Commit graph

12399 commits

Author SHA1 Message Date
Jouni Malinen
58bd7dc341 tests: Scan and both Beacon and Probe Response frame IEs
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 20:07:52 +02:00
Jouni Malinen
19810d29bc Make Beacon IEs available in wpa_supplicant BSS command
This makes both the Probe Response and Beacon frame IEs available to
upper layers if scan results include both IE sets. When the BSS command
mask includes WPA_BSS_MASK_BEACON_IE, a new beacon_ie=<hexdump> entry
will be included in output if the BSS entry has two separate sets of IEs
(ie=<hexdump> showing the Probe Response frame contents and
beacon_ie=<hexdump> the Beacon rame contents).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 20:07:52 +02:00
Jouni Malinen
a00a3458ed tests: Make ap_track_sta_no_probe_resp more robust
Check whether the unexpected BSS entry is based on having received a
Beacon frame instead of Probe Response frame. While this test case is
using a huge beacon_int value, it is still possible for mac80211_hwsim
timing to work in a way that a Beacon frame is sent. That made this test
case fail in some rare cases. Fix this by ignoring the BSS entry if it
is based on Beacon frame instead of Probe Response frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 20:07:52 +02:00
Jouni Malinen
e3b38d6e04 tests: Mesh network on 5 GHz band and 20/40 coex change
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 20:07:52 +02:00
Jouni Malinen
274e76f22f mesh: Fix channel configuration in pri/sec switch case
If 20/40 MHz co-ex scan resulted in switching primary and secondary
channels, mesh setup failed to update the frequency parameters for
hostapd side configuration and that could result in invalid secondary
channel configuration preventing creating of the mesh network. This
could happen, e.g., when trying to set up mesh on 5 GHz channel 36 and
co-ex scan finding a BSS on channel 40. Switching the pri/sec channels
resulted in hostapd code trying to check whether channel 32 is
available. Fix this by swapping the channels for hostapd configuration
when needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 15:25:52 +02:00
Jouni Malinen
cebda0e3e5 Make debug print clearer for AP/mesh mode secondary channel issues
If the secondary channel was not found at all, no debug print was shown
to indicate that the channel was rejected due to that problem. Print a
clearer message indicating which channel was behind the reason to reject
channel configuration as unsuitable for AP mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 15:09:15 +02:00
Jouni Malinen
8344ba1229 tests: Remove pmk_r1_push parameter from ap_ft_local_key_gen
Local key generation for FT-PSK does not use the AP-to-AP protocol and
as such, setting pmk_r1_push=1 is a bit confusing here since it gets
ignored in practice. Remove it to keep the test case easier to
understand.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 13:57:39 +02:00
Jouni Malinen
3615bde6fe tests: Clear scan cache at the end of ap_wps_per_station_psk_failure
It was possible for ap_wps_per_station_psk_failure to leave behind scan
entries with active PBC mode if cfg80211 BSS table. This could result in
a following test case failing due PBC overlap. Fix this by clearing the
cfg80211 BSS table explicitly.

This was found with the following test case sequence:
ap_wps_per_station_psk_failure autogo_pbc

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 13:03:52 +02:00
Jouni Malinen
fb748ae858 tests: PMKSA cache control interface for external management
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-12 23:56:57 +02:00
Jouni Malinen
3459381dd2 External persistent storage for PMKSA cache entries
This adds new wpa_supplicant control interface commands PMKSA_GET and
PMKSA_ADD that can be used to store PMKSA cache entries in an external
persistent storage when terminating a wpa_supplicant process and then
restore those entries when starting a new process. The previously added
PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing
the external storage with the memory-only volatile storage within
wpa_supplicant.

"PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to
a specific network profile. The network_id of the current profile is
available with the STATUS command (id=<network_id). In addition, the
network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The
output of the PMKSA_GET command uses the following format:

<BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds>
<akmp> <opportunistic>

For example:

02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0
02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0

The PMKSA_GET command uses the following format:

<network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration
in seconds> <akmp> <opportunistic>

(i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET
output data; however, the reauth_time and expiration values need to be
updated by decrementing them by number of seconds between the PMKSA_GET
and PMKSA_ADD commands)

For example:

PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0
PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0

This functionality is disabled be default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be
noted that this allows any process that has access to the wpa_supplicant
control interface to use PMKSA_ADD command to fetch keying material
(PMK), so this is for environments in which the control interface access
is restricted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-12 23:47:04 +02:00
Jouni Malinen
f0df5afa08 tests: PMKSA cache control interface events
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-12 21:02:49 +02:00
Jouni Malinen
c579312736 Add PMKSA-CACHE-ADDED/REMOVED events to wpa_supplicant
These allow external program to monitor PMKSA cache updates in
preparation to enable external persistent storage of PMKSA cache.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-12 21:00:43 +02:00
Daisuke Niwa
655dc4a432 Send "TERMINATING" event from hostapd
hostapd didn't send "TERMINATING" event when stopped by
SIGTERM. Android handles this event to stop monitor thread.

This commit adds "TERMINATING" event same as with wpa_supplicant.

Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
2016-12-12 20:32:28 +02:00
Avichal Agarwal
5149a0f04c P2P: Set p2p_persistent_group=1 at the time of reading disabled=2
Configuration file network block with disabled=2 is used for storing
information about a persistent group, so p2p_persitent_group should be
updated according to this when creating a struct wpa_ssid instance. This
will end up using D-Bus persistent network object path for the network.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
2016-12-12 20:30:31 +02:00
Jouni Malinen
b49871ecc1 tests: Fix wpas_ap_acs after 5 GHz use
Work around the mac80211_hwsim limitation on channel survey by forcing
the last connection to be on 2.4 GHz band. Without this, wpas_ap_acs
would have failed to start the AP if the previous test case used the 5
GHz band.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-12 00:58:00 +02:00
vamsi krishna
065c029a55 Remove MBO dependency from Supported Operating Classes element
Supported Operating Classes element and its use is define in the IEEE
802.11 standard and can be sent even when MBO is disabled in the build.
As such, move this functionality out from the CONFIG_MBO=y only mbo.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 22:07:58 +02:00
Sunil Dutt
62cd9d7926 nl80211: Specify the BSSID in the QCA vendor scan
This allows the vendor scan to be optimized when a response is needed
only from a single, known BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:36:16 +02:00
Sunil Dutt
444930e5b6 Define an attribute to do a specific BSSID QCA vendor scan
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:36:13 +02:00
Sunil Dutt
cea761472a Add QCA vendor command definitions for IDs 61-73
This commit documents the QCA vendor commands 61-73 and the
corresponding definitions of the attributes. This set of commands were
previously reserved for QCA without documentation here.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:32:20 +02:00
Sunil Dutt
cb0cc6efa6 Define QCA Beacon miss threshold attributes for 2.4 and 5 GHz bands
These thresholds values indicate how many Beacon frames can be missed
before before disconnecting from the AP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:11:41 +02:00
Jouni Malinen
c313c8a5d8 Fix QCA vendor command values for SAR power limits
Commit c79238b6a4 ('Define a QCA vendor
command to configure SAR Power limits') had a mismatch between the enum
qca_vendor_attr_sar_limits_selections documentations and actual values.
The BDF SAR profiles are 0-based, so rename the enum values and reorder
the values keep the actual values more convenient. While this changes
values over the interface, this is justifiable since the new command was
introduced only recently and it had not been released in any driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:08:25 +02:00
Jouni Malinen
d283f7aeac tests: Increase timeout in wpas_mesh_password_mismatch
There has been number of failures from this test case due to the
MESH-SAE-AUTH-FAILURE event from dev[0] and dev[1] arriving couple of
seconds after the one second timeout after the dev[2] events. This does
not look like a real issue, so increase the timeout to five seconds to
make this less likely to show false failures during testing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 20:08:39 +02:00
Jouni Malinen
58a5c4ae77 tests: Verify wpa_state after INTERWORKING_SELECT
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 19:51:09 +02:00
Jouni Malinen
15aa804285 tests: Make scan_trigger_failure more informative
If wpa_state is left to SCANNING by a previously executed test case,
scan_trigger_failure will fail. Instead of waiting for that failure,
check for wpa_state at the beginning of the test case and report a more
helpful error message if the test case would fail due to a previously
executed test case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 18:41:04 +02:00
Jouni Malinen
a5c723adcf Interworking: Clear SCANNING state if no network selected
Commit 192ad3d730 ('Interworking: Clear
SCANNING state if no match found') did this for the case where no
network matched credentials, but left the SCANNING state in place if
there were a match, but automatic connection was not enabled. Extend
this to cover the case where INTERWORKING_SELECT is not followed by a
connection attempt so that wpa_state is not left indefinitely to
SCANNING.

This fixes a hwsim test case failure in the following sequence:
ap_anqp_sharing scan_trigger_failure

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 18:39:12 +02:00
Jouni Malinen
a1836de64b SME: Fix IBSS setup after shared key/FT/FILS association
wpa_s->sme.auth_alg could have been left to a previously value other
than WPA_AUTH_ALG_OPEN if IBSS network is used after an association that
used shared key, FT, or FILS authentication algorithm. This could result
in the IBSS setup failing due to incorrect authentication processing
steps.

Fix this by setting wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN whenever
starting an IBSS (or mesh, for that matter) network.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 18:23:13 +02:00
Amit Purwar
f49c852b5e P2P: Fix a theoretical out of bounds read in wpas_p2p_select_go_freq()
Commit 8e84921efe ('P2P: Support driver
preferred freq list for Autonomous GO case') introduced this loop to go
through preferred channel list from the driver. The loop does bounds
checking of the index only after having read a value from the array.
That could in theory read one entry beyond the end of the stack buffer.

Fix this by moving the index variable check to be done before using it
to fetch a value from the array.

This code is used only if wpa_supplicant is build with
CONFIG_DRIVER_NL80211_QCA=y and if the driver supports the vendor
extension (get_pref_freq_list() driver op). In addition, the driver
would need to return more than P2P_MAX_PREF_CHANNELS (= 100) preferred
channels for this to actually be able to read beyond the buffer. No
driver is known to return that many preferred channels, so this does not
seem to be reachable in practice.

Signed-off-by: Amit Purwar <amit.purwar@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2016-12-11 12:45:08 +02:00
Amit Purwar
944d485889 P2P: Fix a theoretical out of bounds read in wpas_p2p_setup_freqs()
Commit 370017d968 ('P2P: Use preferred
frequency list from the local driver') introduced this loop to go
through preferred channel list from the driver. The loop does bounds
checking of the index only after having read a value from the array.
That could in theory read one entry beyond the end of the stack buffer.

Fix this by moving the index variable check to be done before using it
to fetch a value from the array.

This code is used only if wpa_supplicant is build with
CONFIG_DRIVER_NL80211_QCA=y and if the driver supports the vendor
extension (get_pref_freq_list() driver op). In addition, the driver
would need to return more than P2P_MAX_PREF_CHANNELS (= 100) preferred
channels for this to actually be able to read beyond the buffer. No
driver is known to return that many preferred channels, so this does not
seem to be reachable in practice.

Signed-off-by: Amit Purwar <amit.purwar@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2016-12-11 12:45:08 +02:00
Johannes Berg
c7c4600260 tests: Add kernel BSS leak tests
Add two tests that check if the kernel BSS leak (when we get a deauth or
otherwise abandon an association attempt) is present in the kernel. This
is for a long-standing cfg80211/mac80211 issue that got fixed with the
kernel commit 'cfg80211/mac80211: fix BSS leaks when abandoning assoc
attempts'.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-12-11 12:45:08 +02:00
Jouni Malinen
52358b08f5 tests: P2P device discovery and peer changing device name
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 12:45:08 +02:00
Mayank Haarit
0a6c9dc700 P2P: Send P2P-DEVICE-FOUND event on peer changing device name
This is to handle the case when peer changes device name and same needs
to be updated to upper layers by P2P-DEVICE-FOUND event. It is similar
to the case when a peer changes wfd_subelems and P2P-DEVICE-FOUND event
goes to upper layers.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
2016-12-11 12:45:08 +02:00
Jouni Malinen
71676559ca tests: Peer disabling Wi-Fi Display advertisement
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 12:45:08 +02:00
Mayank Haarit
9a431d4932 WFD: Clear wfd_subelems when P2P peer stops sending them
When a peer device stops sending wfd_subelems, wpa_supplicant should
remove dev->info.wfd_subelems from peer's properties. Previously,
wpa_supplicant left the previously learned dev->info.wfd_subelems in
place whenever the new message did not include wfd_subelems.

In addition to fixing the clearing of the old wfd_subelems, this
resolves another issue. As "wfd_changed" variable becomes true even when
peer stops sending wfd_subelems and dev->info.wfd_subelems has an old
value, a new P2P-DEVICE-FOUND event notification was sent again and
again to upper layers whenever a new discovery response was received
from the peer that previously advertised WFD subelements.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2016-12-11 12:45:08 +02:00
Jouni Malinen
0ef0921a1b tests: Ongoing scan and FLUSH
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 12:45:08 +02:00
Jouni Malinen
6e374bd44d Ignore scan results from ongoing scan when FLUSH command is issued
This makes wpa_supplicant behavior more consistent with FLUSH command to
clear all state. Previously, it was possible for an ongoing scan to be
aborted when the FLUSH command is issued and the scan results from that
aborted scan would still be processed and that would update the BSS
table which was supposed to cleared by the FLUSH command.

This could result in hwsim test case failures due to unexpected BSS
table entries being present after the FLUSH command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 12:45:08 +02:00
Jouni Malinen
79124c7ba1 tests: Scan and only_new=1 multiple times
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-10 17:04:08 +02:00
Jouni Malinen
71ac934530 Make update_idx available in BSS control interface command
This can be used to perform more accurate tests on BSS entry updates.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-10 17:03:24 +02:00
Jouni Malinen
a1a60635a8 tests: Make p2ps_wildcard_p2ps more robust
The final check in this test case was issuing a new P2P_FIND command
immediately after the P2P_SERVICE_DEL command on the peer. It looked
like it was possible for the scan timing to go in a sequence that made
the new P2P_FIND operation eventually accept a cfg80211 BSS entry from
the very end of the previous P2P_FIND. This resulted in unexpected
P2P-DEVICE-FOUND event even though there was no new Probe Response frame
from the peer at that point in time.

Make this less likely to show unrelated failures by waiting a bit before
starting a new P2P_FIND operation after having changes peer
configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-10 00:33:33 +02:00
Jouni Malinen
49aa88bb5e P2P: Clear PEER_WAITING_RESPONSE on GO Negotiation success
Previously, this flag was cleared only in case of failed GO Negotiation.
That could leave the flag set for a peer and if a new group formation
was performed with the same peer before the entry expired, there was
increased risk of getting stuck in a state where neither peer replied to
a GO Negotiation Request frame if a GO Negotiation Response frame with
Status 1 was dropped.

The error sequence could happen in the go_neg_with_bss_connected test
case when timing was suitable to make the second GO negotiation drop a
pending TX Action frame if the GO Negotiation Response with Status 1 was
scheduled for transmission during a P2P scan and P2P_CONNECT was issued
before that scan got aborted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-10 00:16:33 +02:00
Jeff Johnson
c79238b6a4 Define a QCA vendor command to configure SAR Power limits
There is a regulatory requirement for Specific Absorption Rate (SAR)
whereby the device transmit power is reduced when it is determined that
the device is in close proximity to the body. Implement a vendor command
interface to allow a userspace entity to dynamically control the SAR
power limits.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-08 18:56:02 +02:00
Jouni Malinen
0f5eb69f85 Use eloop timeout for post-EAP-Failure wait before disconnection
Previously, os_sleep() was used to block the hostapd (or wpa_supplicant
AP/P2P GO mode) processing between sending out EAP-Failure and
disconnecting the STA. This is not ideal for couple of reasons: it
blocks all other parallel operations in the process and it leaves a
window during which the station might deauthenticate and the AP would
have no option for reacting to that before forcing out its own
Deauthentication frame which could go out after the STA has already
started new connection attempt.

Improve this design by scheduling an eloop timeout of 10 ms instead of
the os_sleep() call and perform the delayed operations from the eloop
callback function. This eloop timeout is cancelled if the STA
disconnects or initiates a new connection attempt before the 10 ms time
is reached. This gets rid of the confusing extra Deauthentication frame
in cases where the STA reacts to EAP-Failure by an immediate
deauthentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-08 18:56:02 +02:00
Jouni Malinen
29bf636e12 tests: WEP to WPA2-PSK configuration change in hostapd
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-05 21:30:17 +02:00
Jouni Malinen
20b1a9e238 Allow hostapd wep_key# parameters to be cleared
Setting wep_key# to an empty string will now clear a previously
configured key. This is needed to be able to change WEP configured AP to
using WPA/WPA2 through the hostapd control interface SET commands.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-05 21:28:50 +02:00
Jouni Malinen
609be6f7c0 tests: P2P group formation with VHT 80 MHz
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-05 21:14:55 +02:00
Jouni Malinen
813ebc51bd tests: Check data connectivity after supplicant triggered EAP reauth
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-05 21:01:43 +02:00
Jouni Malinen
5ec3d510e1 wpa_passphrase: Reject invalid passphrase
Reject a passphrase with control characters instead of trying to write
out an example network configuration block with such control characters
included.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-05 15:36:56 +02:00
Jouni Malinen
d1ea80361b tests: AP with open mode and external association
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-05 12:16:12 +02:00
Ningyuan Wang
ed0a4ddc22 nl80211: Update drv->ssid on connect/associate event based on BSS data
On a connect nl80211 event, wpa_supplicant uses
wpa_driver_nl80211_get_ssid() to fetch the current associated SSID to
compare to existing configurations. However,
wpa_driver_nl80211_get_ssid() uses drv->ssid, which is a cached value.
It is set when we explicitly initial a connect request using
wpa_supplicant. If the association was initiated outside of
wpa_supplicant, we need another way to populate drv->ssid. This commit
sets drv->ssid based on cfg80211 BSS information on connect/associate
nl80211 events.

Signed-off-by: Ningyuan Wang <nywang@google.com>
2016-12-05 12:08:46 +02:00
Jouni Malinen
9f346fadc8 nl80211: Fix scan_state update in no pending scan state
Commit adcd7c4b0b ('nl80211: Support
vendor scan together with normal scan') made the drv->scan_state updates
for NL80211_CMD_NEW_SCAN_RESULTS and NL80211_CMD_SCAN_ABORTED
conditional on drv->last_scan_cmd being NL80211_CMD_TRIGGER_SCAN. This
missed the part about the possibility of last_scan_cmd == 0 and an
externally started cfg80211 scan is ending. This could leave
drv->scan_state into SCAN_STARTED state even after the scan was
completed. Consequently, hwsim test cases could get stuck in reset()
handler waiting for scan to terminate.

Fix this by updating drv->scan_state also in drv->last_scan_cmd == 0
case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-05 11:48:26 +02:00
Michael Braun
80fe420ab2 tests: Verify multicast_to_unicast operation
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-12-04 21:42:46 +02:00