Commit graph

16530 commits

Author SHA1 Message Date
Jouni Malinen
d049aeb0c6 tests: DPP with hostapd as configurator requiring fragmentation
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-06 23:37:17 +03:00
Disha Das
5c6c0d569a DPP: Fix GAS fragmentation for DPP Config Response from hostapd
The Query Response Length field was missing from GAS Initial Response
and GAS Comeback Response frames in the DPP specific code path from
hostaps GAS server. This resulted in invalid frames being used when the
DPP Config Response needed fragmentation. Fix this by adding the Query
Response Length fields into these frames.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 23:34:41 +03:00
Jouni Malinen
de250a1984 tests: WPA2-PSK AP with PMF association comeback (WPS)
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-06 22:46:26 +03:00
Disha Das
a7f55f7f68 WPS: Enable SA Query checks for WPS AP
Initiate SA Query for a WPS+MFP AP. STA flag checks for MFP added for
Association Request frames that use WPS IE without RSNE. This is needed
to avoid giving an opportunity to skip the protection against
disconnections when WPS is enabled.

Signed-off-by: Disha Das <dishad@codeaurora.org>
2020-10-06 22:44:43 +03:00
Jouni Malinen
ce637df76c tests: P2P autonomous GO and interface being removed
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-01 15:48:05 +03:00
Jouni Malinen
43ef227e90 P2P: Make use wpas_p2p_reconsider_moving_go timeout gets canceled
The per-interface P2P data freeing function did not cover this eloop
timeout that could potentially have been registered. Explicitly cancel
this timeout to make sure no references to freed memory can remain in
such a case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-01 15:48:05 +03:00
Veerendranath Jakkam
57536a5678 P2P: Fix P2P interface remuval through wpa_supplicant_remove_iface()
wpa_supplicant_remove_iface() removes the P2P management interface from
the global interfaces list before calling wpa_supplicant_deinit_iface().
When wpas_p2p_group_remove() is called from
wpa_supplicant_deinit_iface(), the P2P group created on the calling
wpa_s was not getting cleared as the calling wpa_s is not in the list of
global->ifaces. This results in the P2P management interface being
removed without disconnecting the p2p_group created on it. This could
result in an illegal access of freed memory, e.g., when a pending eloop
task wpas_p2p_reconsider_moving_go() was triggered with the leftover ctx
pointer to the removed P2P interface instance.

Fix this by disconnecting the P2P group created on interface to be
deinitialized before deinitializing the interface.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-10-01 15:48:05 +03:00
Sreeramya Soratkal
760d10cdea P2P: Include channels 149 to 161 for operating classes 128 and 130
With the configuration defined in the global_op_class array, the
channels starting from 149 in the operating classes 128 and 130 were not
considered for P2P channel setup due to the non-continuous
incrementation of channel indexes. The other channels in these operating
classes were considered. Handle the channels from 149 to 161 in the
operating classes 128 and 130 for P2P channel setup by handling this
jump in the channel number incrementation.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-10-01 15:47:56 +03:00
Jouni Malinen
ac882374a5 SAE: Fix error path handling for SSWU
crypto_bignum_init_set() might fail in case of memory allocation
failures. These two cases within sswu() did not handle that properly,
i.e., a memory allocation failure could have resulted in dereferencing a
NULL pointer. Check the return value before proceeding to fix this.

Fixes: aeb022f8e5 ("SAE: Implement hash-to-element PT/PWE crypto routines")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-10-01 09:35:58 +03:00
Jouni Malinen
e8a1e6a4a1 P2P: Fix a typo in a comment
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-30 10:14:33 +03:00
Sunil Dutt
fa63284af5 Add additional roam triggers to qca_vendor_roam_triggers
Introduce QCA_ATTR_ROAM_CONTROL_SCAN_SCHEME_TRIGGERS that represents the
triggers for which the scan scheme from enum qca_roam_scan_scheme has to
be applied.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-30 09:47:11 +03:00
Jouni Malinen
0482414743 wlantest: Fix EAPOL-Key Key Data padding removal
The case where a single 0xdd octet without any 0x00 octets is used as
padding was addressed incorrectly and that ended up truncating one octet
of the actual plaintext version of the Key Data value. Fix this by
removing the unnecessary change to the p pointer before calculating the
new length since p is already pointing to one past the last octet of the
full plaintext.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-30 00:19:53 +03:00
Rajasekaran Kalidoss
13feeaa104 Add a new status code to represent an already suspended TWT session
The firmware sends a new status code to indicate an already suspended
TWT session. Update the status code enum to represent this state.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-23 23:14:53 +03:00
Veerendranath Jakkam
8175c2654b Add test configuration attr to start/stop transmitting FD frames
Define QCA vendor attribute
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_FILS_DISCOVERY_FRAMES_TX to
dynamically start/stop transmitting FILS discovery frames.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-23 23:12:58 +03:00
Jouni Malinen
440a5e235b tests: DPP PFS fallback with SAE enabled
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-23 23:09:32 +03:00
Jouni Malinen
90e478aa0a DPP2: Use the PFS fallback if multiple key_mgmt values are enabled
Previously this fallback from PFS enabled to disabled (and back to
enabled) was used only if the local network profile used key_mgmt=DPP,
i.e., did not enable another other AKM. That leaves out some valid cases
since the local network profile could actually enable both DPP and SAE.
Extend this check to accept cases DPP AKM is enabled and it was selected
for the connection even if there other enabled AKMs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-23 23:06:55 +03:00
Jouni Malinen
cab139ebc2 Fix a typo in a comment
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-22 23:31:20 +03:00
Karthikeyan Kathirvel
7e20502f7a hostapd: Resolved compiler uninitialized warning
Resolved the below warning
../src/ap/ieee802_11.c:4535:25: warning: 'reply_res' may be used
uninitialized in this function [-Wmaybe-uninitialized]
  if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
		                           ^
Since reply_res is been assigned inside an if condition and so
compiler treats reply_res as uninitalized variable

Initialize reply_res with WLAN_STATUS_UNSPECIFIED_FAILURE.

Fixes: 5344af7d22 ("FT: Discard ReassocReq with mismatching RSNXE Used value")
Signed-off-by: Karthikeyan Kathirvel <kathirve@codeaurora.org>
2020-09-22 23:29:18 +03:00
Rohan
e3ba0c4cd2 Do not start SA Query procedure without keys
The AP mode condition for initiating the SA Query procedure when
receiving a new (Re)Association Request frame used only association
state and MFP negotiation result without checking that the key exchange
has been completed. This can give rise to a corner case where the SA
Query procedure may get started after open association but before the
4-way handshake has been completed, resulting in open SA query frames
over the air.

Fix this by adding station authorized check in hostapd_notif_assoc() and
check_assoc_ies().

Signed-off-by: Rohan <drohan@codeaurora.org>
2020-09-22 23:11:30 +03:00
Kiran Kumar Lokere
a92660a00e Work around Supported Operating Classes element issues for 6 GHz
IEEE Std 802.11 specifies that the Operating Classes field terminates
immediately before the OneHundredAndThirty Delimiter (i.e., an octet
with value 130). Move the operating class value 130 last in the global
op_class array so that it gets added as the last entry into the
Supported Operating Clases element and the 6 GHz operating class is
parsed in that element by implementation that stop at the assumed
OneHundredAndThirty Delimiter.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-22 23:05:13 +03:00
Sunil Dutt
fd4a58ccdc Additional attributes to QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_CONTROL
Add additional attributes to enum qca_vendor_attr_roam_control to
control the roam behavior through QCA_NL80211_VENDOR_SUBCMD_ROAM and
QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_CONTROL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-22 22:53:26 +03:00
Hu Wang
8a6a2894d1 Add new QCA vendor attributes to get thermal level
Add new QCA vendor attributes to get thermal level from the driver. The
driver may return thermal level when userpace requests, or send a
thermal event when thermal level changes.

Signed-off-by: Hu Wang <huw@codeaurora.org>
2020-09-18 20:40:57 +03:00
Jouni Malinen
db599dbe99 tests: SAE-PK with invalid password on AP
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-11 15:53:56 +03:00
Shaakir Mohamed
41f8189057 SAE-PK: Add support to skip sae_pk password check for testing purposes
Add support to skip sae_pk password check under compile flag
CONFIG_TESTING_OPTIONS which allows AP to be configured with
sae_pk enabled but a password that is invalid for sae_pk.

Signed-off-by: Shaakir Mohamed <smohamed@codeaurora.org>
2020-09-11 15:45:42 +03:00
Veerendranath Jakkam
a71b100c3b OCV: Allow connecting MFP incapable OCV STA when OCV is disabled in AP
Skip check to mandate MFP capability for OCV enabled STA when OCV is
disabled in AP. This is to improve interoperability with STAs in which
OCV capability is advertised incorrectly without advertising MFP when
OCV is disabled in AP.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-11 15:26:31 +03:00
Veerendranath Jakkam
5ecb45a41c OCV: Use more granular error codes for OCI validation failures
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-11 15:23:28 +03:00
Jouni Malinen
10c3e58b27 DPP2: Include E-nonce in reconfig ke derivation
This was changed in the protocol design to include nonce from both
devices, so update implementation to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-09 23:33:58 +03:00
Jouni Malinen
4ae5e459dd DPP2: Move E-nonce to be outside wrapped data in Reconfig Auth Resp
This was changed in the protocol design to allow ke derivation to use
E-nonce, so update implementation to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-09 23:33:47 +03:00
Jouni Malinen
0ebf5aa346 DPP2: Replace I/R-nonce with C/E-nonce in reconfiguration
These nonces were renamed/replaced in the protocol design, so update
implementation to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-09 23:24:00 +03:00
Srinivas Pitla
99f8506d30 Add QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS
This change adds QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS,
and enum for qca_wlan_vendor_attr_mbssid_tx_vdev_status to notify
Tx VDEV status.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-08 19:48:49 +03:00
Veerendranath Jakkam
93a73ce028 MSCS: Fix issues due to incorrect usage of wpa_hexdump_buf()
Previously wpabuf_head() of the buffer is passed to wpa_hexdump_buf()
instead of the wpabuf struct itself and it was causing wpa_supplicant to
crash. Fix this by using the correct pointer in the debug prints.

Fixes: a118047245 ("MSCS: Add support to send MSCS Request frames")
Fixes: c504ff5398 ("MSCS: Add support to populate MSCS Descriptor IE in (Re)AssocReq")
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-09-08 19:38:35 +03:00
Jouni Malinen
0f84a56219 tests: More explicit TLS version enabling in version tests
This is needed to allow the test cases to work on systems using
secpolicy=2 default (e.g., Ubuntu 20.04).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-08 19:32:36 +03:00
Jouni Malinen
9afb68b039 OpenSSL: Allow systemwide secpolicy overrides for TLS version
Explicit configuration to enable TLS v1.0 and/or v1.1 did not work with
systemwide OpenSSL secpolicy=2 cases (e.g., Ubuntu 20.04). Allow such
systemwide configuration to be overridden if the older TLS versions have
been explicitly enabled in the network profile. The default behavior
follows the systemwide policy, but this allows compatibility with old
authentication servers without having to touch the systemwide policy.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-08 19:32:28 +03:00
Hu Wang
c85206ba40 QCA vendor attributes for setting ANI level
Define QCA vendor attribute in SET(GET)_WIFI_CONFIGURATION to
dynamically configure ANI level.

Signed-off-by: Hu Wang <huw@codeaurora.org>
2020-08-31 17:01:20 +03:00
Chaoli Zhou
d335ca9536 Update QCA vendor interface for GPIO configuration
Add a new vendor attribute for GPIO configuration. In addition, document
the previously defined attributes.

Signed-off-by: Chaoli Zhou <zchaoli@codeaurora.org>
2020-08-31 16:39:05 +03:00
Jouni Malinen
255e29fcae tests: DPP Controller in hostapd
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-25 16:11:43 +03:00
Jouni Malinen
7ddb71224b DPP2: Support QR mutual auth scan-during-auth-exchange (hostapd)
Extend DPP authentication session search for the DPP_QR_CODE command to
cover the ongoing exchanges in Controller/Responder. This was previously
done for wpa_supplicant, but not for hostapd, so complete this support
on the hostapd side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-25 16:11:43 +03:00
Jouni Malinen
c043b1e000 DPP: Remove unnecessary dpp_global_config parameters
These were not really used anymore since the AP/Relay case did not set
msg_ctx or process_conf_obj in the global DPP context. Get the
appropriate pointers more directly from the more specific data
structures instead and remove these global values.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-25 16:02:29 +03:00
Jouni Malinen
4ecb6dd16b DPP2: Controller support in hostapd
Extend hostapd support for DPP Controller to cover the DPP_CONTROLLER_*
cases that were previously implemented only in wpa_supplicant. This
allows hostapd/AP to be provisioned using DPP over TCP.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-25 15:53:08 +03:00
Chaithanya Garrepalli
cd17f6877c Add QCA vendor event for firmware statistics
Firmware statistics are received in the driver as opaque data. The host
target needs to send this opaque data to userspace wifistats
application. This new event is used to transfer this opaque data to the
application.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-25 12:13:12 +03:00
Jouni Malinen
ba3081f1dc dpp-nfc: Start listen operation more completely for NFC Tag write cases
Share the same setup steps from the negotiated connection handover to
fix issues with NFC Tag write cases in AP mode. This addresses issues in
the AP mode DPP listen operation not actually receiving anything when
the write-a-tag code path was used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-08-24 23:41:13 +03:00
Jouni Malinen
e4adbacafd GAS: Fix memory leak on some DPP error paths
One of the code paths left behind a response buffer. Free this properly
on this missed code path as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-08-22 23:47:44 +03:00
Jouni Malinen
29ff74aef0 tests: Additional coverage for OWE PMKSA caching
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-08-22 14:03:30 +03:00
Jouni Malinen
8aa91282a1 Fix EAPOL-Key msg 1/4 processing in a corner case
If reassoc_same_bss_optim=1 is used to optimize reassociation back to
the same BSS, it was possible for sm->pmk_len to be 0 due to a
disconnection event getting processed after sending out the
reassociation request. This resulted in wpa_sm_rx_eapol() calling
wpa_mic_len() with incorrect PMK length when PMKSA caching was being
attempted. That resulted in incorrect mic_len getting determined and not
finding the correct Key Data Length field value. This could result in
failing to complete 4-way handshake successfully.

Fix this by updating the current PMK length based on the selected PMKSA
cache entry if sm->pmk_len is not set when processing EAPOL-Key msg 1/4.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-08-22 14:00:34 +03:00
Chittur Subramanian Raman
96e63008fb OWE: Do not add DH Params element in AssocResp with PMKSA caching
As per RFC 8110 (Opportunistic Wireless Encryption), if the AP has the
PMK identified by the PMKID and wishes to perform PMK caching, it will
include the PMKID in the Association Response frame RSNE but does not
include the Diffie-Hellman Parameter element.

This was already addressed for most cases with owe_process_assoc_req()
not setting sta->owe_ecdh in case PMKSA caching is used. However, it was
possible to an old STA entry to maintain the initial sta->owe_ecdh value
if reassociation back to the same AP was used to initiate the PMKSA
caching attempt. Cover that case by adding an explicit check for the
time when the Association Response frame is being generated.

Signed-off-by: Chittur Subramanian Raman <craman@maxlinear.com>
2020-08-22 13:33:10 +03:00
Yegor Yefremov
27ac632ae3 gitignore: Ignore ctags tags file
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
2020-08-22 13:02:23 +03:00
Jouni Malinen
9bc8811538 DPP2: Fix build without IEEE8021X_EAPOL
The local network profile parameters for EAP are not available without
IEEE8021X_EAPOL, so do not try to set these in builds that do not
include any EAP support.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-08-22 12:49:05 +03:00
Brian Norris
22c06de911 wlantest: Avoid heap-overflow on unexpected data
We're doing a sort of bounds check, based on the previous loop, but only
after we've already tried to read off the end.

This squashes some ASAN errors I'm seeing when running the ap_ft hwsim
test module.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-08-22 12:45:09 +03:00
Jouni Malinen
2caff11d7a LibreSSL: Fix build with LibreSSL versions older than 2.9.1
SSL_add0_chain_cert() was not available in LibreSSL before version
2.9.1.

Fixes: 4b834df5e0 ("OpenSSL: Support PEM encoded chain from client_cert blob")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-08-22 11:32:01 +03:00
Jouni Malinen
5dedbd582a tests: Fix wnm fuzzer build regression
Addition of MSCS support broke the test tool build due to references to
a functions from a new file. Fix this by bringing in that file to the
fuzzer build as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-08-22 11:12:17 +03:00