Commit graph

52 commits

Author SHA1 Message Date
Jouni Malinen
0a321d1733 tests: Fix fuzzing tester for WNM
Processing of WNM frames can results in a lookup of the current BSS
table. As such, the testing tool needs to initialize the BSS table to
avoid NULL pointer dereferences. This is not an issue that would show up
with real production uses with wpa_supplicant since wpa_bss_init() is
called there.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67244
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-06 17:38:08 +02:00
Jouni Malinen
40d5fecac2 Fix fuzzing test build
The commit that renamed the WNM BTM deallocation function forgot to
update the fuzz tester tool.

Fixes: e508c070c4 ("WNM: Keep BTM information until connection completes")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-05 17:24:50 +02:00
Jouni Malinen
d44a7e38d1 tests: Use nproc for determining how many parallel jobs to use (fuzz)
This was already done in tests/hwsim/build.sh, but the fuzzing
build-test.sh can do same instead of using the hardcoded value 8.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:21:45 +02:00
Andrei Otcheretianski
694a1c6873 SAE: Make sme_sae_auth() return IE offset
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).

To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:11:16 +02:00
Jouni Malinen
f49b604555 tests: Fix pasn-init fuzz tester build
Change of the wpas_pasn_start() prototype did not update the fuzzer
tool.

Fixes: 309765eb66 ("PASN: Use separate variables for BSSID and peer address")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-19 17:21:45 +02:00
Veerendranath Jakkam
08512e5f35 MLD STA: Extend key configuration functions to support Link ID
Add support to specify a Link ID for set key operation for MLO
connection. This does not change the existing uses and only provides the
mechanism for extension in following commits.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-11-06 23:36:49 +02:00
Jouni Malinen
66d7f554e2 tests: Fuzz testing for PASN
Add test tools for fuzzing PASN initiator and responder handling of
received PASN Authentication frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:22:14 +02:00
Jouni Malinen
2e840fb2ab tests: Fix CC and CFLAGS default processing for fuzzing
"make LIBFUZZER=y" was supposed to set CC and CFLAGS to working values
by default if not overridden by something external. That did not seem to
work since the defaults from the other build system components ended up
setting these variables before the checks here. Fix this by replacing
the known default values for non-fuzzing builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-06 17:11:47 +02:00
Jouni Malinen
ddcd15c2de tests: Fix fuzzing/sae build
sae.c depends on wpa_common.c now and as such, this test build needs to
pull in whatever is needed there and that happens to include sha1-prf.c.
Add that to the fuzzer to fix the build.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-07-28 17:08:11 +03:00
Jouni Malinen
18c0ac8901 Provide information about the encryption status of received EAPOL frames
This information was already available from the nl80211 control port RX
path, but it was not provided to upper layers within wpa_supplicant and
hostapd. It can be helpful, so parse the information from the driver
event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-07 21:37:03 +03:00
Jouni Malinen
86877bbc32 tests: Remove unused DH file from TLS client fuzzer
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:42:15 +03:00
Jouni Malinen
fd4580e1e8 tests: Limit maximum number of frames in fuzzing tests
This limits the EAP-SIM and EAP-AKA tests to 100 test frames to avoid
undesired timeouts in automated fuzz testing. The real world uses are
limited to 50 rounds, so there is not really any point in trying with
thousands of frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-04 18:19:23 +03:00
Patrick Steinhardt
e9f449ba59 wpa_supplicant: Move wpa_config_get_line() into utils
The function wpa_config_get_line() is used by the wpa_supplicant config
file parser to retrieve the next non-comment non-blank line. We'll need
the same kind of functionality to implement the file-based external
password backend, so as a preparatory step this commit extracts the
function into its own standalone file in the utils package.

No functional changes are expected from this commit.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
2021-02-16 00:47:43 +02:00
Jouni Malinen
11cd1ffc71 tests: Fix fuzzing test build after file rename
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 18:16:28 +02:00
Jouni Malinen
581dfcc413 tests: Fix p2p fuzzer build after API change
Commit 7b121af26a ("P2P: Delay P2P scan when an external scan is in
progress") added a new argument to p2p_scan_res_handled(), but did not
update this test tool. Fix this by using hardcoded value 0 for the new
delay argument.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-12-23 14:09:52 +02:00
Johannes Berg
87098d3324 build: Put archive files into build/ folder too
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).

Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.

Note that due to the use of thin archives, this required
building with absolute paths.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:16:00 +03:00
Johannes Berg
00b5e99b65 build: Use the new build system for fuzz tests
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:15:16 +03:00
Johannes Berg
dcc5288e5b gitignore: Add various things
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 13:06:53 +03:00
Jouni Malinen
5dedbd582a tests: Fix wnm fuzzer build regression
Addition of MSCS support broke the test tool build due to references to
a functions from a new file. Fix this by bringing in that file to the
fuzzer build as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-08-22 11:12:17 +03:00
Jouni Malinen
c3f894ad00 tests: Fix eapol-supp fuzzing tool build
Boolean handling was changed to use "true" instead of "TRUE", but this
location was missed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-02 23:48:37 +03:00
Jouni Malinen
3aaf269f67 DPP: Move TCP encapsulation into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
21c612017b DPP: Move configurator backup into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
fdbbb74064 DPP: Move authentication functionality into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 17:26:11 +03:00
Jouni Malinen
0c043d9de7 DPP2: Reconfig Announcement transmission
Extend DPP chirping mechanism to allow Reconfig Announcement frames to
be transmitted instead of the Presence Announcement frames. Add a new
wpa_supplicant control interface command "DPP_RECONFIG <network id>" to
initiate reconfiguration for a specific network profile.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
d4ae12355a DPP: Move PKEX functionality into a separate source code file
This continues splitting dpp.c into smaller pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 16:41:33 +03:00
Jouni Malinen
87b6572616 DPP: Move crypto routines into a separate source code file
This is an initial step in splitting the overly long dpp.c into smaller
pieces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-11 12:09:24 +03:00
Jouni Malinen
de3f8d9fd1 tests: Fix new fuzzer builds
$(LIBS) got included twice into the linker command line from $^ and
$(LIBS). The former ended up getting converted based on host CPU rather
than target. Fix that by removing duplication and -lcrypto from $(LIBS).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-22 00:51:13 +03:00
Jouni Malinen
af23f3a849 tests: New style fuzzing tool for DPP URI parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 20:09:30 +03:00
Jouni Malinen
41a1032449 tests: New style fuzzing tool for SAE commit parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 19:51:46 +03:00
Jouni Malinen
5f11739d58 tests/fuzzing: Update WPA set_key() handler prototype
Update the fizzing test tools to use the new set_key() prototype, i.e.,
add the new key_flag argument, to get rid of compiler warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-25 13:13:06 +02:00
Jouni Malinen
e55dedbf6e tests/fuzzing: Fix build after CONFIG_IEEE80211N=y removal
Commit f3bcd69603 ("Remove CONFIG_IEEE80211N build option") broke
couple of fuzzing test tools due to missing wpa_scan_results_free(). Fix
that by pulling in driver_common.o.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-25 13:08:00 +02:00
Jouni Malinen
6fb526d457 tests: Fix fuzzing/asn1 build
asn1.c needs wpabuf.c to be included now.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-03 17:45:26 +02:00
Jouni Malinen
ce1598d4c2 tests: New style fuzzing tool for EAP-MSCHAPv2 peer processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-24 10:59:22 +02:00
Jouni Malinen
d3516cad7a Store a copy of Association Request RSNXE in AP mode for later use
This is needed to be able to compare the received RSNXE to a protected
version in EAPOL-Key msg 2/4.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-18 00:20:29 +03:00
Jouni Malinen
7d2ed8bae8 Remove CONFIG_IEEE80211W build parameter
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:33:40 +03:00
Jouni Malinen
5f2301a6da Replace EapType typedef with enum eap_type
This cleans up coding style of the EAP implementation by avoiding
typedef of an enum hiding the type of the variables.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-08-17 11:36:20 +03:00
Jouni Malinen
5e6ab36df8 tests: Add X.509v3 parsing example with invalid BasicConstraints
This is a regression test based on an input data from OSS-Fuzz.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:15:22 +03:00
Jouni Malinen
d438b4a3ce tests: Fix CFLAGS passing for new fuzzing tools
src/*/Makefile needs to allow additional CFLAGS values to be provided
from the calling Makefiles so that the clang command line arguments to
enable sanitizers consistently. In addition, it can be useful to be able
to provide CC, CFLAGS, and LDFLAGS from external setup while still
requesing LIBFUZZER=y build. Allow that by not overriding these
variables if they are already set.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-11 06:34:19 +03:00
Jouni Malinen
009c4d79d3 tests: Fix eapol-key-auth memory use for the callback pointer struct
This struct needs to remain valid through the lifetime of the
authenticator state machine, so move it to the context struct instead of
being a local stack variable inside the setup function that returns
before the actual test functionality is executed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-07 23:54:20 +03:00
Jouni Malinen
041aa44b69 tests: Fix ap-mgmt 'make clean'
The binary name had not been updated for the new tool.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 13:51:41 +03:00
Jouni Malinen
a1f3f88ac7 tests: New style fuzzing tool for EAP-AKA peer processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 17:02:57 +03:00
Jouni Malinen
23ddc7b810 tests: New style fuzzing tool for EAP-SIM peer processing
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 16:42:41 +03:00
Jouni Malinen
991ff882fd tests: New style fuzzing tool for X.509 certificate parsing
This is a newer version of tests/test-x509 tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 13:17:31 +03:00
Jouni Malinen
98612544b1 tests: New style fuzzing tools for TLS client/server
These are newer versions of tests/test-tls tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 13:11:56 +03:00
Jouni Malinen
d005d3647b tests: Build test for new fuzzer tools
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 13:00:39 +03:00
Jouni Malinen
150b9dc547 tests: New style fuzzing tools for EAPOL-Key frame processing
These are newer versions of tests/test-eapol tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 13:00:39 +03:00
Jouni Malinen
f86e6c3d95 tests: New style fuzzing tool for EAPOL frame processing (supplicant)
This is a newer version of tests/eapol-fuzzer tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 13:00:39 +03:00
Jouni Malinen
77876ee25c tests: New style fuzzing tool for ASN.1 parser
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 13:00:39 +03:00
Jouni Malinen
efbd631862 tests: New style fuzzing tool for P2P frame processing
This is a newer version of tests/p2p-fuzzer tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 13:00:39 +03:00
Jouni Malinen
e30c7d5269 tests: New style fuzzing tool for AP Management frame processing
This is a newer version of tests/ap-mgmt-fuzzer tool.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-02 13:00:39 +03:00