Commit graph

16102 commits

Author SHA1 Message Date
Jouni Malinen
4d9c313f2a WPA: Fix wpa_parse_kde_ies() handling with vendor specific elements
Documentation of the return values for wpa_parse_vendor_specific() and
wpa_parse_generic() were not accurate and the parsing results from these
were not really handled appropriately. There is no point in calling
wpa_parse_vendor_specific() if wpa_parse_generic() recognizes a KDE. Not
that this would break anything in practice, but still, it looks
confusing.

The part about handling wpa_parse_vendor_specific() return value can, at
least in theory, break some cases where an unexpectedly short KDE/vendor
specific element were present and something would need to be recognized
after it. That does not really happen with any standard compliant
implementation and this is unlikely to cause any real harm, but it is
clearer to handle this more appropriately even for any theoretical case,
including misbehavior of a peer device.

Instead of stopping parsing on too short vendor specific element,
continue parsing the following KDEs/IEs. Skip the
wpa_parse_vendor_specific() call when a KDE has been recognized. Also
fix the return value documentation for wpa_parse_generic() and remove
the useless return value from wpa_parse_vendor_specific().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-24 17:06:50 +03:00
Jouni Malinen
1025a9052c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2020-02-24.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-24 17:06:36 +03:00
Jouni Malinen
fe319fc7ed tests: DPP QR Code and authentication exchange (rand_mac_addr=1)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-22 17:09:01 +03:00
Jouni Malinen
0c5edededa DPP: Fix config exchange with gas_rand_mac_addr
Do not use a random MAC address for the GAS exchange that is used as
part of the DPP protocol exchange since that would break DPP.
Configurator expects the same MAC address to be used for DPP
Authentication exchange and DPP Configuration exchange (GAS).

Since the DPP Authentication exchange has already used the MAC address
configured on the interface, use of a random address for the GAS
exchange would not provide any additional privacy protection. If a
random MAC address needs to be used for this type of an exchange, that
random address would need to be first configured on the interface before
starting DPP exchange.

This does not change GAS query behavior for any other use case, i.e.,
the gas_rand_mac_addr configuration continues to apply to all the
Interworking/Hotspot 2.0 uses.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-22 17:09:01 +03:00
Jouni Malinen
de3f8d9fd1 tests: Fix new fuzzer builds
$(LIBS) got included twice into the linker command line from $^ and
$(LIBS). The former ended up getting converted based on host CPU rather
than target. Fix that by removing duplication and -lcrypto from $(LIBS).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-22 00:51:13 +03:00
Jouni Malinen
60a2de5683 EAP server: Convert Boolean to C99 bool
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-21 17:39:07 +03:00
Jouni Malinen
4d2ec436e3 DPP: Add driver operation for enabling/disabling listen mode
This can be used to configure RX filter to be able to receive broadcast
DPP Public Action frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-20 23:52:04 +03:00
Jouni Malinen
99cf895553 Include stdbool.h to allow C99 bool to be used
We have practically started requiring some C99 features, so might as
well finally go ahead and bring in the C99 bool as well.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-20 20:29:31 +03:00
Jouni Malinen
3e6383f31a DPP2: Silence compiler warning with no-CONFIG_DPP2 and OpenSSL 1.0.2
EVP_PKEY_get0_EC_KEY() compatibility wrapper is used only within
CONFIG_DPP2 blocks, so define it with matching condition.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Jouni Malinen
f23b70f163 Silence compiler warning in no-NEED_AP_MLME hostapd builds
The static function hostapd_ctrl_check_freq_params() was called only
within #ifdef NEED_AP_MLME block so the function needs to be defined
under matching condition.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Jouni Malinen
0115268743 nl80211: Move nl80211_init_connect_handle() to avoid forward declaration
This has no changes to the function itself, i.e., it is just moved to a
location that is above the first caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Jouni Malinen
2c70b7d0b4 Do not open l2_packet(EAPOL) for receive unnecessarily
If the driver supports control port for EAPOL RX, do not register
l2_packet for RX to minimize unnecessary operation load.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Jouni Malinen
7a880b129d l2_packet: Allow initialization without RX handling
This can be used to minimize resource use when receive path is not
needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Jouni Malinen
95cbf45090 nl80211: Do not open EAPOL RX socket when using control port for RX (AP)
drv->eapol_sock is used only for receiving EAPOL frames in AP mode, so
it is not needed when using control port for EAPOL frame RX.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Jouni Malinen
e480ed38eb tests: ap_open_out_of_memory to skip i802_init test if needed
The eloop_register_read_sock() call in i802_init() will be skipped if
the driver supports control port for EAPOL RX, so need to skip this part
of the test case conditionally.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 17:42:41 +03:00
Jouni Malinen
c3bb8865a0 Clean up l2_packet_get_own_addr() call
There is no need for this to be outside the if block that is used to
check whether l2_packet is used for the interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 16:50:56 +03:00
Jouni Malinen
9d6334e811 Do not open l2_packet bridge workaround socket if control port is used
This allows wpa_supplicant to avoid the packet socket workaround for
cases where a bridge interface is used if the driver supports control
port for EAPOL frame TX and RX.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 16:50:56 +03:00
Jouni Malinen
533d06340f tests: WPA2-PSK AP with nl80211 control port in AP mode
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 16:50:56 +03:00
Jouni Malinen
c1bc0dd80d nl80211: Disable EAPOL TX over control port in AP mode by default
Since this nl80211 mechanism for sending EAPOL frames does not currently
support TX status notification, disable it by default of AP mode where
the Authenticator state machine uses those notifications to optimize
retransmission. The control port TX can be enabled for AP mode with
driver param control_port_ap=1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 16:50:56 +03:00
Markus Theil
12ea7dee31 nl80211: Use nl80211 control port for receiving EAPOL frames
Use and/or set socker owner where necessary to allow EAPOL frames to be
received using the nl80211 control port. This is done when the driver
indicates support for the control port without previous hardcoded
reception of RSN preauth frames.

Use methods which set or use the connection owner nl_sock * where
necessary. Initial operations need to register with the SOCKET_OWNER
attribute set (e.g., connect for STA mode). Final operations need to use
the socket which holds the owner attribute (e.g., disconnect for STA
mode).

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-04-19 16:49:03 +03:00
Markus Theil
8609aa5ba3 nl80211: Tie connect handle to bss init/destroy
This commit creates a connect nl_sock * for every bss unconditionally.
It is used in the next commit for nl80211 control port RX.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-04-19 15:53:02 +03:00
Markus Theil
b4a70018ee nl80211: Handle control port frame in bss events
In order to work in AP mode, handle control port frame RX as per bss
event.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-04-19 15:53:02 +03:00
Markus Theil
6f70fcd986 nl80211: Check ethertype for control port RX
nl80211 control port event handling previously did not differentiate
between EAPOL and RSN preauth ethertypes. Add checking of the ethertype
and report unexpected frames (only EAPOL frames are supposed to be
delivered through this path).

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-04-19 15:53:02 +03:00
Jouni Malinen
932546ac28 nl80211: Add a separate driver capability for control port RX
This is needed since the initial implementation of the control port
mechanism in the kernel mixed in RSN pre-authentication ethertype
unconditionally (and IMHO, incorrectly) into the control port.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 15:53:02 +03:00
Jouni Malinen
bb9e3935dd driver: Add second driver capability flags bitmap
All 64 bits of the capability flags bitmap are used, so add a new
variable to hold future capability bits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-19 15:53:02 +03:00
Jouni Malinen
52ed13b78d tests: Move csa_supported() into utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
0b21877185 tests: Move clear_scan_cache() and set_world_reg() to utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
1bba048d78 tests: Move vht_supported() into utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
31bdd8b7c7 tests: Move check_sae_capa() into utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
40341e16a5 tests: Move check_wep_capa() into utils.py
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
7e88ed8e2d tests: Use function decorator to clean up --long processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-18 11:35:32 +03:00
Jouni Malinen
b5bf18768f tests: ap_wps_reg_config_tkip to allow no-TKIP hostapd build
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
6255a8ac1f WPS: Convert WPA/TKIP-only to WPA+WPA2 mixed mode credential
This case of accepting WPA/TKIP-only credential based on internal
registrar request to configure an AP to use TKIP was still remaining
while all the WPS cases were supposed to enable mixed mode
automatically. This is bit of a corner case since this is based on
explicit local request to configure TKIP, but anyway, convert this one
as well to allow WPA2/CCMP to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
7162c6ecf5 tests: Use SAE instead of WPA/TKIP in ap_multi_bss_acs
This makes the test case work with no-TKIP hostapd builds.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
48ac765919 tests: ap_wpa2_eap_assoc_rsn to allow TKIP-disabled hostapd build
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
d0b382fd11 tests: ap_wps_init to allow TKIP-disabled hostapd build
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
7b82d0bd58 tests: Skip test cases where hostapd does not support TKIP
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
21cf2c5baf tests: Skip more tests based on missing TKIP support
This makes it more convenient to run tests with builds that disable
TKIP/WPA(v1) support completely.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
de5bf2d199 tests: Do not enable TKIP group cipher for FT tests without need
Change run_roams() default to CCMP-only and enable TKIP only in the test
case that needs this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-17 23:51:58 +03:00
Disha Das
6b1c590ebb Allow TKIP support to be removed from build
Add a build flag CONFIG_NO_TKIP=y to remove all TKIP functionality from
hostapd and wpa_supplicant builds. This disables use of TKIP as both the
pairwise and group cipher. The end result does not interoperate with a
WPA(v1)-only device or WPA+WPA2 mixed modes.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-04-17 23:51:58 +03:00
Jouni Malinen
11bd6ea60e tests: sigma_dut controlled AP with FT and RSNXE Used mismatch
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 23:58:36 +03:00
Jouni Malinen
b654552247 tests: FT-SAE AP and unexpected RSNXE Used in ReassocResp
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 23:39:57 +03:00
Jouni Malinen
a6c689d354 FT: Testing override for RSNXE Used subfield in FTE (AP)
Allow hostapd to be requested to override the RSNXE Used subfield in FT
reassociation case for testing purposes with "ft_rsnxe_used=<0/1/2>"
where 0 = no override, 1 = override to 1, and 2 = override to 0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 23:39:57 +03:00
Jouni Malinen
7ad6016e19 tests: sigma_dut controlled FT protocol with RSNXE Used mismatch
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-16 15:44:42 +03:00
Jouni Malinen
9b222b6130 nl80211: Remove unnecessary inclusion of l2_packet.h
The only l2_packet use within this file was removed by commit
d12dab4c6f ("nl80211: Use non-receiving socket for EAPOL TX").

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 19:28:05 +03:00
Jouni Malinen
6ac48fd9e8 tests: FT-SAE AP and unexpected RSNXE Used in ReassocReq
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Jouni Malinen
b2d8dc59f4 FT: Testing override for RSNXE Used subfield in FTE
Allow wpa_supplicant to be requested to override the RSNXE Used subfield
in FT reassociation case for testing purposes with "SET ft_rsnxe_used
<0/1/2>" where 0 = no override, 1 = override to 1, and 2 = override to
0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Jouni Malinen
5344af7d22 FT: Discard ReassocReq with mismatching RSNXE Used value
Discard the FT Reassociation Request frame instead of rejecting it
(i.e., do not send Reassociation Response frame) if RSNXE Used is
indicated in FTE, but no RSNXE is included even though the AP is
advertising RSNXE.

While there is not really much of a difference between discarding and
rejecting the frame, this discarding behavior is what the standard says
for this type of an error case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Jouni Malinen
2012a26d0f tests: AP may discard FT ReassocReq in ap_ft_sae_h2e_downgrade_attack
This is in preparation for a hostapd implementation change on how to
address the unexpected RSNXE Used field value in FTE during FT
reassociation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-14 16:37:35 +03:00
Edayilliam Jayadev
af0178c75b Add vendor attributes indicating number of spectral detectors
Add per bandwidth capability attributes which indicate the number of
spectral detectors used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-07 23:05:26 +03:00