aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mesh: Add variable length MTK supportJouni Malinen2016-06-193-4/+7
| | | | | | | This is needed as a part in enabling support for different pairwise ciphers in mesh. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Coding style cleanup for MTK derivationJouni Malinen2016-06-191-16/+22
| | | | | | | Clean up the mesh_rsn_derive_mtk() function by using proper macros and pointer to the location within the context block. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Fix MTK derivation to use AKM suite selectorJouni Malinen2016-06-181-2/+2
| | | | | | | | | mesh_rsn_derive_mtk() was hardcoded to use GCMP (even though CCMP was hardcoded elsewhere) cipher suite selector instead of the selected AKM suite selector. This resulted in incorrect MTK getting derived. Fix this by used the SAE AKM suite selector in the input to the KDF. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Coding style cleanup for AEK derivationJouni Malinen2016-06-181-5/+14
| | | | | | | Clean up the mesh_rsn_derive_aek() function by using proper macros and pointer to the location within the context block. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Fix AEK derivation to use AKM suite selectorJouni Malinen2016-06-181-2/+2
| | | | | | | | | mesh_rsn_derive_aek() was hardcoded to use GCMP (even though CCMP was hardcoded elsewhere) cipher suite selector instead of the selected AKM suite selector. This resulted in incorrect AEK getting derived. Fix this by used the SAE AKM suite selector in the input to the KDF. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Use ieee80211w profile parameterJouni Malinen2016-06-183-4/+20
| | | | | | | | | This is initial step in fixing issues in how PMF configuration for RSN mesh was handled. PMF is an optional capability for mesh and it needs to be configured consistently in both hostapd structures (to get proper RSNE) and key configuration (not included in this commit). Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Use WPA_NONCE_LEN macroJouni Malinen2016-06-182-14/+14
| | | | | | | No need to use the magic value 32 here since there is a generic define for the RSN-related nonce values. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Secure mesh network connectivity with PMF enabledJouni Malinen2016-06-181-1/+25
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Skip hostapd ACL check for drivers supporting ACL offloadSunil Dutt2016-06-171-2/+9
| | | | | | | | | | | | Commit 0603bcb7fe8babf183362518238c142afe8e2036 ('hostapd: Process MAC ACLs on a station association event (SME in driver)') processes MAC ACL on a station association event for drivers which use AP SME offload but does not consider the scenario where the drivers offload ACL. This can result in station disconnection, though the driver accepts the connection. Address this by avoiding the hostapd ACL check for the drivers offloading MAC ACL. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: More wpa_supplicant/bss.c OOM coverageJouni Malinen2016-06-174-2/+71
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: WPS and wpa_supplicant BSS entry limitJouni Malinen2016-06-171-0/+73
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Fix memory leak with wps_ie in wpa_bss_is_wps_candidate()vamsi krishna2016-06-171-0/+1
| | | | | | | | | Fix possible memory leak in case if WPS is not enabled on the interface for connection. This path was missed in commit fae7b3726035b57a78aa552378fc5d15402b9ec1 ('WPS: Do not expire probable BSSes for WPS connection'). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Make mesh_missing_mic more robustJouni Malinen2016-06-161-0/+3
| | | | | | | | | Check for MESH-PEER-CONNECTED from dev[1] before reporting MGMT-RX timeout errors from dev[0]. This avoids false failures in case the short 0.01 s timeout at the end of the loop was not long enough to catch the message. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Reserve QCA vendor specific nl80211 command 121Sunil Dutt2016-06-161-0/+1
| | | | | | This is reserved for QCA use. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Do not expire probable BSSes for WPS connectionvamsi krishna2016-06-161-1/+43
| | | | | | | | | When the BSS count reaches max_bss_count, the oldest BSS will be removed in order to accommodate a new BSS. Exclude WPS enabled BSSes when going through a WPS connection so that a possible WPS candidate will not be lost. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add a QCA vendor command to configure AP parametersSunil Dutt2016-06-161-1/+21
| | | | | | | | This commit also introduces a new attribute MANDATORY_FREQUENCY_LIST which aims for AP operation in a channel that ensures best concurrency sessions. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add comment about '-i' parameter in hostapd.confTim Kourt2016-06-121-0/+2
| | | | Signed-off-by: Tim Kourt <tim.a.kourt@linux.intel.com>
* hostapd: Accept interface names as a command line parameterTim Kourt2016-06-121-4/+67
| | | | | | | | | | | This introduces an optinal command line parameter '-i' to override the value of the 'interface' attribute in hostapd.conf files. This change enables the reuse of the configuration files for the concurrent instances of hostapd. An ability to dynamically assign the interface names simplifies the usages of hostapd service in the automated emulations of the wireless environments. Signed-off-by: Tim Kourt <tim.a.kourt@linux.intel.com>
* hostapd: Fix early init failure pathJouni Malinen2016-06-122-4/+8
| | | | | | | eloop deinit calls could trigger segmentation fault if the early error path is hit before eloop_init() gets called. Signed-off-by: Jouni Malinen <j@w1.fi>
* FST: Make fst_global_deinit() more robustJouni Malinen2016-06-121-0/+6
| | | | | | | | Verify that fst_global_init() has been called before deinitializing the global FST context. This makes it a bit easier to handle failure paths from initialization. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Add sniffer check to wpas_mesh_max_peeringJouni Malinen2016-06-121-1/+35
| | | | | | | This verifies that the Accepting Additional Mesh Peerings field is being cleared properly when the maximum peer links count is reached. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Sync max peer links with kernelMasashi Honma2016-06-121-2/+1
| | | | | | | | | Set max peer links to kernel even when wpa_supplicant MPM is used. This sets the correct value for the "Accepting Additional Mesh Peerings bit" in "Mesh Capability field" in "Mesh Configuration element" in the Beacon frame. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* tests: Additional coverage in mesh_sae_groups_invalidJouni Malinen2016-06-121-0/+16
| | | | | | | Additional coverage in mesh_rsn_sae_group() with non-zero wpa_s->mesh_rsn->sae_group_index. Signed-off-by: Jouni Malinen <j@w1.fi>
* Update PKCS#11 references in template wpa_supplicant.confDavid Woodhouse2016-06-111-17/+15
| | | | | | | | Ditch the legacy syntax and manual engine mangling and just give an example using simple PKCS#11 URIs that'll work with both GnuTLS and OpenSSL. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
* OpenSSL: Initialise PKCS#11 engine even if found with ENGINE_by_id()David Woodhouse2016-06-111-3/+9
| | | | | | | | | | | | | | Recent versions of engine_pkcs11 are set up to be autoloaded on demand with ENGINE_by_id() because they don't need explicit configuration. But if we *do* want to explicitly configure them with a PKCS#11 module path, we should still do so. We can't tell whether it was already initialised, but it's harmless to repeat the MODULE_PATH command if it was. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Tested-by: Michael Schaller <misch@google.com>
* nl80211: Fix use-after-free in qca_nl80211_get_features()Paul Stewart2016-06-111-2/+7
| | | | | | | | Any data accessible from nla_data() is freed before the send_and_recv_msgs() function returns, therefore we need to allocate space for info.flags ourselves. Signed-off-by: Paul Stewart <pstew@google.com>
* tests: GAS/ANQP query and Address 3 value selectionJouni Malinen2016-06-101-0/+188
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd Make GAS Address3 field selection behavior configurableJouni Malinen2016-06-104-1/+16
| | | | | | | | | gas_address3=1 can now be used to force hostapd to use the IEEE 802.11 standards compliant Address 3 field value (Wildcard BSSID when not associated) even if the GAS request uses non-compliant address (AP BSSID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Fix Public Action frame TX status processing for wildcard BSSIDJouni Malinen2016-06-101-1/+14
| | | | | | | | | | Previously all TX status events with wildcard BSSID were ignored. This did not allow Public Action frame TX status to be processed with the corrected wildcard BSSID use. Fix this to be allowed. In practice, this affects only test cases since Action frame TX status was not used for anything else. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Fix Public Action frame addressing (BSSID field)Jouni Malinen2016-06-103-13/+73
| | | | | | | | | | | | | | | | | | | | | | IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies that the wildcard BSSID value is used in Public Action frames that are transmitted to a STA that is not a member of the same BSS. hostapd used to use the actual BSSID value for all such frames regardless of whether the destination STA is a member of the BSS. Fix this by using the wildcard BSSID in cases the destination STA is not a member of the BSS. Leave group addressed case as-is (i.e., the actual BSSID), since both values are accepted. No such frames are currently used, though. This version is still using the AP BSSID value in the Address 3 field for GAS response frames when replying to a GAS request with AP BSSID instead of Wildcard BSSID. This is left as a workaround to avoid interoperability issues with deployed STA implementations that are still using the non-compliant address and that might be unable to process the standard compliant case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Make GAS Address3 field selection behavior configurableJouni Malinen2016-06-105-1/+32
| | | | | | | | | | | | | | | | | | | | IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies that the wildcard BSSID value is used in Public Action frames that are transmitted to a STA that is not a member of the same BSS. wpa_supplicant used to use the actual BSSID value for all such frames regardless of whether the destination STA is a member of the BSS. P2P does not follow this rule, so P2P Public Action frame construction must not be changed. However, the cases using GAS/ANQP for non-P2P purposes should follow the standard requirements. Unfortunately, there are deployed AP implementations that do not reply to a GAS request sent using the wildcard BSSID value. The previously used behavior (Address3 = AP BSSID even when not associated) continues to be the default, but the IEEE 802.11 standard compliant addressing behavior can now be configured with gas_address3=1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Mesh peering management protocol testingJouni Malinen2016-06-051-0/+86
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Secure mesh network and PMKID mismatchJouni Malinen2016-06-051-0/+72
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Secure mesh network and missing MICJouni Malinen2016-06-041-0/+46
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh and failure to derive random nonceJouni Malinen2016-06-041-0/+10
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Secure mesh network and PMKSA caching failing due to OOMJouni Malinen2016-06-041-0/+43
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh scan element parse errorJouni Malinen2016-06-041-0/+17
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh network setup failing due to driver command failureJouni Malinen2016-06-041-0/+23
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Add TEST_FAIL() to command generation and set_modeJouni Malinen2016-06-041-0/+5
| | | | | | | This makes it easier to test error paths for failing driver command cases. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Remove extra newline from the end of an error messageJouni Malinen2016-06-041-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh and default beacon intervalJouni Malinen2016-06-041-0/+10
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Extend coverage for mesh OOM testingJouni Malinen2016-06-041-8/+28
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Open mesh network on VHT 160 MHz channelJouni Malinen2016-06-041-0/+50
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Allow 160 MHz channel to be configuredJouni Malinen2016-06-041-0/+10
| | | | | | | | This allows minimal testing with 160 MHz channel with country code ZA that happens to be the only one with a non-DFS 160 MHz frequency. DFS with mesh is not yet supported. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Update drv->assoc_freq on mesh joinJouni Malinen2016-06-041-1/+1
| | | | | | This is needed to provide the correct frequency in SIGNAL_POLL command. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh and invalid frequency configurationJouni Malinen2016-06-041-1/+18
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Remove unreachable codeJouni Malinen2016-06-041-7/+1
| | | | | | | ssid->frequency cannot be 0 in wpa_supplicant_mesh_init() since wpas_supplicant_join_mesh() rejects such a configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh and local failuresJouni Malinen2016-06-031-0/+43
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh and local SAE failuresJouni Malinen2016-06-031-0/+35
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Mesh with invalid SAE group configurationJouni Malinen2016-06-031-0/+33
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>