799b85 tests: Add WNM test cases
These are not yet complete, but at least some frame exchanges can
be verified for WNM operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 20:04:27 +02:00
Jouni Malinen
8d321a7d4c WNM: Move disassociation imminent sending to wnm_ap.c
This gets all WNM BSS Transition Management frame building and sending
within hostapd into the same location.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:57:47 +02:00
Jouni Malinen
b76f4c2763 hostapd: Make STA flags available through ctrl_iface STA command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
aa03dbd517 Remove IEEE80211_REQUIRE_AUTH_ACK
This is not really needed for anything and the standard does not require
such validation step to be made for Authentication frame transmission.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
121f2ab49a Remove unused STA flags
These three flags were only displayed, but never set or used for
anything else.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
3578e665bf WNM: Add STA flag to indicate the current WNM-Sleep-Mode state
This can be useful for displaying the current STA state and also for
determining whether some operations are likely to fail or need
additional delay.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
477689788c WNM: Fix AP processing without wnm_oper driver callback
hostapd_drv_wnm_oper() needs to indicate an error if the driver callback
function is not implemented. Without this, the buf_len argument could
have been left uninitialized which could result in crashing the process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:48:04 +02:00
Jouni Malinen
2025cad9b8 WNM: Move ESS Disassoc Imminent sending to a helper function
This makes it easier to trigger the ESS Disassociation Imminent
operation from different sources.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-27 18:48:04 +02:00
Jouni Malinen
28ab64af9b WNM: Minimal processing of BSS Transition Management Query/Response
This adds first steps at processing a BSS Transition Management Query on
the AP side. Mainly, the message is parsed and printed out in the debug
log and a minimal BSS Transition Management Request frame is sent as a
response. BSS Transition Management Response frame is also parsed and
details printed out in the debug log.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Jouni Malinen
2cd0f6a429 WNM: Add Target BSSID into BSS Transition Management Response
P802.11-REVmc clarifies that the Target BSSID field is always present
hen status code is zero, so match that requirement.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Jouni Malinen
a8a6a35fd6 WNM: Use nonzero dialog token in BSS Transition Management Query
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Jouni Malinen
bcbd74155e tests: Mark kernel issues more clearly in the log file
It was previously not obvious from the <test case>.log file that a test
case was marked failed based on kernel issues. Make this very clear to
avoid wasting time on figuring out what caused the failure.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Jouni Malinen
3f33b3ad8c tests: Collect code coverage separately from each component in vm
Use a more robust design for collecting the gcov logs from the case
where test cases are run within a virtual machine. This generates a
writable-from-vm build tree for each component separately so that the
lcov and gcov can easily find the matching source code and data files.
In addition, prepare the reports automatically at the end of the
vm-run.sh --codecov execution.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Jouni Malinen
629dbdd36a tests: Wait for AP-ENABLED
It takes some time for hostapd to complete AP startup. In some cases,
this could potentially result in station starting a scan before the AP
is beaconing or ready to reply to probes. To avoid such race conditions,
wait for AP-ENABLED before going ahead with the test cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Jouni Malinen
629edfef81 WNM: Fix Sleep Mode AP processing in open network
The previous version could end up calling WPA authenticator routines
even though the authenticator had not been initialized and this could
result in NULL pointer dereference.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 22:26:05 +02:00
Sudha Daram
3c1060ff8f WNM: Add debug logs to get the RSSI from the scan results
This commit adds few more debug prints to log the RSSI information from
the scanned BSSIDs and the current connected BSSID when comparing
neighbor results during WNM Transition Management Request processing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 22:26:05 +02:00
Jouni Malinen
dff1e2856d Initial handling of GTK-not-used cipher suite
This prepares wpa_supplicant for accepting cases where the AP does not
use group addressed frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 22:26:05 +02:00
Jouni Malinen
51e3eafb68 OpenSSL: Do not accept SSL Client certificate for server
If the extended key usage of the AAA server certificate indicates
that the certificate is for client use, reject the TLS handshake.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 22:26:05 +02:00
Jouni Malinen
6bf61fb288 OpenSSL: Use certificates from TLS authentication in OCSP stapling
OCSP response may not include all the needed CA certificates, so use the
ones received during TLS handshake.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
c9629476f3 WPS ER: Fix deinit timeout handling with delayed/failing unsubscribe
The five second timeout to call wps_er_deinit_finish() could potentially
be left behind when removing the ER data based on some other event. This
could result in double-freeing of wps_er context killing the process,
e.g., if the WPS ER functionality is stopped while in the process of
unsubscribing from an AP and then restarted.

In addition, AP entries could still be present in the
er->ap_unsubscribing list when the deinit timeout hits. These entries
would still maintain HTTP context pointing to the ER which would be
freed here and as such, the following HTTP client callback could refer
to freed memory and kill the process. Fix this by freeing AP entries
from ap_unsubscribing list when ER is deinitialized from timeout even if
such AP entries have not completed unsubscription from UPnP events.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
7b75c30109 WPS: Reschedule AP configuration reload on EAP completion
Reduce race condition of the station trying to reconnect immediately
after AP reconfiguration through WPS by rescheduling the reload
timeout to happen after EAP completion rather than the originally
scheduled 100 ms after new configuration became known.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
04e6278848 tests: Verify that WPS re-provisioning replaces old network block
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
c511b321f3 WPS: Remove old duplicate network even if key is different
Previously, WPS credential provisioning removed duplicated network
entries only if they had identicical SSID, security parameters, and the
keys. However, it is possible that the AP has changes its keys and
leaving the old entry behind can result in connectibity issues (e.g.,
with 4-way handshake failing due to use of the old PSK). Fix this by
allowing the old network entry to be removed even if the keys
(passphrase, PSK, WEP keys) are different.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
9d2cb3ec94 Make CONFIG_TESTING_OPTIONS=y enable all testing options
This makes it easier to enable various testing parameters and
functionality in build configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
662b40b16b WPS: Reduce scan wait time during WPS processing
Since the AP is expected to be available, there is no need to wait for
the full five second wait between scans during WPS connection. This
speeds up cases where the first scan misses the AP for some reason.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
015af91fea Do not use results from externally requested scan for network selection
It may not always be desirable to trigger reassociation or network
change based on scan results from externally to wpa_supplicant trigger
scan operations. Skip network selection and roaming determination if the
received scan result is known to be triggered by something external to
wpa_supplicant. The control interface SCAN command can be used to
request wpa_supplicant to determine the best network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 20:50:28 +02:00