aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tests: Remove parallel-vm.shHEADpendingmasterJouni Malinen6 days1-38/+0
| | | | | | | parallel-vm.py has obsoleted this a long time ago and there is no need to maintain two scripts for doing more or less the same thing. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Add dfs_etsi to the long_tests listJouni Malinen6 days1-1/+2
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* HS 2.0: Fix PMF-in-use check for ANQP Venue URL processingJouni Malinen6 days3-2/+3
| | | | | | | | | | | | | | The previous implementation did not check that we are associated with the sender of the GAS response before checking for PMF status. This could have accepted Venue URL when not in associated state. Fix this by explicitly checking for association with the responder first. This fixes an issue that was detected, e.g., with these hwsim test case sequences: gas_anqp_venue_url_pmf gas_anqp_venue_url gas_prot_vs_not_prot gas_anqp_venue_url Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Hotspot 2.0 connection attempt without PMFJouni Malinen6 days1-0/+24
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Enable PMF automatically for Hotspot 2.0 network profilesJouni Malinen6 days1-0/+1
| | | | | | | Hotspot 2.0 Release 2 requires PMF to be negotiated, so enable this by default in the network profiles created from cred blocks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Reject Hotspot 2.0 Rel 2 or newer association without PMFJouni Malinen6 days1-1/+11
| | | | | | Hotspot 2.0 Rel 2 requires PMF to be enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Fix ap_hs20_deauth_req_without_pmfJouni Malinen6 days1-1/+7
| | | | | | | | Now that hostapd starts mandating PMF for Hotspot 2.0 Release 2 association, this test case needs some more tweaks to work. Hardcode Hotspot 2.0 Release 1 to be used and disable PMF explicitly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Fix ap_hs20_ft with PMF enabledJouni Malinen6 days1-5/+7
| | | | | | | | The Beacon loss event was not reported anymore, so remove that as an unnecessary step in the test case. In addition, check the key_mgmt values explicitly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Enable PMF in ap_hs20_unexpected configurationJouni Malinen6 days1-0/+2
| | | | | | | This is needed to meet the Hotspot 2.0 Release 2 requirement for the third station that is actually using RSN. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Enable PMF in ap_hs20_external_selection network profileJouni Malinen6 days1-0/+1
| | | | | | This is required for Hotspot 2.0 Release 2. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Allocate enough buffer for HS 2.0 Indication element for scanJouni Malinen6 days1-1/+1
| | | | | | | The HS 2.0 Indication element can be up to 9 octets in length, so add two more octets to the minimum extra_ie buffer size for scanning. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Hotspot 2.0 release number indicationJouni Malinen6 days1-1/+23
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Update Hotspot 2.0 release number expectation to 3Jouni Malinen6 days1-4/+4
| | | | | | | Match the implementation change to fix the test cases that verified a specific Hotspot 2.0 release number indication. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Update supported release number to 3Jouni Malinen6 days1-1/+1
| | | | | | | Release 3 functionality is included, so start advertising support for that release. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: As a STA, do not indicate release number greater than the APJouni Malinen6 days5-6/+32
| | | | | | | | | | Hotspot 2.0 tech spec mandates mobile device to not indicate a release number that is greater than the release number advertised by the AP. Add this constraint to the HS 2.0 Indication element when adding this into (Re)Association Request frame. The element in the Probe Request frame continues to show the station's latest supported release number. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Allow Hotspot 2.0 release number to be configuredJouni Malinen6 days5-8/+25
| | | | | | | | | The new hostapd configuration parameter hs20_release can be used to configure the AP to advertise a specific Hotspot 2.0 release number instead of the latest supported release. This is mainly for testing purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FILS: Do not process FILS HLP request again while previous one is pendingJouni Malinen7 days2-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | It is better not to process a new (most likely repeated) FILS HLP request if a station retransmits (Re)Association Request frame before the previous HLP response has either been received or timed out. The previous implementation ended up doing this and also ended up rescheduling the fils_hlp_timeout timer in a manner that prevented the initial timeout from being reached if the STA continued retransmitting the frame. This could result in failed association due to a timeout on the station side. Make this more robust by processing (and relaying to the server) the HLP request once and then ignoring any new HLP request while the response for the relayed request is still pending. The new (Re)Association Request frames are otherwise processed, but they do not result in actual state change on the AP side before the HLP process from the first pending request is completed. This fixes hwsim test case fils_sk_hlp_oom failures with unmodified mac80211 implementation (i.e., with a relatively short retransmission timeout for (Re)Association Request frame). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* hostapd: Update HE Capabilities and Operation element definitionPeng Xu7 days1-20/+15
| | | | | | | Update HE Capabilities/Operation element definition based on IEEE P802.11ax/D3.0. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Move send_probe_response parameter to BSS specific itemsJouni Malinen7 days4-4/+6
| | | | | | This can be more convenient for testing Multiple BSSID functionality. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Define spectral scaling parameters as QCA vendor specific attributesEdayilliam Jayadev10 days1-0/+35
| | | | | | | Add spectral scaling parameters as vendor attributes to the QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CAP_INFO vendor subcommand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Connect to WPS AP with NFC connection handover (local failure)Jouni Malinen10 days1-0/+25
| | | | | | | This is a regression test case for a potential NULL pointer dereferencing fixed in the previous commit. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS NFC: Fix potential NULL pointer dereference on an error pathYu Ouyang10 days1-1/+2
| | | | | | | | | | | | | The NFC connection handover specific case of WPS public key generation did not verify whether the two wpabuf_dup() calls succeed. Those may return NULL due to an allocation failure and that would result in a NULL pointer dereference in dh5_init_fixed(). Fix this by checking memory allocation results explicitly. If either of the allocations fail, do not try to initialize wps->dh_ctx and instead, report the failure through the existing error case handler below. Signed-off-by: Jouni Malinen <jouni@codeaurora.org
* HS 2.0 server: Fix couple of memory leaksJouni Malinen10 days1-1/+7
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Client certificate reenrollmentJouni Malinen10 days3-16/+197
| | | | | | | This adds support for the SPP server to request certificate reenrollment and for the EST server to support the simplereenroll version. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Document client certificate related Apache configurationJouni Malinen11 days1-0/+5
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Clear remediation requirement for certificate credentialsJouni Malinen11 days1-2/+48
| | | | | | | | | Previous implementation updated user database only for username/password credentials. While client certificates do not need the updated password to be written, they do need the remediation requirement to be cleared, so fix that. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Do not set phase2=1 for certificate-based usersJouni Malinen11 days1-10/+7
| | | | | | | These are not really using Phase 2, so use more appropriate configuration when going through online signup for client certificates. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0 server: Include phase2=0 users for TLS in the user listJouni Malinen11 days1-1/+1
| | | | | | | EAP-TLS users are not really using phase2, so do not require the database to be set in a way that claim that inaccurately. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* EAP-TLS server: Update user information based on serial numberJouni Malinen11 days1-0/+19
| | | | | | | | | This allows EAP user database entries for "cert-<serial number>" to be used for client certificate based parameters when using EAP-TLS. This commit addresses only the full authentication case and TLS session resumption is not yet covered. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* VLAN: Warn about interface name truncationJouni Malinen11 days1-11/+29
| | | | | | | Add more snprintf checks to make it clearer if some of the ifname constructions would end up being too long. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=yJouni Malinen11 days1-2/+0
| | | | | | | | | remove_ie() was defined within an ifdef CONFIG_FILS block while it is now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition there. Fixes 8c41734e5de1 ("FT: Fix Reassociation Request IEs during FT protocol") Signed-off-by: Jouni Malinen <j@w1.fi>
* The master branch is now used for v2.8 developmentJouni Malinen12 days1-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Update version to v2.7 and copyright years to include 2018hostap_2_7Jouni Malinen12 days20-21/+146
| | | | | | | Also add the ChangeLog entries for both hostapd and wpa_supplicant to describe main changes between v2.6 and v2.7. Signed-off-by: Jouni Malinen <j@w1.fi>
* Uncomment CONFIG_LIBNL32=y in defconfigJouni Malinen12 days2-2/+2
| | | | | | | | libnl 3.2 release is much more likely to be used nowadays than the versions using the older API, so uncomment this in wpa_supplicant and hostapd defconfig. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Opportunistic Wireless Encryption association rejection handlingJouni Malinen12 days1-0/+38
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: Try another group only on association rejection with status 77Ashok Kumar12 days3-2/+11
| | | | | | | | | Do not change the OWE group if association is rejected for any other reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid unnecessary latency in cases where the APs reject association, e.g., for load balancing reasons. Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
* OWE: Fix association rejection behaviorJouni Malinen12 days2-3/+8
| | | | | | | | | | | If association failed for any non-OWE specific reason, the previous implementation tried to add the OWE related IEs into the (Re)Association Response frame. This is not needed and could actually result in dereferencing a NULL pointer. Fix this by adding those OWE related IEs only for successful association and only if the RSN state machine has been initialized. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Debug print TX queue parameter values and resultJouni Malinen12 days1-1/+6
| | | | | | | | | | | | Some mac80211_hwsim test cases have failed with mysterious sequence where mac80211 has claimed the parameters are invalid ("wlan3: invalid CW_min/CW_max: 9484/40"). Those values look strange since they are not from hostapd configuration or default values.. hostapd is seeing TX queue parameter set failing for queues 0, 1, and 3 (but not 2) for these cases. Add debug prints to hostapd to get more details on what exactly is happening if such error cases can be reproduced. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP network addition failureJouni Malinen12 days1-0/+46
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP and continue listen stateJouni Malinen12 days1-0/+29
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Remove unused wpas_dpp_remain_on_channel_cb()Jouni Malinen12 days2-25/+0
| | | | | | This function was apparently never used at all. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP_BOOTSTRAP_GEN/REMOVE/GET_URI/INFO error casesJouni Malinen12 days1-0/+51
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP and unknown configurator idJouni Malinen12 days1-0/+19
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP and PKEX with local failure in processing Commit Reveal ReqJouni Malinen12 days1-0/+33
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP and PKEX with local failure in processing Exchange RespJouni Malinen12 days1-0/+32
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP and PKEX with mismatching curve (local failure)Jouni Malinen12 days1-0/+45
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP PKEX identifier combinationsJouni Malinen12 days1-3/+39
| | | | | | Check behavior with valid and invalid identifier combinations. Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP: Do not reply to PKEX request with identifier if no local identifierJouni Malinen12 days1-18/+31
| | | | | | | | | | | The reverse case (local identifier configured but no identifier received) was already covered, but PKEX is not going to complete successfully if there is any difference in identifier configuration, so ignore this other case as well. This avoids unnecessary responses to PKEX requests with identifier from a device that is ready for PKEX in general, but not for that particular request. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: SAE and password identifier with FFCJouni Malinen12 days1-3/+18
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP peer introduction local failuresJouni Malinen13 days1-39/+126
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>