Commit graph

14322 commits

Author SHA1 Message Date
Johannes Berg
b644797429 common: Use for_each_element_id() in mb_ies_info_by_ies()
The change is bigger because here we need to catch the error
condition if the last element doesn't fit.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
9008048f0f common: Use for_each_element_id() in ieee802_11_vendor_ie_concat()
Simple cleanup using the new iteration helper macro.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
eb84238df6 common: Use for_each_element() in ieee802_11_ie_count()
Simple cleanup using the new macros.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Johannes Berg
0e0c31bdc5 common: Add strongly typed element iteration macros
Rather than always iterating elements from frames with pure
u8 pointers, add a type "struct element" that encapsulates
the id/datalen/data format of them.

Then, add the element iteration macros
 * for_each_element
 * for_each_element_id
 * for_each_element_extid

which take, as their first 'argument', such a structure and
iterate through a given u8 array interpreting it as elements.

While at it also add
 * for_each_subelement
 * for_each_subelement_id
 * for_each_subelement_extid

which instead of taking data/length just take an outer element
and use its data/datalen.

Also add for_each_element_completed() to determine if any of
the loops above completed, i.e., it was able to parse all of
the elements successfully and no data remained.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-11 13:37:22 +02:00
Masashi Honma
51c83edfca tests: Catch only specific exceptions
This allows unexpected cases to terminate parallel-vm.py without being
hidden by the exception handler.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-11 12:42:52 +02:00
Jouni Malinen
b623634262 tests: Document some of the test tools
This will hopefully make it easier for others to use these test tools.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
a4a9737d6b tests: Fix wnm-fuzzer by adding dummy configuration
Some of the WNM implementation expects configuration to be available
(e.g., ieee802_!1_rx_wnm_coloc_intf_req() dereferences wpa_s->conf), so
add a dummy configuration to allow the fuzzer tool to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
525923b1d7 tests: EAPOL-Key fuzzing tool
Add test-eapol program that can be used for fuzzing the EAPOL-Key
Supplicant and Authenticator implementations. This tool can write
Supplicant or Authenticator messages into a file as an initialization
step and for the fuzzing step, that file (with potential modifications)
can be used to replace the internally generated message contents.

The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the EAPOL-Key operations. This will
also make the implementation ignore Key MIC and AES keywrap errors to
allow processing of modified messages to continue further.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
02a0a23939 RSN: Do not start preauthentication timer without candidates
There is no need to schedule the postponed RSN preauthentication start
if there are no candidates. Avoid wasting eloop resources for this.

This is most useful for fuzz testing of the 4-way handshake
implementation to avoid getting stuck waiting for this unnecessary one
second time when using eloop to coordinate the Authenticator and
Supplicant state machines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
85611e967e eap_example: Update expired certificates
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
1e5506588d JSON: Fix string parsing when \\ escape is at the end of buffer
This would have resulted in reading one octet past the end of the buffer
before rejecting the string.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
0dedcb3154 JSON: Fix parsing of a number from the end of the buffer
Avoid reading one octet past the end of the buffer when parsing a number
that is at the very end of the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
79fa1b4530 tests: JSON parser fuzzer
test-json can be used for fuzz testing the JSON parser implementation in
src/utils/json.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
62269c8d8d TLS: Fix X.509 certificate name conversion into empty string
If none of the supported name attributes are present, the name string
was nul terminated only at the end. Add an explicit nul termination at
the end of the last written (or beginning of the buffer, if nothing is
written) to avoid writing uninitialized data to debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
3eae9766b7 TLS: Fix ASN.1 parsing with no room for the header
Explicitly check the remaining buffer length before trying to read the
ASN.1 header values. Attempt to parse an ASN.1 header when there was not
enough buffer room for it would have started by reading one or two
octets beyond the end of the buffer before reporting invalid data at the
following explicit check for buffer room.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
fbc2123a14 TLS: Fix AlertDescription for missing partial processing case
tlsv1_record_receive() did not return error here and as such, &alert was
not set and must not be used. Report internal error instead to avoid use
of uninitialized memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
1ac9c020b5 tests: TLS fuzzing tool
Add test-tls program that can be used for fuzzing the internal TLS
client and server implementations. This tool can write client or server
messages into a file as an initialization step and for the fuzzing step,
that file (with potential modifications) can be used to replace the
internally generated message contents.

The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the TLS operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
b49ec25979 tests: Add a simple HTTPS server for TLS testing
This makes it easier to use TLS testing tools against the internal TLS
implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:55:39 +02:00
Jouni Malinen
f3cca8b1ea TLS server: Check credentials have been configured before using them
Allow ServerHello to be built without local credential configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
19dd7a736e TLS server: Local failure information on verify_data mismatch
Mark connection state FAILED in this case even though TLS Alert is not
sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
f08ab18bf9 TLS server: Add internal callbacks get_failed, get_*_alerts
These can be used to implement cleaner termination of the handshake in
case of failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
b642ab4062 TLS server: More complete logging of ClientHello decode errors
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
fdd8a2f0b8 TLS client: Fix peer certificate event checking for probing
conn->cred might be NULL here, so check for that explicitly before
checking whether conn->cred->cert_probe is set. This fixes a potential
NULL pointer dereference when going through peer certificates with
event_cb functionality enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
e5bffe1aa9 OpenSSL: Add more handshake message names to debug
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Masashi Honma
45d3e2edbd tests: Explicitly flush stdin for python3
Without this flush(), test does not run.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-10 01:43:50 +02:00
Masashi Honma
3069be8fe3 tests: Encode VM input for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-10 01:43:50 +02:00
Masashi Honma
689a956049 tests: Decode VM output for python3
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-10 01:43:50 +02:00
Masashi Honma
0da6d93dbf tests: Change handling of reading non blocked empty stream for python3
The result of reading non blocked empty stream is different between
python2 and 3. The python2 sends "[Errno 11] Resource temporarily
unavailable" exception. The python3 could read "None" without
exception, so handle this "None" case as well.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-10 01:43:50 +02:00
Jouni Malinen
6447b87400 tests: EAP-TLS and TLS 1.3
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
21cd8f8319 nl80211: Use wpa_ssid_txt() for debug messages more consistently
Print the SSID with printf escaping instead of wpa_hexdump_ascii()
format to clean up the debug log a bit. This was already done for number
of SSID debug prints.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
bbdb501460 Note HT overrides in debug log only if set
This makes the debug log cleaner by removing the mostly confusing prints
about HT override parameters if they are not actually used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Purushottam Kushwaha
f2a6ac63ee P2P: Update find_start timer only when p2p_scan is started.
p2p->find_start timer was updated on each p2p_find call irrespective of
p2p_find being successful/failed/rejected. For cases where p2p_find was
in progress/pending, another call to p2p_find would be rejected but
p2p->find_start timer would still be updated.

p2p->find_start is maintained in wpa_supplicant to reject the kernel
scan entries before the p2p->find_start time. In above scenario, some of
the scan entries could be discarded even if the Probe Respons frame(s)
were received during the last scan/p2p_find.

This commit changes this to update the p2p->find_start timer only when
call to p2p_find is successful, i.e., a new scan is actually started.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-07 11:56:35 +02:00
Johannes Berg
3281c1590d tests: hwsim: macsec: correct configuration reference
You need CONFIG_DRIVER_MACSEC_LINUX, not CONFIG_MACSEC_LINUX,
so fix this in the messages.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-06 23:04:54 +02:00
Jouni Malinen
c4e90da6d0 MBO: Move the WNM-Notification subtype definitions to common location
Do not use a separate enum for MBO WNM-Notification Request frame
subtype values since these share the same number space with the Hotspot
2.0 ones.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-06 19:10:17 +02:00
Jouni Malinen
105b14f54b HS 2.0: Update the T&C Acceptance subtype value
The previously used value 2 was already assigned for another purpose
(MBO non-preferred channel report), so the newer T&C Acceptable
definition needs to be updated with a unique value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-06 19:10:17 +02:00
Johannes Berg
e5a410f472 tests: Make /etc/alternatives work in VM
In recent Debian versions, ebtables is an alias managed by
the alternatives(8) mechanism. This means /usr/sbin/ebtables
is a symlink to /etc/alternatives/ebtables, which in turn
links to the real binary.

As we mount a tmpfs over /etc, we cannot access this.

Fix this by bind-mounting the real /etc to /tmp/etc and
adding a symlink from /etc/alternatives to this.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-05 23:51:37 +02:00
Johannes Berg
4b1cc13914 tests: Add sigma_dut to .gitignore
Evidently this file must exist when running the sigma_dut
dependent tests, add it to .gitignore so it's not seen as
making the tree "unclean" when it is added manually.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-05 23:51:36 +02:00
Johannes Berg
00bd8157aa tests: Build hs20-osu-client
For tests, build the HS 2.0 OSU client (without browser to avoid
having webkit/curl dependencies).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-05 23:51:36 +02:00
Johannes Berg
65b487ae54 HS 2.0: Add QUIET=1 support for building hs20-osu-client
Add QUIET=1 support to its Makefile and add the created binary to a
.gitignore file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-05 23:51:36 +02:00
Johannes Berg
b513ed429d tests: Remove useless test list from run-tests.py help
There's no point in printing out a 3k+ long list, just remove it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-05 23:51:36 +02:00
Johannes Berg
3691db26f7 tests: Add test reconnecting on assoc failure
Add a test that drops the authentication frame, so that
hostapd thinks the station is unknown, and then sends one
by itself, so the station thinks it's associated. This
tests mostly the kernel's capability to recover from this
scenario.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-05 23:51:31 +02:00
Masashi Honma
73f285dad2 Add FT-PSK to GET_CAPABILITY key_mgmt
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2019-02-05 23:37:55 +02:00
Jouni Malinen
cdc23db2a6 tests: PEAP/GTC key lifetime in memory
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
6110753b18 nl80211: Clear PMKID add command message buffer
This command has now been extended to include PMK for offload needs, so
the message buffer needs to be cleared explicitly after use to avoid
leaving such material in heap memory unnecessarily.

Fixes: 061a3d3d53 ("nl80211: Add support for FILS Cache Identifier in add/remove_pmkid()")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
0fa33e05b4 nl80211: Clear connect command message buffer
This command can include keys (WEP or PSK for offload), so the message
buffer needs to be cleared explicitly after use to avoid leaving such
material in heap memory unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
b14e8ea1d2 nl80211: Request kernel to trim off payload of netlink requests from acks
We do not need such payload in the acknowledgment, so adding it uses
resources unnecessarily. Furthermore, the original request can include
key material (e.g., NL80211_ATTR_PMK). libnl does not explicitly clear
this received message buffer and it would be inconvenient for
wpa_supplicant/hostapd to try to clear it with the current libnl design
where a duplicated buffer is actually passed to the callback. This means
that keys might be left unnecessarily in heap memory. Avoid this by
requesting the kernel not to copy back the request payload.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
789b48bb48 EAP peer: Clear temporary message buffers before freeing
These buffers in TLS-based EAP methods might contain keys or password
(e.g., when using TTLS-PAP or PEAP-GTC), so clear them explicitly to
avoid leaving such material into heap memory unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
8f99a3c26a Clear config item writing buffer before freeing it
This buffer may be used to store items like passwords, so better clean
it explicitly to avoid possibility of leaving such items in heap memory
unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 20:26:22 +02:00
Jouni Malinen
43e3114c5f tests: Fix EAP-FAST protocol testing with python3
This was hit on Ubuntu 18.04 (newer python3 and OpenSSL library versions
compared to earlier tests).

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-05 15:50:45 +02:00
Johannes Berg
e339511007 tests: Optionally start telnet server inside VMs
If telnetd is installed and --telnet <port> is passed on the
vm-run.sh command line, start a telnet server (directly connected
to bash, no login) inside the VM(s) to be able to look into them
when something is wrong. Use a user network in qemu with a single
host forward from the specified port for this, listening only on
'localhost'.

Please note that this provides unauthenticated access to the guest
system from anything that can open a TCP connection on the host system.
The guess system does have access to reading all files on the host that
the user account running kvm has access to (and even write access if the
default ROTAG ,readonly parameter is cleared). In other words, this
option should not be used on any multiuser systems where kvm is run
under user accounts that are not dedicated for testing purposes (i.e.,
do not have access to any files that should not be readable to
everyone).

This needs CONFIG_VIRTIO_NET=y in the guest kernel.

For parallel-vm.py, the --telnet argument specifies the base port
and each VM index (0, 1, ...) is added to it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-02-05 14:26:36 +02:00