aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* DPP: Print more interim EC_POINT results into debug logJouni Malinen2017-11-231-0/+52
| | | | | | This makes it easier to debug issues related to DPP/PKEX EC operations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Allow PKEX own/peer MAC addresses to be overriddenJouni Malinen2017-11-233-0/+41
| | | | | | | This is for testing purposes to allow a test vector with specific values to be generated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Provide peer_mac to PKEX Initiator through function argumentJouni Malinen2017-11-234-4/+6
| | | | | | | Avoid unnecessary direct write to a struct dpp_pkex member from outside dpp.c. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Work around missing EVP_PKEY_CTX_set_ec_param_enc()Jouni Malinen2017-11-231-0/+2
| | | | | | This allows compilation with older OpenSSL 1.0.1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Remove compiler warnings about signed/unsigned comparisonsJouni Malinen2017-11-232-3/+3
| | | | | | These timestamp comparisons did not use matching signedness. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Fix error return value in dpp_auth_conf_rx()Jouni Malinen2017-11-231-1/+1
| | | | | | | | Commit 03abb6b5416d472d473c7017802236f8397d0278 ('DPP: Reject unexpected Req/Resp message based on Auth/PKEX role') used incorrect type of error value (NULL vs. -1). Fix that. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Disassoc STA without WPA/RSN IE if AP proto is WPA/RSNHu Wang2017-11-231-1/+3
| | | | | | | | | | | | With the AP proto configured being WPA/RSN and SME in the driver, the previous implementation in hostapd is to not process hostapd_notif_assoc() due to "No WPA/RSN IE from STA", if the (Re)Association Request frame is without the WPA/RSN IEs. Enhance that to disassociate such station provided the AP is not using WPS. Signed-off-by: Hu Wang <huw@codeaurora.org>
* tests: Probe Request frame RX events from hostapdJouni Malinen2017-11-231-0/+19
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add wpa_msg_ctrl() to report Probe Request frames from STAbhagavathi perumal s2017-11-236-10/+80
| | | | | | | | | This allows external applications to get event indication for Probe Request frames. Extend ctrl iface cmd "ATTACH" to enable this event on per-request basis. For example, user has to send ctrl iface cmd "ATTACH probe_rx_events=1" to enable the Probe Request frame events. Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
* tests: Fix dpp_auth_req_retries* check for DPP capabilityJouni Malinen2017-11-231-0/+2
| | | | | | Need to do this before trying to set the DPP test parameters. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DPP Auth Req retry behaviorJouni Malinen2017-11-231-5/+57
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Fix number of Authentication Request retry casesJouni Malinen2017-11-232-24/+65
| | | | | | | | | | Previous implementation did not handle number of sequences correctly. Make sure the iteration continues in both unicast and broadcast cases until the five attempts have been made. In addition, improve timing by checking 10 second time from the beginning of each iteration round and not the last channel on which the Auth Req frame has been transmitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Take response wait time into account for init retriesJouni Malinen2017-11-221-1/+11
| | | | | | | | | Previously, the Authentication Request frame was retried after 2+10 = 12 seconds since the wait for the response was not accounted for. Substract that wait from the 10 second wait time to start the retries more quickly based on the 10 second timer described in the tech spec. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Stop Authentication Request attempts if no response after ACKJouni Malinen2017-11-222-6/+26
| | | | | | | | | If unicast Authentication Request frame is used and the peer ACKs such a frame, but does not reply within the two second limit, there is no need to continue trying to retransmit the request frames since the peer was found, but not responsive. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DPP with SAEJouni Malinen2017-11-221-2/+45
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add SAE credential support to ConfiguratorJouni Malinen2017-11-224-15/+43
| | | | | | | The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to specify that the legacy configuration object is for SAE. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add akm=sae and akm=psk+sae support in Enrollee roleJouni Malinen2017-11-225-3/+67
| | | | | | | | This allows DPP to be used for enrolling credentials for SAE networks in addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK and FT-SAE cases automatically. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DPP protocol testing - invalid I-nonce in Auth ReqJouni Malinen2017-11-221-0/+4
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing capability to send invalid I-Nonce in Auth ReqJouni Malinen2017-11-222-0/+11
| | | | | | Extend dpp_test to cover one more invalid behavior. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DPP and PKEX retry behaviorJouni Malinen2017-11-221-0/+62
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Retry PKEX Exchange Request frame up to five timesJouni Malinen2017-11-222-12/+73
| | | | | | | | Retransmit the PKEX Exchange Request frame if no response from a peer is received. This makes the exchange more robust since this frame is sent to a broadcast address and has no link layer retries. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: sigma_dut DPP/QR initiator as Configurator (neg_freq)Jouni Malinen2017-11-201-2/+10
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: sigma_dut DPP/QR initiator as Configurator or EnrolleeJouni Malinen2017-11-201-2/+7
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Double TPK M2 during TDLS setup initiationJouni Malinen2017-11-201-0/+8
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TDLS: Add testing capability to send TPK M2 twiceJouni Malinen2017-11-201-0/+8
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Open AP and STA reassociating back without auth exchangeJouni Malinen2017-11-201-0/+12
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Additional DPP protocol testing for Peer Discovery Req/RespJouni Malinen2017-11-191-5/+21
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing for invalid Peer Discovery Req/Resp valuesJouni Malinen2017-11-194-0/+100
| | | | | | | Extend dpp_test to allow more invalid attribute values to be written into Peer Discovery Request/Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Fix ap_cipher_tkip_countermeasures_sta2Jouni Malinen2017-11-191-1/+1
| | | | | | | | hostapd implementation was changed to use a valid Status Code when rejecting the connection. This test case was forgotten at the time, but it needs a matching change to allow the new value (1 instead of 14). Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP protocol testing - invalid Config Attr Obj in Conf ReqJouni Malinen2017-11-191-0/+5
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing for invalid Config Attrib Object valueJouni Malinen2017-11-192-0/+7
| | | | | | | Extend dpp_test to cover a case where Config Attrib Object value is invalid in Configuration Request frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DPP protocol testing - invalid Status in Auth Resp/ConfJouni Malinen2017-11-191-0/+8
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing for invalid DPP Status valueJouni Malinen2017-11-192-1/+11
| | | | | | | Extend dpp_test to cover cases where DPP Status value is invalid in Authentication Response/Confirm frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Use helper functions to build Bootstrap Key Hash attributesJouni Malinen2017-11-191-34/+32
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Replace custom undefined attr with DPP Status in after-wrapped dataJouni Malinen2017-11-192-22/+14
| | | | | | This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Use a helper function to build DPP Status attributeJouni Malinen2017-11-191-15/+15
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: sigma_dut DPP/QR (mutual) initiator (response pending)Jouni Malinen2017-11-191-0/+97
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DPP protocol testing for invalid I/R-bootstrap key hashJouni Malinen2017-11-191-3/+36
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing for writing invalid I/R Bootstrap Key HashJouni Malinen2017-11-192-14/+102
| | | | | | | Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: DPP protocol testing - invalid I/R-proto key in Auth Req/RespJouni Malinen2017-11-181-0/+8
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Protocol testing capability to generate invalid Protocol KeyJouni Malinen2017-11-182-0/+17
| | | | | | | This extends dpp_test to allow invalid Initiator/Responder Protocol Key to be written into the Authentication Request/Response frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: sigma_dut controlled AP and PSKHEXJouni Malinen2017-11-181-0/+19
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Stronger GTK derivation routineJouni Malinen2017-11-181-8/+18
| | | | | | | | | | | | | | | If the build include SHA384, use that to derive GTK from GMK. In addition, add more random bytes bytes to the PRF-X() context data for longer GTK to reduce dependency on the randomness of the GMK. GMK is 256 bits of random data and it was used with SHA256, so the previous design was likely sufficient for all needs even with 128 bits of additional randomness in GTK derivation. Anyway, adding up to 256 bits of new randomness and using SHA384 can be helpful extra protection particularly for the cases using GCMP-256 or CCMP-256 as the group cipher. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Use group 26 instead of 25 in mesh test casesJouni Malinen2017-11-181-3/+3
| | | | | | | | This allows mesh_sae_groups_invalid and wpas_mesh_secure_sae_group_negotiation to be run with BoringSSL (group 25 not available anymore). Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Skip fils_sk_pfs_25 with BoringSSLJouni Malinen2017-11-181-0/+3
| | | | | | | It looks like BoringSSL has dropped support for group 25 (192-bit Random ECP Group). Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Skip ap_wpa2_eap_fast_eap_sim if no EAP-FAST supportJouni Malinen2017-11-181-0/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Fix dpp_test_gen_invalid_key() with BoringSSLJouni Malinen2017-11-181-1/+10
| | | | | | | | Unlike OpenSSL, BoringSSL returns an error from EC_POINT_set_affine_coordinates_GFp() is not on the curve. As such, need to behave differently here depending on which library is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Skip DPP tests with Brainpool curves when using BoringSSLJouni Malinen2017-11-181-6/+10
| | | | | | BoringSSL does not include these EC curves. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Build bootstrapping key DER encoding using custom routineJouni Malinen2017-11-181-10/+66
| | | | | | | | | | | While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem to work with BoringSSL. Since this is not exactly robust design, replace use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules on SubjectPublicKeyInfo (compressed format of the public key, ecPublicKey OID, parameters present and indicating the curve by OID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Use a helper function to DER encode bootstrapping keyJouni Malinen2017-11-181-30/+47
| | | | | | | | | | | This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>