Commit graph

6861 commits

Author SHA1 Message Date
Jouni Malinen
bb52293e71 OpenSSL: Detect and prevent TLS heartbeat attack
Some OpenSSL versions have vulnerability in TLS heartbeat request
processing. Check the processed message to determine if the attack has
been used and if so, do not send the response to the peer. This does not
prevent the buffer read overflow within OpenSSL, but this prevents the
attacker from receiving the information.

This change is an additional layer of protection if some yet to be
identified paths were to expose this OpenSSL vulnerability. However, the
way OpenSSL is used for EAP-TLS/TTLS/PEAP/FAST in hostapd/wpa_supplicant
was already rejecting the messages before the response goes out and as
such, this additional change is unlikely to be needed to avoid the
issue.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-09 14:58:48 +03:00
Jouni Malinen
d8e0013e41 tests: WNM BSS TM Req with neighbor report subelements
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:35:01 +03:00
Jouni Malinen
897a5ccee8 WNM: Remove unnecessary present flag
The structures are all allocated, so the pointer can be compared to NULL
to determine whether the subelement was present.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:34:17 +03:00
Jouni Malinen
f6ce70dc0d WNM: Fix neighbor report subelement formats
Number of of subelements were using incorrect format definition.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:32:28 +03:00
Jouni Malinen
e9cb7b9275 WNM: Fix neighbor report subelement parser to not leak memory
If a subelement is unexpectedly included multiple times, the parser must
not re-allocate memory for the entry without first freeing the old
allocation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:20:24 +03:00
Jouni Malinen
1aa6f953bb WNM: Fix neighbor report subelement parser
Only the Neighbor Report element should be included here, so verify that
the element id matches. In addition, verify that each subelement has
valid length before using the data.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:01:55 +03:00
Jouni Malinen
5583b8d1eb Document and rename HT Capability/Operation fields
This makes the definitions match the terminology used in IEEE Std
802.11-2012 and makes it easier to understand how the HT Operation
element subfields are used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:45:11 +03:00
Jouni Malinen
c674eb0dc3 tests: Remove [PSMP] parameter
This is not used anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:05:02 +03:00
Jouni Malinen
1dde5b5cdd Remove PSMP option from ht_capab
This was used to fill in the "PSMP support" subfield that was defined
during P802.11n development. However, this subfield was marked reserved
in the published IEEE Std 802.11n-2009 and it is not supported by
current drivers that use hostapd for SME either. As such, there is not
much point in maintaining this field as ht_capab parameter within
hostapd either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:02:14 +03:00
Amarnath Hullur Subramanyam
4a16a0bd55 nl80211: Add QCA vendor subcmd for NAN
QCA vendor extension is used for NAN functionality. This defines the
subcommand and attribute to address this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 17:13:08 +03:00
Jouni Malinen
f8b10c1770 Fix CONFIG_AP=y build without CONFIG_P2P=y
Commit ca9bc5b566 used P2P functionality
from ap.c without proper ifdef CONFIG_P2P.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:58 +03:00
Jouni Malinen
f05cee9714 P2P: Clear p2p_in_invitation on cancel
Commit 41d5ce9e0b added scan optimizations
for P2P invitation cases. However, it left a path where the invitation
state was not cleared and as such, introduced potential issues for
following scans that ended up getting incorrectly optimized for a single
channel regardless of parameters. Fix this by clearing p2p_in_invitation
more carefully, especially on p2p_cancel command.

p2p_cancel is now also run from the FLUSH command to avoid issues with
hwsim test cases (e.g., persistent_group_per_sta_psk followed by
ap_open_tdls resulted in an error due to p2p_in_invitation remaining set
after FLUSH).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:58 +03:00
Jouni Malinen
2de01c9d82 tests: BSS Transition Management Request protocol tests
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 13:40:58 +03:00
Jouni Malinen
ec331d09a2 WNM: Fix deinit path to clean neighbor report count
wnm_deallocate_memory() left wnm_num_neighbor_report set while freeing
the allocated buffer of neighbor reports. If this function was called
twice in a row without having went through new neighbor report parsing,
invalid pointers could have been freed resulted in segfault.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:45 +03:00
Jouni Malinen
f44c45ac7f tests: Verify STATUS-WPS passphrase on GO
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
679f2e7c5f WPS NFC: Remove NFC_RX_HANDOVER_SEL
The newer NFC_REPORT_HANDOVER command is more general version that
handles the cases where NFC_RX_HANDOVER_SEL could potentially have been
used. In addition, with the new WPS NFC design, it is important to
receive the handover request message that was used in the handover in
addition to the select message, so the NFC_RX_HANDOVER_SEL command on
its own would not be sufficient for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
df58939cec tests: WPS_CHECK_PIN with invalid PIN length
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
861671b6ca tests: Use random WPS PIN
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
acd9b45a2c tests: Verify random WPS PIN generation
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
ab18b03bb7 tests: GO selecting specific peer to join using PBC
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
4ea378cde4 tests: wpa_supplicant GET_CAPABILITY
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
07407c0a43 tests: SET uapsd
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
fa9e07ec6a tests: SET pno freq parameter
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
4993179dc9 tests: SET blob
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
14692fa4a2 tests: disallow_aps
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
9f52e97d20 tests: wpa_supplicant bssid_filter
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:02 +03:00
Jouni Malinen
a408873ce9 tests: ctrl_iface LEVEL command
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:55:38 +03:00
Jouni Malinen
daad14ccd4 tests: WPS operations on channel 14 and on 5 GHz band
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 13:49:05 +03:00
Jouni Malinen
fb8d53e0bb tests: WPS parameter update using SET
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 13:40:40 +03:00
Jouni Malinen
9602b355f8 tests: WPS fragmentation when using PIN and WPS_REG
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 13:18:55 +03:00
Jouni Malinen
91f3cf6996 tests: Add option for running test cases that take a long time
run-tests.py now takes an optional --long parameter that can be used to
enable running of test cases that take a long time (multiple minutes).
By default, such test cases are skipped to avoid making the normal test
run take excessive amounts of time.

As an initial long test case, verify WPS PBC walk time expiration (two
minutes).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 13:11:32 +03:00
Jouni Malinen
0afb797e9b tests: WPS-M2D or WPS-FAIL while trying to join a group
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:58:35 +03:00
Jouni Malinen
dc39004318 WPS: Remove unused WEP related functionality
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
f19d87f1ee tests: WPS cred event for external use
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
b90188335a tests: WPS operation with other networks already configured
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
52a0242b4e tests: Increase Wi-Fi Display testing coverage
Add more subelements, WSD, and disabling of Wi-Fi Display.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
0403fa0a93 tests: Increas EAP-pwd fragmentation coverage
Verify fragmentation of additional message types.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 00:52:13 +03:00
Jouni Malinen
9437c2d0ea EAP-pwd peer: Fix fragmentation of PWD-Confirm-Resp
This is somewhat of a corner case since there is no real point in using
so short a fragmentation threshold that it would result in this message
getting fragmented. Anyway, it is better be complete and support this
case as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 00:51:00 +03:00
Jouni Malinen
48f668eecf EAP-pwd: Fix memory leak on error path with fragmentation
If fragmentation is used, the temporary inbuf/outbuf could have been
leaked in error cases (e.g., reaching maximum number of roundtrips).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 00:34:30 +03:00
Jouni Malinen
4fc412ae76 tests: WPA2-PSK AP with PMF association comeback (using DROP_SA)
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 00:05:06 +03:00
Jouni Malinen
9ff4de6de4 Move DROP_SA command to be within ifdef CONFIG_TESTING_OPTIONS
This is a test command and has no use in production builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:59:31 +03:00
Jouni Malinen
eaf3f9b10d tests: wpa_supplicant MIB command output for WPA/WPA2 information
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:56:03 +03:00
Jouni Malinen
12124240ed tests: WPA (v1) with CCMP
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:35:17 +03:00
Jouni Malinen
e1a273a61d Remove used KDE addition code from EAPOL-Key msg 4/4
EAPOL-Key msg 4/4 has no specified KDE use, so remove the unused code to
simplify the implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:30:16 +03:00
Jouni Malinen
9a147ba18d WNM: Fix regression in Sleep Mode exit key data parsing
Commit dbfb8e82ff changed the Action frame
RX payload pointer design to point to a different field. WNM Sleep Mode
Response handler updated one of the uses to accommodate this change, but
that commit missed another use for key data length. This resulted in GTK
and IGTK being ignored in many cases when waking up from WNM Sleep Mode
with PMF enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:13 +03:00
Jouni Malinen
b2edaa4333 tests: Add wlantest passphrase info for WNM Sleep Mode with PMF
This makes the sniffer capture more convenient with the Action frames
decrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00
Jouni Malinen
76d3fb1eeb Remove unused wpa_sm_get_param() function
This function was not used anywhere and was not up-to-date with
full tet of parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00
Jouni Malinen
d1635d97bc tests: PTK rekey forced by STA with WPA2 AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00
Jouni Malinen
67935bc3a5 tests: FTIE MIC mismatch in TDLS Setup Response/Confirm
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00
Jouni Malinen
ed429931a0 TDLS: Add test mode for MIC failure testing
"SET tdls_testing 0x800" can be used to enable a special test mode that
forces the FTIE MIC in TDLS setup messages to be incorrect.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00