Commit graph

18654 commits

Author SHA1 Message Date
Jouni Malinen
641f2868de tests: FT and VLAN in wpa_psk file
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 11:47:25 +02:00
Jouni Malinen
ba150059d1 FT: Store PMK-R0/PMK-R1 after EAPOL-Key msg 2/4 MIC validation
hostapd was previously storing the derived PMK-R0 and PMK-R1 as soon as
these keys were derived. While that is fine for most purposes, it is
unnecessary to do that so quickly and if anything were to fail before
the supplicant is able to return a valid EAPOL-Key msg 2/4, there would
not really be any real use for the derived keys.

For the special case of FT-PSK and VLAN determination based on the
wpa_psk file, the VLAN information is set in the per-STA data structures
only after the EAPOL-Key msg 2/4 MIC has been verified. This ended up
storing the PMK-R0/PMK-R1 entries without correct VLAN assignment and as
such, any use of the FT protocol would not be able to transfer the VLAN
information through RRB.

Split local storing of the FT key hierarchy for the cases using the FT
4-way handshake so that PMK-R0 and PMK-R1 are first derived and then
stored as a separate step after having verified the MIC in the EAPOL-Key
msg 2/4 (i.e., after having confirmed the per-STA passphrase/PSK was
selected) and VLAN update. This fixes VLAN information for the
wpa_psk_file cases with FT-PSK.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 11:47:25 +02:00
Jouni Malinen
e4d1000cac tests: Verify hostapd STA vlan_id value
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-13 23:22:10 +02:00
Jouni Malinen
4994fa9e59 wlantest: Parse Multi-Link element in (re)association frames
Print the details from the Multi-Link elements from the association
exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-13 21:34:58 +02:00
Chunquan Luo
56662f36da Refine vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS
During implementation of commit 257b119c2d ("QCA vendor attribute of
update roaming cached statistics info") some deficiencies were noted as
listed below, so fix them. Since these are pre-implementation changes,
no ABI breakage is introduced.

1) Change all RSSI values to be signed values.
2) Add enums for scan type and dwell type instead of documenting
   their values with comments
3) Add missing QCA_ROAM_REASON_STA_KICKOUT to enum qca_roam_reason

Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
2023-02-10 13:23:44 +02:00
Jouni Malinen
eff82f93af tests: Make pmksa_cache_and_cui more robust
Make sure hostapd has had time to complete 4-way handshake processing
before initiating reauthentication from wpa_supplicant. There is a small
window for race condition here when testing with UML and time travel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 13:11:54 +02:00
Jouni Malinen
2d3afc273d tests: MACsec with EAP-PSK
This verifies use of a shorter than 65 octet EAP Session-Id.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 12:41:03 +02:00
Jouni Malinen
72b8193f41 MACsec: Remove EAP Session-Id length constraint
The initial MACsec implementation required the EAP Session-Id to be at
least 65 octets long and by truncating the value to that length, the
practical limit of functional cases was limited to that exact length of
65 octets. While that happens to work with EAP method that use TLS, it
does not work with most other EAP methods.

Remove the EAP Session-Id length constraint and allow any length of the
Session-Id as long as the EAP method provides one. In addition, simplify
this be removing the unnecessary copying of the Session Id into a new
allocated buffer.

Fixes: dd10abccc8 ("MACsec: wpa_supplicant integration")
Fixes: a93b369c17 ("macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 12:31:01 +02:00
Raphaël Mélotte
3915e8834e hostapd: Report error on unknown ACCEPT_ACL/DENY_ACL commands
Currently when using ACCEPT_ACL or DENY_ACL, no error is reported if
the rest of the command is unknown (e.g. 'ACCEPT_ACL FOOBAR' reports
'OK').

On the other hand, hostapd_cli makes it possible to use 'accept_acl'
and 'deny_acl' in lowercase, but the rest of the command (i.e. 'SHOW',
'ADD_MAC', 'CLEAR', etc) must be in uppercase.

As a result, the command 'accept_acl clear' could seem valid when
using hostapd_cli (as it reports 'OK'), while it actually does not do
anything (because 'clear' must be in uppercase).

To let users know whether the command really succeeded or not, report
an error when the command was not understood.

Note that this is also consistent with the way it is currently
implemented in wpa_supplicant.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2023-02-01 18:38:21 +02:00
Mordechay Goodstein
2cff340d17 utils: Move log2pcap to python3
python2 is deprecated so move script to python3.
While at it, make some minor adjustments.

Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-02-01 18:34:57 +02:00
Krishna T
12de8112b7 Fix BSS age underflow
While checking for stale BSSes, the current time is used as a basis and
then based on age the stale check time is calculated, but if this is
done too early in the boot and if either BOOTTIME/MONOTONIC (the one
Zephyr uses by default) are used then the stale check time underflows
and goes to future causing active BSS entries in the scan to be treated
as stale and flushed.

Fix this by adding a check before calculating stale time and ignore this
check till the system reaches the BSS expiration time (this would never
happen with REALTIME clock).

Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Signed-off-by: Sridhar Nuvusetty <sridhar.nuvusetty@nordicsemi.no>
2023-02-01 18:30:27 +02:00
Jouni Malinen
047da5fe3a tests: wpa_supplicant config file parsing of an invalid network
This is a regression test for a NULL pointer dereferencing from commit
d8d2b3a338 ("Implement read-only mode for SSIDs from the additional
config (-I)") .

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-01 18:26:35 +02:00
Krishna
d31c2b43aa Fix segfault in case of an invalid configuration
The RO variable is being assigned before the SSID is NULL checked, so,
any invalid configuration leads to a segmentation fault.

Fixes: d8d2b3a338 ("Implement read-only mode for SSIDs from the additional config (-I)")
Signed-off-by: Chaitanya Tata <chaitanya.tk17@gmail.com>
2023-02-01 18:24:13 +02:00
Jouni Malinen
825a545279 tests: Clear sae_groups in radius_sae_password
This is needed to avoid failures caused by previous test cases having
left behind constraints on the allowed groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-31 12:00:18 +02:00
Veerendranath Jakkam
a32b424a3d MLD STA: Use AP MLD address in PMKSA cache attempts for driver-SME case
The previous implementation handles PMKSA cache attempts with AP MLD
address only for SME-in-wpa_supplicant cases since wpa_s->valid_links
wouldn't be set for SME-in-driver cases.

Fix SME-in-driver behavior by enabling PMKSA cache attempts with AP MLD
address when driver supports MLO and SME offload to driver.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-01-31 11:20:18 +02:00
Veerendranath Jakkam
8c4790cef8 MLD STA: Store PMKSA with AP MLD address for MLO connection event
Store PMKSA with AP MLD address while processing connect event for OWE
and FILS when the connection is MLO capable.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-01-31 11:19:41 +02:00
Jouni Malinen
bf124a03d5 SAE: Update PT value at later point for SME cases, if needed
It was possible to hit a case where the SAE PT had not yet been derived,
e.g., when using P2P group re-invocation. Update PT use at the time
authentication is started, if needed, to avoid this. While this is not
really ideal from the externally observable timing view point, this is
done only for the case where there is no other option available with a
dynamically changing network configuration for P2P. Similar design was
already in place for the SAE offload-from-driver (external auth) case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:23:22 +02:00
Qiwei Cai
1aadcca0a7 P2P: Enable SAE-H2E for client when joining a 6 GHz group
Both P2P GO and client always save key_mgmt = WPA_KEY_MGMT_PSK in the
configuration when storing a persistent group. Next time, when a GO is
started as an autonomous GO on a 6 GHz channel, it will change key_mgmt
to SAE and use hash-to-element mechanism, but the P2P client doesn't
change the parameter even if the group it wants to join is operating on
a 6 GHz channel. The P2P connection will be failed due to reason 'reject
due to mismatch with WPA/WPA2'.

Enable SAE-H2E for P2P client in this case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:21:33 +02:00
Jouni Malinen
37f8257c4f SAE: Extend automatic enabling of H2E on 6 GHz to additional cases
Commit 3a0edb2cd8 ("SAE: Enable H2E for 6 GHz BSS") started enabling
H2E automatically for SAE use on the 6 GHz band, but it did not update
these steps in verifying whether the STA has matching configuration for
a BSS that mandates use of H2E and whether to use PT for SAE in SME.
Update these to be aware of automatic H2E enabling.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 23:21:06 +02:00
Jouni Malinen
89377c6b9c OCV: Fix build without CONFIG_OCV=y
ssid->ocv is defined within CONFIG_OCV block, so the use for it needs to
match.

Fixes: dc7e330e0b ("Set OCV capability based on Association Request frame RSNE")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:23:35 +02:00
Jouni Malinen
d44a7e38d1 tests: Use nproc for determining how many parallel jobs to use (fuzz)
This was already done in tests/hwsim/build.sh, but the fuzzing
build-test.sh can do same instead of using the hardcoded value 8.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:21:45 +02:00
Shivani Baranwal
bf931c5f8d tests: P2P Service Discovery initiated from Go device.
Add a new P2P Service Discovery test to verify the handling of the
SD response frame received by the GO device.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-01-25 23:47:33 +02:00
Shivani Baranwal
2e47ea22cc P2P: Fix handling Service Discovery Response received by GO device
The received Service Discovery Response frame follows the ap_mgmt_rx()
path in P2P GO mode. If gas_query_rx_frame() doesn't process the frame,
call the Public Action frame callbacks if any are registered for further
processing of the RX frame.

Fixes: 9c2b8204e6 ("DPP: Integration for hostapd")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-01-25 23:47:33 +02:00
Aleti Nageshwar Reddy
dc7e330e0b Set OCV capability based on Association Request frame RSNE
Currently, OCV self-capability is being set into the RSN supplicant
state machine only during the initial connection and never getting
updated. But for the driver-SME cases the driver may enable/disable OCV
in (Re)Association Request frame RSNE based on the AP chosen to roam.
This will lead to missing synchronization between wpa_supplicant and the
driver. Thus, update OCV self-capability in the wpa_supplicant RSN state
machine based on the (Re)Association Request frame RSNE indicated in the
connect response.

Signed-off-by: Aleti Nageshwar Reddy <quic_anageshw@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
e8706c109e tests: Work around pyrad issues with octet strings that start with "0x"
pyrad's tools.py EncodeOctets() uses a design that tries to
automatically determine when the octetstring is a hex string based on
the binary data starting with "0x". That is not really nice since it
will result in failing one out of 65536 possible random inputs with
"binascii.Error: Non-hexadecimal digit found" when trying to decode an
actual (non-hex) binary string as a hexstring.

Work around this by convering the special cases where the
Message-Authenticator binary value happens to start with b"0x" to a
hexstring.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
85ac165d64 tests: Allow some more time for a scan in discovery_group_client
This makes the test case a bit more likely to be able to complete with
S1G being enabled in mac80211_hwsim. However, the 15 second P2P protocol
timeout itself can be hit in this type of a case and the test case will
still fail every now and then if all mac80211_hwsim supported channels
are included.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
d5b7560de5 tests: Clear sae_groups in pasn_sae_kdk
This test case could have failed when executed after a test case that
had forced a specific set of SAE groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
a70a4672d8 tests: Allow more VMs to be used that there are screen lines
curses prints were causing parallel-vm.py to terminate if there were too
many VMs to fit into the screen. For now, simply hide any VMs from the
live status if there is not sufficient room for them.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
831be65149 WPS: Do not indicate incorrect PBC overlap based on partner link
The check for PBC overlap on a partner link should not be done unless
the current interface is actually in active PBC mode. Furthermore, the
wpa_s->wps_overlap variable needs to be cleared in additional places to
avoid leaving it set indefinitely.

This was found with the following test case sequence:
dbus_wps_pbc_overlap dbus_p2p_two_groups

Fixes: b43e19f3f3 ("WPS: Cross band overlap detection with multiple interfaces")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 19:08:07 +02:00
Jouni Malinen
48cb42182f tests: Disable both APs before flushing PBC state
One of the PBC APs was left running at the end of the tet case with
active PBC. Stop that AP as well before flushing scan information on the
STA.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 19:06:25 +02:00
Jouni Malinen
c9fc124256 P2P: Make wpas_p2p_notif_pbc_overlap() static
Commit ace0fbdb69 ("P2P: Fix segfault when PBC overlap is detected")
removed the external calls to this function, but did not mark it static.
Mark it static now to clarify expected uses through the
wpas_p2p_pbc_overlap_cb() timer handler.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 18:02:26 +02:00
Jouni Malinen
ec277b5237 tests: Make ap_roam_open work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 23:06:38 +02:00
Jouni Malinen
415458e2b3 tests: Make wext_pmksa_cache work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 12:40:46 +02:00
Jouni Malinen
19d3e0383f tests: Make ap_wps_iteration_error work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not long enough to allow two scan iterations to be completed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 12:40:41 +02:00
chunquan
257b119c2d QCA vendor attribute of update roaming cached statistics info
Add vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS and attribute id
in enum qca_wlan_vendor_attr_roam_cached_stats for collecting roaming
statistics information when diagnosing roaming behavior.

Signed-off-by: Chunquan Luo <quic_chunquan.quicinc.com>
2023-01-13 18:09:20 +02:00
Purushottam Kushwaha
18436f393d Enhance QCA vendor interface for Concurrent AP Policy for XR
Add new AP concurrency policy QCA_WLAN_CONCURRENT_AP_POLICY_XR to
configure interface for eXtended Reality (XR) requirements.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2023-01-13 12:27:14 +02:00
Asutosh Mohapatra
58fba11e1d Enhance QCA vendor interface with new hang reason codes
Add more hang reason codes for the hang reason in the
qca_wlan_vendor_hang_reason enum.

Signed-off-by: Asutosh Mohapatra <quic_asutmoha@quicinc.com>
2023-01-13 12:22:06 +02:00
Jouni Malinen
c1ce0c3587 wlantest: Use AP MLD address in CCMP/GCMP AAD for A3
Commit b20991da69 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce")
updated AAD and nonce construction to use MLD addresses in AAD for A1
and A2. IEEE P802.11be has additional cases where A3 in AAD is set to
the AP MLD address, so cover those as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-10 12:38:59 +02:00
Jouni Malinen
5c86622175 wlantest: Select BSS more carefully for MLO EAPOL-Key cases
Prefer a BSS entry that has a matching STA entry when processing
EAPOL-Key frames. This avoids issues where some combination of MLD
and/or link addresses are used in a sequence that could end up
generating two separate STA entries for the same non-AP MLD.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-10 12:00:59 +02:00
Jouni Malinen
0ba17557ea wlantest: Print BSSID for EAPOL-Key frames
The BSSID (RA/TA) might differ from SA/DA for the AP, so print it as
well in the debug entry for EAPOL-Key frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-10 11:50:40 +02:00
Jouni Malinen
0f3f9cdcab dpp-nfc: Try to request with alternative URL in additional cases
There was a race condition between the NFC handover requester and
selector role processing that ended up not sending out the alternative
proposal in some cases. Catch those at the end of
run_dpp_handover_client() processing (or immediately after returning
from that function without having sent out the alternative proposal).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-20 17:29:19 +02:00
Shivani Baranwal
8b36248cd2 Add QCA vendor command to get the monitor mode status
Add a new vendor command QCA_NL80211_VENDOR_SUBCMD_GET_MONITOR_MODE to
get the local packet capture status in the monitor mode. Add required
attributes to respond with status of the monitor mode. The monitor mode
can be started/configured by using the
QCA_NL80211_VENDOR_SUBCMD_SET_MONITOR_MODE subcommand.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-12-19 21:00:44 +02:00
Kiran Kumar Lokere
0dd8bcef83 QCA vendor attributes for MLO and EHT capabilities
Add new QCA vendor attributes to configure the driver for EHT
capabilities and multi link configuration.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-19 19:10:53 +02:00
Kiran Kumar Lokere
e5602989cf QCA vendor attributes to configure EHT capabilities
Add new QCA vendor attributes to configure the driver for EHT
capabilities. These attributes are used for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-19 19:02:39 +02:00
Jouni Malinen
2377d817da tests: DPP QR Code and hostapd as initiator/Configurator (offchannel)
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Michal Kazior
d9d5e55c54 DPP: Respond to GAS on the same channel it was received on
When I was testing dpp_auth_init on an AP with Enrollee on a different
channel from the AP I was getting failures. This happened on hwsim in
UML with time-travel for me. I don't recall seeing this with real
devices, presumably because of lax offchan implementation.

The DPP authentication would succeed. However the station would then try
to get configuration through a GAS request and fail.

The AP reported the following logs (grepped):

> 1614762426.860212: RX_ACTION category 4 action 10 sa 02:00:00:00:01:00 da 02:00:00:00:00:00 len 227 freq 2412
> 1614762426.860212: wlan0: GAS: GAS Initial Request from 02:00:00:00:01:00 (dialog token 239)
> 1614762426.860233: DPP: Wait for Configuration Result
> 1614762426.860234: nl80211: Send Action frame (ifindex=5, freq=2462 MHz wait=0 ms no_cck=0 offchanok=0)
> 1614762428.861186: DPP: Timeout while waiting for Configuration Result
> 1614762428.861186: wlan0: DPP-CONF-FAILED

While the STA reported the following logs (grepped):

> 1614762426.860193: wlan1: DPP-AUTH-SUCCESS init=0
> 1614762426.860195: DPP: Stop listen on 2412 MHz
> 1614762426.860202: wlan1: GAS-QUERY-START addr=02:00:00:00:00:00 dialog_token=239 freq=2412
> 1614762428.861185: GAS: No response received for query to 02:00:00:00:00:00 dialog token 239
> 1614762428.861189: DPP: GAS query did not succeed
> 1614762428.861189: wlan1: DPP-CONF-FAILED

AP would still receive the GAS request on ch1 but would then try to
respond on ch11 while STA was waiting on ch1.

Signed-off-by: Michal Kazior <michal@plume.com>
2022-12-18 21:07:56 +02:00
Jouni Malinen
651c9e9578 Add new status code strings
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
6bc9ce67b2 tests: HE on 6 GHz and automatic security settings on STA
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
3a2d275522 Make MFPR value from an associated STA available as hostapdMFPR
This can be helpful for testing purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
546debd5ef Force MFPR=1 to be used on the 6 GHz band
IEEE Std 802.11ax-2021, 12.12.2 requires this, so force MFPR=1 when
associating on the 6 GHz band so that ieee80211w=1 (i.e., MFPC=1 MFPR=0)
configuration can be used to get MFPC=1 behavior on other bands and
MFPR=1 on the 6 GHz band.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:48 +02:00