Commit message (Collapse)AuthorAgeFilesLines
* tests: DPP reconfiguration connectorHEADpendingmasterJouni Malinen7 hours1-0/+62
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfigJouni Malinen7 hours3-8/+24
| | | | | | | | | | | If the Enrollee indicates support for DPP R2 or newer, add Connector and C-sign-key in psk/sae credentials (i.e., cases where DPP AKM is not enabled) for reconfiguration. Extend processing of such credentials in wpa_supplicant network profile addition to handle this new case correctly by not setting key_mgmt=DPP based on Connector being present, but by looking at the actual akm value in the config object. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wlantest: Update PTK after rekeying even if EAPOL-Key msg 4/4 is missingJouni Malinen34 hours1-12/+39
| | | | | | | | | Update TPTK to PTK if a valid EAPOL-Key msg 2/4 and 3/4 are available, but 4/4 is missing. This avoids certain cases where the new TK could be derived, but it was not being used to try to decrypt following encrypted frames. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wlantest: Do not report decryption keys when checking only zero TKJouni Malinen34 hours1-2/+4
| | | | | | | | | All the "Failed to decrypt frame" debug prints were confusing since those were not supposed to be shown unless there were one or more real TKs available. The recently added check for zero TK added these notes for that case which is not really correct, so get rid of them. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Clear requirement for QR Code mutual authentication for chirpingJouni Malinen35 hours1-0/+1
| | | | | | | | | | | | | The chirping cases are not really targeting interactive operations, so clear the requirement for mutual authentication when DPP_CHIRP command is used. This avoids testing isues where an earlier DPP_LISTEN command has used qr=mutual parameter and that seting not getting cleared before the next DPP_CHIRP command is used. This fixes a test case failure in the following test sequence: dpp_auth_resp_status_failure dpp_controller_relay_chirp Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Process received WNM Notification Request for beacon protection failuresJouni Malinen36 hours1-1/+31
| | | | | | | Report received notifications for beacon protection failures in syslog and control interface. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Beacon frame protection event for incorrect protectionJouni Malinen36 hours5-0/+61
| | | | | | | | Define a driver interface event for Beacon frame protection failures. Report such events over the control interface and send a WNM-Notification Request frame to the AP as well. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wpa_supplicant: Add HE override supportP Praneesh4 days10-0/+66
| | | | | | | | | | | | Add HE override support under the build parameter CONFIG_HE_OVERRIDES=y. The disable_he=1 network profile parameter can be used to disable HE. This requires a fallback to VHT on the 5 GHz band and to HT on the 2.4 GHz band. There is no nl80211 support for configuring the driver to disable HE, so for now, this applies only to IBSS and mesh cases. Signed-off-by: P Praneesh <ppranees@codeaurora.org>
* hostapd: Validate the country_code parameter valueSriram R4 days1-0/+7
| | | | | | | | | cfg80211/regulatory supports only ISO 3166-1 alpha2 country code and that's what this parameter is supposed to use, so validate the country code input before accepting the value. Only characters A..Z are accepted. Signed-off-by: Sriram R <srirrama@codeaurora.org>
* DPP: Add some more details on how to use DPPJouni Malinen4 days1-27/+36
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix the dpp_configurator_sign example commandJouni Malinen4 days1-1/+1
| | | | | | | The mandatory ssid parameter was forgotten from this command when it was added to the dpp_auth_init examples. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DFS channel switchJouni Malinen4 days1-0/+49
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: DFS for channel switch in repeater modeSergey Matyukevich4 days1-0/+6
| | | | | | | | | In repeater mode remote AP may request channel switch to a new channel. Check if DFS is required for the new channel before proceeding with normal AP operations. Start CAC procedure if radar detection is required and channel is not yet marked as available. Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
* hostapd: Add support for DFS channels in CHAN_SWITCHSergey Matyukevich4 days1-0/+59
| | | | | | | | | | | | Enable support for DFS channels in the CHAN_SWITCH command. Perform CAC instead of CSA if DFS channel is selected. Then restart normal AP operations. Note that the current implementation provides a simplified approach. It does not check if the selected DFS channel block is already in the HOSTAPD_CHAN_DFS_AVAILABLE state. CAC procedure is restarted anyway. Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
* DFS: Add new hostapd_is_dfs_overlap() helperSergey Matyukevich4 days2-0/+55
| | | | | | | | | Add a new hostapd_is_dfs_overlap() helper function to DFS module. This function tells whether the selected frequency range overlaps with DFS channels in the current hostapd configuration. Selected frequency reange is specified by its center frequency and bandwidth. Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
* DFS: Rename and export hostapd_config_dfs_chan_available helperSergey Matyukevich4 days2-2/+3
| | | | | | | | Rename DFS helper hostapd_config_dfs_chan_available() to hostapd_is_dfs_chan_available(). Enable access to this helper function from other hostapd components. Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
* hostapd: Basic channel check for CHAN_SWITCH parametersSergey Matyukevich4 days1-0/+97
| | | | | | | | | Implement channel sanity check for the CHAN_SWITCH command. Verify provided values for bandwidth, frequencies, and secondary channel offset. Reject requested channel switch operation if basic constraints on frequencies and bandwidth are not fulfilled. Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
* tests: Use complete CHAN_SWITCH parameters in ap_vht_csa_vht40_disableJouni Malinen4 days1-1/+1
| | | | | | | Specify the secondary channel offset and correct center_freq1 value to make the parameters complete for a 40 MHz channel. Signed-off-by: Jouni Malinen <j@w1.fi>
* AP: Drop not needed condition to delete PTK ID 1Alexander Wetzel4 days1-1/+1
| | | | Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* tests: Include UML defconfigThomas Pedersen4 days2-5/+150
| | | | | | | Include a defconfig for building kernel as UML. Also update the README with a few notes related to UML. Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
* tests: Convert kernel-config to defconfigThomas Pedersen4 days1-2159/+18
| | | | | | | | | | | | Make the included kernel-config a little more minimal by checking in the defconfig instead. Generate the defconfig by checking out a linux at tag wt-2020-03-17, copy kernel-config to .config, run 'yes "" | make oldconfig && make savedefconfig', and copy resulting defconfig to kernel-config. Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
* DPP2: Fix build with OpenSSL 1.0.2 (EVP_PKEY_get0_EC_KEY() wrapper)Jouni Malinen4 days1-0/+8
| | | | | | | | | EVP_PKEY_get0_EC_KEY() was added in OpenSSL 1.1.0, so add a compatibility wrapper for it when building with OpenSSL 1.0.2. Fixes: c025c2eb5911 ("DPP: DPPEnvelopedData generation for Configurator backup") Fixes: 7d9e3200544c ("DPP: Received Configurator backup processing") Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: Assume --long for UMLJohannes Berg4 days1-0/+3
| | | | | | | | If we use user-mode-linux, we have time-travel, and then the --long argument doesn't really make a difference, so just assume that's the case. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* tests: FT roaming cases with authorized STA entry remainingJouni Malinen4 days1-2/+45
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add a hostapd testing option for skipping association pruningJouni Malinen5 days3-0/+7
| | | | | | | | | | The new skip_prune_assoc=1 parameter can be used to configure hostapd not to prune associations from other BSSs operated by the same process when a station associates with another BSS. This can be helpful in testing roaming cases where association and authorization state is maintained in an AP when the stations returns. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Allow full AP client state capability to be disabledJouni Malinen5 days1-0/+3
| | | | | | | | The new driver param full_ap_client_state=0 can be used to test functionality with the driver capability for full AP client state being forced to be disabled. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_auth: Use printf format %zu instead of type castsJouni Malinen5 days1-18/+16
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_auth: Do not split strings into multiple linesJouni Malinen5 days1-119/+105
| | | | | | | Avoid unnecessary splitting of long string constants into multiple lines. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_auth: Coding style cleanup for pointer is NULL comparisonsJouni Malinen5 days1-65/+66
| | | | | | Use !ptr instead of ptr == NULL. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_auth: Clean up pointer dereferencesJouni Malinen5 days1-74/+74
| | | | | | | Use local variables to avoid sm->wpa_auth->conf type of dereferences where multiple instances within a function can be cleaned up. Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Configure PMKSA lifetime and reauth threshold timer to driverVeerendranath Jakkam5 days8-7/+24
| | | | | | | | | | Drivers that trigger roaming need to know the lifetime and reauth threshold time of configured PMKSA so that they can trigger full authentication to avoid unnecessary disconnection. To support this, send dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold values configured in wpa_supplicant to the driver while configuring a PMKSA. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
* Sync with mac80211-next.git include/uapi/linux/nl80211.hJouni Malinen5 days1-2/+169
| | | | | | This brings in nl80211 definitions as of 2020-02-20. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: DPP PFSJouni Malinen5 days2-1/+62
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Allow station to require or not allow PFSJouni Malinen5 days9-2/+68
| | | | | | | | | | | | | | | | | | | | The new wpa_supplicant network profile parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled (dpp_pfs=2). This is also working around an interoperability issue of DPP R2 STA with certain hostapd builds that included both OWE and DPP functionality. That issue was introduced by commit 09368515d130 ("OWE: Process Diffie-Hellman Parameter element in AP mode") and removed by commit 16a4e931f03e ("OWE: Allow Diffie-Hellman Parameter element to be included with DPP"). hostapd builds between those two commits would reject DPP association attempt with PFS. The new wpa_supplicant default (dpp_pfs=0) behavior is to automatically try to connect again with PFS disabled if that happens. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Allow AP to require or reject PFSJouni Malinen6 days8-1/+41
| | | | | | | | | | The new hostapd configuration parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., allow the station to decide whether to use PFS. PFS use can now be required (dpp_pfs=1) or rejected (dpp_pfs=2). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Return an enum from wpa_validate_wpa_ie()Jouni Malinen6 days4-52/+94
| | | | | | | This is more specific then returning a generic int and also allows the compiler to do more checks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* hostapd: Add HE bit in BSSID Information field of own Neighbor ReportSathishkumar Muruganandam6 days2-1/+4
| | | | | | | Add definition for HE bit in neighbor report BSSID Information field from IEEE P802.11ax/D6.0, Neighbor Report element. Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
* tests: Skip background scans in beacon loss testsJouni Malinen6 days1-2/+3
| | | | | | | | | bgscan_learn_beacon_loss was failing quite frequently and it looks like the background scans were related to those failures. Since those scans are not really relevant to testing beacon loss, get rid of them in these test cases to avoid incorrect failures. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: dpp_controller_rx_failure to match implementation changesJouni Malinen6 days1-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Use a helper function for encapsulating TCP messageJouni Malinen6 days1-104/+37
| | | | | | | This functionality was repeated for multiple different frames. Use a shared helper function to avoid such duplication. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: DPP chirpingJouni Malinen6 days2-6/+156
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Presence Announcement processing in ControllerJouni Malinen6 days1-0/+73
| | | | | | | | Process the received Presence Announcement frames in Controller. If a matching bootstrapping entry for the peer is found, initiate DPP authentication to complete provisioning of the Enrollee. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Presence Announcement processing in AP/RelayJouni Malinen6 days2-2/+78
| | | | | | | | | Process the received Presence Announcement frames in AP/Relay. If a matching bootstrapping entry for the peer is found in a local Configurator, that Configurator is used. Otherwise, the frame is relayed to the first configured Controller (if available). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Presence Announcement processing at ConfiguratorJouni Malinen6 days3-1/+98
| | | | | | | | Process received Presence Announcement frames and initiate Authentication exchange if matching information is available on the Configurator. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Configurator Connectivity indicationJouni Malinen6 days6-0/+45
| | | | | | | | Add a new hostapd configuration parameter dpp_configurator_connectivity=1 to request Configurator connectivity to be advertised for chirping Enrollees. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Chirping in wpa_supplicant EnrolleeJouni Malinen6 days7-0/+307
| | | | | | | | Add a new wpa_supplicant control interface command "DPP_CHIRP own=<BI ID> iter=<count>" to request chirping, i.e., sending of Presence Announcement frames, to be started. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Add a helper function for building Presence Announcement frameJouni Malinen6 days2-23/+50
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: New identifier definitionsJouni Malinen6 days3-0/+16
| | | | | | | Add new identifier definitions for presence announcement, reconfiguration, and certificate enrollment. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Add DPP_BOOTSTRAP_SET commandJouni Malinen6 days4-0/+30
| | | | | | | | "DPP_BOOTSTRAP_SET <ID> <configurator parameters..>" can now be used to set peer specific configurator parameters which will override any global parameters from dpp_configurator_params. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Allow per-peer configurator parameters to be setJouni Malinen6 days2-1/+12
| | | | | | | | | This is a more convenient way of addressing cases where a Configurator/Controller may store a large number of peer bootstrapping information instances and may need to manage different configuration parameters for each peer while operating as the Responder. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>