Commit graph

15004 commits

Author SHA1 Message Date
Wiktor Drewniak
bce3d4f70e autoscan: Disable when we move above WPA_SCANNING state
In case of drivers that don't use wpa_supplicant as SME, autoscan
feature was never disabled.

Signed-off-by: Wiktor Drewniak <wiktor.drewniak@gmail.com>
2019-04-16 01:53:21 +03:00
Sergey Matyukevich
eb3234c07b SAE: Use open authentication to reassociate for PMKSA caching
For reassociation with the same AP wpa_supplicant attempts to use cached
PMKSA. For this purpose PMKID is passed in RSNE in (Re)Association
Request frame. In the case of SAE AP, open authentication shall be used
during reassociation. Otherwise cached PMKID becomes invalid after full
SAE authentication.

The previous implementation correctly handles SME-in-wpa_supplicant
cases. However SME-in-driver cases, complete SAE authentication is
performed. As a result, first reassociation attempt fails.

Fix SME-in-driver behavior by reseting authentication algorithm to
WPA_AUTH_ALG_OPEN when reassociating with SAE AP with an existing PMKSA
cache entry.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-04-16 01:53:21 +03:00
Avraham Stern
fe01cd0067 Fix FILS ERP association event with 4-way HS offload drivers
When FILS authentication is used with ERP, no EAPOL frames are expected
after association. However, for drivers that set the
WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X capability flag, the EAP state
machine was not configured correctly and was waiting for EAPOL frames,
which leads to disconnection.

Fix this by reordering the if branches to set the EAPOL/EAP state
machines to success when FILS authentication was already completed.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-04-16 01:53:21 +03:00
Ilan Peer
323a51cc01 nl80211: Handle NL80211_CMD_PROBE_CLIENT command response
When processing the NL80211_CMD_PROBE_CLIENT command response, the
nl80211 layer in the kernel sends a response containing the cookie
associated with the client probe request. This response was not handled
by driver_nl80211.c when sending the command, and it was mistakenly
handled as an asynchronous event. This incorrect event did not include
the MAC/ACK attributes, so it was ignored in practice, but nevertheless,
the command response should not be processed as an event.

Fix this by reading the response as part of the sending the command
flow.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-16 01:53:18 +03:00
Jouni Malinen
5e6c54bee8 tests: AP with open mode and STA poll without ACK
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-16 01:52:36 +03:00
Jouni Malinen
28f19a3ae5 nl80211: More detailed PROBE_CLIENT debug print
Include the MAC address of the peer, knowledge of whether the poll was
ACKed, and cookie into the debug message to make this more useful.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-16 01:52:34 +03:00
Jouni Malinen
9c4554a9b7 tests: SA Query timeout
Verify wpa_supplicant behavior on SA Query timeout and
disconnection/reconnection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-16 00:48:27 +03:00
Andrei Otcheretianski
31cf52bf2e Do not clear FT IEs twice in sme_deinit()
Remove FT IEs clearing from sme_deinit() as it is done twice. The
sme_clear_on_disassoc() call to sme_update_ft_ies() takes care of this.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-04-16 00:48:27 +03:00
Andrei Otcheretianski
01ac337b32 Stop SA Query on disconnection
SA Query wasn't stopped after disconnection, which could potentially
result in an unexpected SA timeout firing later when already connected
to another AP. Fix that by stopping SA Query when an association is
terminated.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-04-16 00:48:27 +03:00
Jouni Malinen
7a206c504f Add debug print on stopping SA Query procedure
This makes it easier to debug SA Query behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-16 00:42:58 +03:00
Andrei Otcheretianski
710c692381 P2PS: Cleanup pending_p2ps_group flag
pending_p2ps_group flag is not always cleaned, which may later result
in an unexpected GO bring up, after PD response is transmitted in
wpas_prov_disc_resp_cb().
This can be seen when running the following hwsim tests together:
 - p2ps_channel_sta_connected_disallow_freq_mcc
 - p2ps_channel_active_go_and_station_different_mcc
Fix this by clearing pending_p2ps_group flag also when processing new
PD requests. In addition, set this flag only when really needed.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2019-04-16 00:19:03 +03:00
Jouni Malinen
0be8b9238f mka: Avoid memory leak in unexpected case in RECEIVE
It looks like it is possible for the RECEIVE state to leak memory where
a previously allocated sm->lki is moved to sm->oki while sm->oki is
pointing to not yet freed entry. It is not clear how this can be
triggered, but it has come up in hwsim testing under heavy load.

Free sm->oki if it is still set in RECEIVE before replacing it with
sm->lki to avoid this memory leak.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 22:50:06 +03:00
Jouni Malinen
984d5b7e1f mesh: Fix random llid generation in an error case
If os_get_random() fails, llid must not be read/used since it could be
uninitialized. Handle that special case by clearing llid explicitly to 0
to continue iteration.

Fixes: 5f92659d88 ("mesh: Add mesh peering manager")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 22:26:07 +03:00
Jouni Malinen
10cf866bac mesh: Fix operations after SAE state machine removing the STA
It is possible for the SAE state machine to remove the STA and free the
sta pointer in the mesh use cases. handle_auth_sae() could have
dereferenced that pointer and used freed memory in some cases. Fix that
by explicitly checking whether the STA was removed.

Fixes: bb598c3bdd ("AP: Add support for full station state")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 22:09:12 +03:00
Jouni Malinen
153d4c501a mesh: Fix SAE reauthentication processing
ap_free_sta() frees the sta entry, so sta->addr cannot be used after
that call. Fix the sequence of these two calls to avoid use of freed
memory to determine which PMKSA cache entry to remove.

Fixes: 9f2cf23e2e ("mesh: Add support for PMKSA caching")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 21:57:58 +03:00
Jouni Malinen
2f68051395 Fix hostapd BSS_TM_REQ handling of bss_term parameter
The TSF field in BSS termination information was not cleared correctly.
It was supposed to be cleared to all zeros, but the memset call did not
point at offset 2; instead, it cleared it with 0x02 octets and also
cleared the subelement header with 0x02 octets while leaving two last
octets uninitialized.

Fixes: a30dff07fb ("Add BSS_TM_REQ command to send BSS Transition Management Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 21:11:46 +03:00
Jouni Malinen
e6ac47b47d Fix debug print in GET_PREF_FREQ_LIST handler
Do not use the buf argument to wpas_ctrl_iface_get_pref_freq_list() in
the debug print since it points to the response buffer ("OK\n" without
null termination). This was supposed to print the cmd argument instead.
The previous version ended up using uninitialized heap memory from the
response buffer.

Fixes: 983422088f ("nl80211: Add means to query preferred channels")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 20:54:12 +03:00
Jouni Malinen
2e70e807c8 D-Bus: Fix P2P GroupStarted signal not to use uninitialized IP buffer
wpas_p2p_completed() used wpa_sm_get_p2p_ip_addr() return value properly
for filling in the ip_addr[] string only if the IP addresses got
assigned, but the raw ip[] array was passed to
wpas_dbus_signal_p2p_group_started() regardless of whether the IP
addresses were assigned. This could result in using uninitialized stack
memory for constructing the GroupStarted signal values. Fix this by
filling those in only if the IP addressed are actually available.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 20:27:52 +03:00
Jouni Malinen
6541b9dbe7 tests: Avoid confusing "DETACH failed" exception prints in D-Bus tests
dbus_p2p_go_neg_init, dbus_p2p_group_idle_timeout, and
dbus_p2p_group_termination_by_go could end up print a "DETACH failed"
exception as a warning from WpaSupplicant.__del__ for the dev1 instance
used within the TestDbusP2p class. This did not cause the test cases to
fail, but the output is a bit confusing, so clean this up be explicitly
closing the control interface monitor sockets and furthermore by
ignoring the "DETACH failed" exception within __del__.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-15 20:13:28 +03:00
Jouni Malinen
c975c667f8 Remove hwsim_test
This external tool was used for testing data connectivity with
mac80211_hwsim. However, the last user for it was removed in 2014 by
commit 1131a1c8d2 ("tests: Replace last remaining hwsim_test uses with
DATA_TEST"), so there is not point in maintaining this forgotten test
tool in the repository anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-15 12:44:41 +03:00
Jouni Malinen
8860182449 tests: Unsupported WNM Action
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 17:38:15 +03:00
Jouni Malinen
327a2c786b tests: WNM Collocated Interference Reporting errors
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 17:38:15 +03:00
Jouni Malinen
de3815c71b tests: WNM BSS Transition Management and steering timeout
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 17:21:13 +03:00
Jouni Malinen
c6867fd3b1 tests: WNM BSS Transition Management query - TM disabled on AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 17:04:10 +03:00
Jouni Malinen
989bc22006 tests: WNM Sleep Mode disabled on AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 16:57:40 +03:00
Jouni Malinen
48bce38621 tests: Use helper function for starting WNM AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 16:57:40 +03:00
Jouni Malinen
9d21594354 tests: WNM Sleep Mode - RSN with OCV - local failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 16:02:54 +03:00
Jouni Malinen
815f58a96f tests: nl80211 freq reporting in station mode
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:41:26 +03:00
Jouni Malinen
c5fff8bbd2 nl80211: Update assoc_freq and bss->freq based on real association info
Move event.assoc_info.freq selection to be after the
nl80211_get_assoc_ssid() call so that the current cfg80211 information
on the operating channel can be used should anything unexpected have
happened between the association request and completion of association.
Furthermore, update bss->freq based on assoc_freq to make that
information a bit more useful for station mode. It was already updated
after channel switches during association, but not at the beginning of
association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:40:45 +03:00
Jouni Malinen
091c227714 nl80211: Clear bss->freq on station mode disconnection
This fixes some issues where bss->freq could have been used to replace
the current operating channel when sending out a management frame.
bss->freq has not been consistently used to track the current operating
channel in station mode, so it should not be trusted for this type of
uses. Clearing it makes this a bit more robust by at least avoiding the
cases of information from past association being used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:33:37 +03:00
Jouni Malinen
d7c98f9558 tests: eap_pwd_perform_confirm_exchange() local failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:35:47 +03:00
Jouni Malinen
b95d79e7bc tests: eap_pwd_perform_commit_exchange() local failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:34:38 +03:00
Jouni Malinen
c9065bd265 tests: EAP-pwd commit request error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
cb5db189ed Remove the unused crypto_ec_cofactor() function
All users of this wrapper function were removed, so the wrapper can be
removed as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
8b093db2c3 EAP-pwd: Remove unused checks for cofactor > 1 cases
None of the ECC groups supported in the implementation had a cofactor
greater than 1, so these checks are unreachable and for all cases, the
cofactor is known to be 1. Furthermore, RFC 5931 explicitly disallow use
of ECC groups with cofactor larger than 1, so this checks cannot be
needed for any curve that is compliant with the RFC.

Remove the unneeded group cofactor checks to simplify the
implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
c7c267fa51 tests: EAP-pwd rejection of groups 25, 26, and 27
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
92e1b96c26 EAP-pwd: Disallow ECC groups with a prime under 256 bits
Based on the SAE implementation guidance update to not allow ECC groups
with a prime that is under 256 bits, reject groups 25, 26, and 27 in
EAP-pwd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
caf4d1c979 tests: Remove testing of EAP-pwd groups 25, 26, and 27
This is in preparation of disallowing all use of these groups. Negative
test case for the groups will be added in a separate commit after the
implementation has been changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
6fe3ee722d tests: EAP-pwd local failure in crypto_bignum_rand()
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
6570949b2c OpenSSL: Fix server side openssl_ecdh_curves configuration with 1.0.2
It looks like SSL_CTX_set1_curves_list() command alone is not sufficient
to enable ECDH curve selection with older OpenSSL versions for TLS
server, so enable automatic selection first and specify the exact list
of curves after that.

This fixes failures in openssl_ecdh_curves test case when hostapd uses
OpenSSL 1.0.2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:05 +03:00
Jouni Malinen
8ff2401d54 tests: EAP-pwd eap_pwd_get_element() local failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 18:28:03 +03:00
Jouni Malinen
4f183becf0 tests: EAP-pwd compute_password_element() local failures
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 16:58:38 +03:00
Jouni Malinen
b061b9e943 tests: CONFIG_TLS=linux build of wpa_supplicant
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 12:57:42 +03:00
Jouni Malinen
52b1cb5d73 tests: crypto_hash_finish() failure in eap_pwd_kdf()
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 12:53:42 +03:00
Jouni Malinen
e8d8f4b680 tests: EAP-EKE rejection of unsupported DH groups 2 and 5
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 12:20:24 +03:00
Jouni Malinen
52ad367624 tests: Make regdom clearing in WNM tests more robust
It looks like the scan operation could end up reverting regdom back to
the previously configured one, so configure 00 country before starting
the disconnect-and-stop-scan operation to give some more time for the
regdom to be cleared.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 12:06:25 +03:00
Jouni Malinen
e467d7ab4a tests: Show ifname in country code not cleared messages
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-13 12:06:09 +03:00
Avraham Stern
986bfb6ed6 tests: Update rrm_beacon_req_last_frame_indication to match implementation
The last beacon report indication was set in all the beacon report
elements in the last frame of the beacon report, while it should be set
only in the last beacon report element of the last frame. This is now
fixed in wpa_supplicant, so update the test case expectation to match
the fixed behavior.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-04-13 11:56:08 +03:00
Avraham Stern
56ac1f9dfe RRM: Set last beacon report indication in the last element only
The last beacon report indication was set in all the beacon report
elements in the last frame of the beacon report, while it should be
set only in the last beacon report element of the last frame.

Fixes: ecef0687dc ("RRM: Support for Last Beacon Report Indication subelement")
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-04-13 11:51:05 +03:00
Ben Greear
6f484978fb Document BSS expiration configurables
Help the user be aware of the options to configure when
wpa_supplicant will remove a BSS due to expiration.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-04-13 11:41:51 +03:00