aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tests: Add a server certificate with TOD policyJouni Malinen2019-06-127-1/+164
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: sigma_dut and DPPConfIndex,8Jouni Malinen2019-06-121-0/+4
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wlantest: Allow duplicate frame processing after decryption failureJouni Malinen2019-06-124-3/+20
| | | | | | | | | | | | | | If a sniffer capture does not include FCS for each frame, but may included frames with invalid FCS, it would be possible for wlantest to try to decrypt the first received frame and fail (e.g., due to CCMP MIC mismatch) because that particular frame was corrupted and then ignore the following retry of that frame as a duplicate even if that retry has different payload (e.g., if its reception did not show corruption). Work around this by skipping duplicate frame detection immediately following a decryption failure. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* TLS: Be more careful in X.509 Time parsingJouni Malinen2019-06-111-8/+50
| | | | | | | | | | sscanf() can apparently read beyond the end of the buffer even if the maximum length of the integer is specified in the format string. Replace this parsing mechanism with helper functions that use sscanf() with NUL terminated string to avoid this. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15158 Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Fix CFLAGS passing for new fuzzing toolsJouni Malinen2019-06-112-12/+18
| | | | | | | | | | | src/*/Makefile needs to allow additional CFLAGS values to be provided from the calling Makefiles so that the clang command line arguments to enable sanitizers consistently. In addition, it can be useful to be able to provide CC, CFLAGS, and LDFLAGS from external setup while still requesing LIBFUZZER=y build. Allow that by not overriding these variables if they are already set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Fix eapol-key-auth memory use for the callback pointer structJouni Malinen2019-06-071-7/+6
| | | | | | | | | This struct needs to remain valid through the lifetime of the authenticator state machine, so move it to the context struct instead of being a local stack variable inside the setup function that returns before the actual test functionality is executed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add a QCA vendor attr to disable auto resume beacon reportingVamsi Krishna2019-06-051-1/+21
| | | | | | | | | | The driver automatically starts beacon reporting if it pauses the beacon reporting for any reason other than disconnection. In specific cases, userspace may not want the beacon reporting to be automatically resumed after a pause. Add interface support for userspace to specify driver not to start beacon reporting automatically after a pause. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Interworking: Print HESSID in debug messagesJouni Malinen2019-06-052-3/+10
| | | | | | | This makes it easier to understand ANQP queries needed during Interworking network selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Skip mesh_link_probe if kernel support not presentJouni Malinen2019-06-031-1/+3
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: MACsec with hostapdJouni Malinen2019-06-031-3/+240
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Shorter TX/RX test frame support for hostapdJouni Malinen2019-06-031-12/+35
| | | | | | | | wpa_supplicant already included support for this, but hostapd DATA_TEST_* commands did not yet have support for using a shorter test frame. This is needed for MACsec testing. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* RADIUS server: Add EAP-Key-Name into Access-AcceptJouni Malinen2019-06-031-0/+7
| | | | | | | If the EAP Session-ID is available, add it into Access-Accept (EAP-Key-Name attribute). This is needed for MACsec. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* macsec_linux: Hook QCA driver wrapper for hostapd MACsecJouni Malinen2019-06-031-0/+214
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* macsec: Do not change eapol_version for non-MACsec cases in hostapdJouni Malinen2019-06-032-0/+12
| | | | | | | | It is safer to maintain the old EAPOL version (2) in EAPOL frames that are not related to MACsec and only update the version to 3 for the MACsec specific cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* macsec: Support IEEE 802.1X(EAP)/PSK MACsec Key Agreement in hostapdleiwei2019-06-037-0/+605
| | | | Signed-off-by: leiwei <leiwei@codeaurora.org>
* macsec: Export eapSessionIdleiwei2019-06-032-0/+16
| | | | Signed-off-by: leiwei <leiwei@codeaurora.org>
* macsec: Store EAP-Key-Name as eapSessionIdleiwei2019-06-031-0/+16
| | | | Signed-off-by: leiwei <leiwei@codeaurora.org>
* macsec: Note that MKA takes care of EAPOL-MKA processingleiwei2019-06-031-0/+7
| | | | Signed-off-by: leiwei <leiwei@codeaurora.org>
* macsec_qca: Hook QCA driver wrapper for hostapd MACsecleiwei2019-06-031-0/+225
| | | | Signed-off-by: leiwei <leiwei@codeaurora.org>
* macsec: Add configuration parameters for hostapdleiwei2019-06-034-0/+232
| | | | Signed-off-by: leiwei <leiwei@codeaurora.org>
* tests: Fix EAP-FAST protocol testing with older OpenSSL library versionsJouni Malinen2019-06-031-1/+4
| | | | | | | | | | Looks like the previous fix for a newer OpenSSL versions broke functionality with older versions that did not seem to like @SECLEVEL=0 in the cipher list. Make that addition conditional on OpenSSL version to work with both versions. Fixes: e87e6f609bb1 ("tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 client: Ignore generated/copied files in work directoryJouni Malinen2019-06-031-0/+3
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Fix ap-mgmt 'make clean'Jouni Malinen2019-06-031-1/+1
| | | | | | The binary name had not been updated for the new tool. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Fix wpas_ap_async_fail false negative by using common finalizerMasashi Honma2019-06-022-3/+5
| | | | | | | | | | | | | wpas_ap_async_fail fails with this message. --------------- wlan0: Country code not reset back to 00: is FI wlan0: Country code cleared back to 00 --------------- This patch fixes the issue. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* tests: Fix nfc_wps_handover_5ghz false negative by using common finalizerMasashi Honma2019-06-021-6/+2
| | | | | | | | | | | | | nfc_wps_handover_5ghz fails with this message. --------------- wlan0: Country code not reset back to 00: is FI wlan0: Country code cleared back to 00 --------------- This patch fixes the issue. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* tests: Fix dfs_cac_restart_on_enable false negative by using common finalizerMasashi Honma2019-06-021-4/+1
| | | | | | | | | | | | | | | | dfs_cac_restart_on_enable fails with this message. --------------- START dfs_cac_restart_on_enable 1/1 wlan0: Country code not reset back to 00: is FI wlan0: Country code cleared back to 00 FAIL dfs_cac_restart_on_enable 3.037694 2019-05-28 01:35:07.548390 failed tests: dfs_cac_restart_on_enable --------------- This patch fixes the false negative. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* tests: New style fuzzing tool for EAP-AKA peer processingJouni Malinen2019-06-024-0/+166
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tool for EAP-SIM peer processingJouni Malinen2019-06-025-0/+167
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tool for X.509 certificate parsingJouni Malinen2019-06-023-0/+45
| | | | | | This is a newer version of tests/test-x509 tool. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tools for TLS client/serverJouni Malinen2019-06-026-0/+361
| | | | | | These are newer versions of tests/test-tls tool. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Build test for new fuzzer toolsJouni Malinen2019-06-021-0/+19
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tools for EAPOL-Key frame processingJouni Malinen2019-06-026-0/+712
| | | | | | These are newer versions of tests/test-eapol tool. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tool for EAPOL frame processing (supplicant)Jouni Malinen2019-06-025-0/+221
| | | | | | This is a newer version of tests/eapol-fuzzer tool. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tool for ASN.1 parserJouni Malinen2019-06-025-0/+201
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tool for P2P frame processingJouni Malinen2019-06-027-0/+196
| | | | | | This is a newer version of tests/p2p-fuzzer tool. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tool for AP Management frame processingJouni Malinen2019-06-025-0/+201
| | | | | | This is a newer version of tests/ap-mgmt-fuzzer tool. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tool for JSON parserJouni Malinen2019-06-025-0/+60
| | | | | | This is a newer version of tests/test-json tool. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: New style fuzzing tool for wpa_supplicant WNM handlingJouni Malinen2019-06-0211-0/+337
| | | | | | | | This is a newer version of tests/wnm-fuzzer tool as the initial step in creating a more uniform set of fuzzing tools that can be used with both libFuzzer and afl-fuzz. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Fix test-eapol fuzzing toolJouni Malinen2019-06-021-2/+4
| | | | | | Update the tool to use the current API for WPA authenticator functions. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add QCA vendor attributes for configuring Spectral DMA debugShiva Krishna Pittala2019-05-311-0/+10
| | | | | | | | | | | | | Add the following vendor attributes under the enum qca_wlan_vendor_attr_spectral_scan to support the configuration of Spectral DMA debug. 1. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_RING_DEBUG Enable/disable debug of the Spectral DMA ring 2. QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG Enable/disable debug of the Spectral DMA buffers Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Add QCA vendor attributes for agile spectral scanEdayilliam Jayadev2019-05-311-1/+77
| | | | | | | Add QCA vendor attributes to spectral scan related vendor commands to support agile spectral scan. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: EAP-SIM with external GSM auth and anonymous identityJouni Malinen2019-05-311-0/+41
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* EAP-SIM/AKA: Add support for anonymous@realmHai Shalom2019-05-314-4/+29
| | | | | | | | | | | | SIM-based EAP authentication with IMSI encryption requires a special EAP Identity response: anonymous@realm. Then the server sends AKA-Identity request which is answered with the encrypted IMSI. Add logic that indicates if the special anonymous identity is used. Otherwise, this field is used for storing the pseudonym. Test: Connect to Carrier Wi-Fi, verify correct behavior from captures Test: Connect to non IMSI encrypted EAP-AKA AP, verify pseudonym usage Signed-off-by: Hai Shalom <haishalom@google.com>
* SAE: Do not send PMKID to the driver if PMKSA caching is disabledSrinivas Dasari2019-05-311-1/+2
| | | | | | | | | External auth status to the driver includes the PMKID derived as part of SAE authentication, but this is not valid if PMKSA caching is disabled. Drivers might not be expecting PMKID when it is not valid. Do not send the PMKID to the driver in such cases. Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
* SAE: Send external auth failure status to driverSrinivas Dasari2019-05-311-16/+21
| | | | | | | | | | | wpa_supplicant prepares auth commit request as part of the external authentication (first SAE authentication frame), but it fails to get prepared when wpa_supplicant is started without mentioning the SAE password in configuration. Send this failure status to the driver to make it aware that the external authentication has been aborted by wpa_supplicant. Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
* SAE: Fix external_auth status in driver-SME STA case with AP SME supportAshok Kumar2019-05-311-1/+1
| | | | | | | | | | | A driver that uses internal AP SME may need to be able to use the external_auth status operation in station mode, so do not skip this solely based on drv->device_ap_sme; instead, use that condition only when operating in AP mode. Fix external_auth status in non SME case. Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
* P2P: Send Action frame regardless if p2p_scan in progressHu Wang2019-05-312-97/+2
| | | | | | | | | | | | | | | | | With radio work design, send Action frame request will be queued and wait for p2p-scan to finish, so there is no need to delay send_action. This change revisits the logic (added before the radio work framework) in below commits: 3f9285f P2P: Delay send_action call if p2p_scan is in progress f44ae20 P2P: Drop pending TX frame on new p2p_connect 9d562b7 P2P: Add p2p_unauthorize command 63a965c P2P: Fix after_scan_tx processing during ongoing operations 9a58e52 P2PS: Callback to create pending group after sending PD Response 3433721 P2P: Continue p2p_find after sending non-success Invitation Response Signed-off-by: Hu Wang <huw@codeaurora.org>
* P2P: Force p2p-send-action as the next radio work to executeSunil Dutt2019-05-311-1/+1
| | | | | | | | | | | | | | This increases the priority of the p2p-send-action radio work, i.e., the radio work used for transmitting potentially offchannel P2P Action frames by marking it as the next radio work to execute. This is to avoid the delay in transmissions due to already queued offchannel radio work items in the queue. In particular, this means not having to wait for a pending p2p-scan radio work to be executed before the new P2P Action frame can be transmitted. This helps in avoiding timeouts on the peer device when a P2P Action frames is received during other activity on the device. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: Reject p2p-send-action work while other one is pendingSunil Dutt2019-05-311-1/+1
| | | | | | | | | | | | | | | | | The previous implementation rejects the p2p-send-action work while there is already one in progress (wpas_send_action_cb() has already been called for it to start operation). Enhance the same to also consider any p2p-send-action works pending in the radio work (i.e., waiting for that wpas_send_action_cb() call). This is considering the current behaviour of P2P to handle the state corresponding to respective Action frame transmission: pending_action_state. If a new P2P Action frame transmission is queued while there is another one already in the queue, the transmit status of the first frame is wrongly intepreted by the P2P state machine which has already scheduled/queued another frame for transmission. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCE: Use RSSI of actual BSS which rejected associationAnkita Bajaj2019-05-311-6/+13
| | | | | | | | | | | If an AP rejects association due to low RSSI, then RSSI of the BSS from which association reject is received shall be used for calculating RSSI threshold at which STA can try connecting back to that BSS later. In case of SME offload, the current_bss might not have been set before receiving association completion, so fetch the BSS entry based on the BSSID provided in the driver event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>