Commit Graph

15666 Commits

Author SHA1 Message Date
Mathy
c6a9274d4d fragattack: detect ath9k_htc for injection workaround 2020-03-27 12:49:33 -04:00
Mathy
e3fc1987a0 Let AP force reconnects of clients and confirmed Linux attack test 2020-03-25 09:53:38 -04:00
Mathy
656f5c7dbf fragattack: let client reconnect after obtaining an IP address 2020-03-24 08:52:31 -04:00
Mathy
e45726762e fragattack: track libwifi remote 2020-03-13 07:38:42 -04:00
Mathy
6ee241187f fragattack: can now use test cases to specify tests easily 2020-03-13 06:49:58 -04:00
Mathy
0e59343a22 fragattack: add GET_GTK and return key index as well 2020-03-13 06:49:09 -04:00
Mathy
c5659bf2b3 fragattack: consistent wpa_ctrl msg on client connect 2020-03-13 06:46:28 -04:00
Mathy
0296fc4f61 fragattack: ability to send QoS frames 2020-03-10 09:43:46 -04:00
Mathy
1af41d333e fragattack: only start after receiving DHCP request 2020-03-08 08:03:56 -04:00
Mathy
92d08ce6a8 fragattack: script to turn hardware encryption on or off 2020-03-07 21:10:55 -05:00
Mathy
6afbfcd108 fragattack: major rewrite to support both client and AP testing 2020-03-07 21:10:26 -05:00
Mathy
091ea84e50 fragattack: configuration for hostapd 2020-03-07 21:09:56 -05:00
Mathy
b61251c7eb fragattack: add connecting event to hostapd ctrl 2020-03-07 21:09:24 -05:00
Mathy
5fa03b70a7 fragattack: add GET_TK command to hostapd 2020-03-07 21:09:03 -05:00
Mathy
7b0205062e fragattack: refactored code 2020-03-04 06:36:52 -05:00
Mathy
20b60570ca fragattack: netbsd force fragment experiments 2020-03-01 19:03:08 -05:00
Mathy
db708054df fragattack: ath9k_htc firmware to preserve sequence numbers 2020-03-01 04:56:26 -05:00
Mathy
91fefc3856 fragattack: tests and results on forcing frame fragmentation 2020-02-29 15:56:41 -05:00
Mathy
ef4a66fe56 fragattack: script to inject encrypted fragmented frames 2020-02-27 07:07:19 -05:00
Mathy
0df030a726 fragattack: configuration files and scripts 2020-02-27 07:06:53 -05:00
Mathy
79eadfbc39 fragattack: make TK available over control interface 2020-02-27 07:05:08 -05:00
Thomas Pedersen
1c67a07603 tests: Add basic power saving tests for ap_open
ap_open_sta_ps checks whether a STA told its hardware to enter power
save after enabling power save.

ap_open_ps_mc_buf checks whether an AP properly buffers and releases
multicast frames when a STA with PS active is associated.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-02-15 18:36:29 +02:00
Thomas Pedersen
1d9d6c2432 tests: Factor out multicast connectivity check
A test may want to check multicast connectivity independent of unicast
or check multicast without exercising unicast first. Factor out the
multicast connectivity check code into its own function.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
2020-02-15 18:36:29 +02:00
Jouni Malinen
b056275111 Fix exception checking in a wpa_supplicant P2P example script
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 18:36:29 +02:00
Jouni Malinen
91cce45226 tests: Fix exception generation in persistent_group_per_sta_psk
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 18:36:29 +02:00
Jouni Malinen
7e7e32f7e6 tests: Fix a typo in raising an exception
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 18:36:29 +02:00
Jouni Malinen
afd10e880b tests: Require wps=1 tag in ap_wps_per_station_psk
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 18:36:27 +02:00
Jouni Malinen
2bab073dfe WPS: Add new PSK entries with wps=1 tag
Now that hostapd wpa_psk_file has a new tag for identifying PSKs that
can be used with WPS, add that tag to new entries for PSKs from WPS.
This makes it clearer where the PSK came from and in addition, this
allows the same PSK to be assigned if the same Enrollee goes through WPS
provisioning again.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:37:27 +02:00
Jouni Malinen
68e9b8cb16 tests: Prepare ap_wps_per_station_psk for the new wps=1 tag in PSK file
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:37:27 +02:00
Tomasz Jankowski
fde8e79463 WPS: Make it possible to use PSKs loaded from the PSK file
By default, when configuration file set wpa_psk_file, hostapd generated
a random PSK for each Enrollee provisioned using WPS and appended that
PSK to wpa_psk_file.

Changes that behavior by adding a new step. WPS will first try to use a
PSK from wpa_psk_file. It will only try PSKs with wps=1 tag.
Additionally it'll try to match enrollee's MAC address (if provided). If
it fails to find an appropriate PSK, it falls back to generating a new
PSK.

Signed-off-by: Tomasz Jankowski <tomasz.jankowski@plume.com>
2020-02-15 17:28:00 +02:00
Jouni Malinen
b1977a652d WPS: Use PMK_LEN instead of hardcoded 32
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:27:52 +02:00
Jouni Malinen
b27ed050db Do not split strings into multiple lines
Convert hostapd_config_read_wpa_psk() to the newer style of not
splitting strings into multiple lines.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:12:45 +02:00
Jouni Malinen
838180877f Use PMK_LEN macro instead of hardcoded value 64 (= 2 * 32)
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:11:18 +02:00
Jouni Malinen
f5da5810c9 Check pbkdf2_sha1() result when generating PSK from PSK file
This function can fail in theory, so check the return value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-15 17:10:08 +02:00
Sergey Matyukevich
e7d8842e6b OWE: Rename owe_assoc_req_process() parameter reason to status
In the function owe_assoc_req_process(), values assigned to the reason
argument imply that it should be renamed to status. Rename 'reason' to
'status' and modify the uses of owe_assoc_req_process() accordingly.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2020-02-15 16:46:32 +02:00
Clemens Famulla-Conrad
0aeda4da1b doc: Describe Set properties of fi.w1.wpa_supplicant1.Network
The current description of Properties of fi.wq.wpa_supplicant1.Network
only apply when retrieving these.
If you need to use the method=Set, then the types should be in the same
format as with function AddNetwork().

Signed-off-by: Clemens Famulla-Conrad <cfamullaconrad@suse.de>
2020-02-15 16:36:51 +02:00
Sunil Dutt
877d9a02b0 Additional get_sta_info attrs for Beacon/Probe Response/disconnect reasons
This commit adds new attributes for getting the Probe Response frame
IEs, Beacon frame IEs and the disconnection reason codes through
get_sta_info vendor command.

The host driver shall give this driver specific reason code through
the disconnection reason code attribute
QCA_WLAN_VENDOR_ATTR_GET_STA_DRIVER_DISCONNECT_REASON.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-13 18:47:50 +02:00
Sachin Ahuja
8162d98f2e Introduce QCA_NL80211_VENDOR_SUBCMD_DRIVER_DISCONNECT_REASON
This acts as an event from the host driver to the user space to notify
the driver specific reason for a disconnection. The host driver
initiates the disconnection for various scenarios (beacon miss, Tx
Failures, gateway unreachability, etc.) and the reason codes from
cfg80211_disconnected() do not carry these driver specific reason codes.
Host drivers should trigger this event immediately prior to triggering
cfg80211_disconnected() to allow the user space to correlate the driver
specific reason code with the disconnect indication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-13 18:47:48 +02:00
Sunil Dutt
32551066b8 Introduce QCA_NL80211_VENDOR_SUBCMD_UPDATE_STA_INFO
This acts as a vendor event and is used to update the information
of a station from the driver to userspace.

Add an attribute for the driver to update the channels scanned in
the last connect/roam attempt.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-13 18:46:39 +02:00
Vamsi Krishna
dae85e655c P2P: Increase number of channels per operating class
Some of the operating classes added in the 6 GHz band have a larger
number of channels included in them (e.g., operating class 131 has 59
channels). Increase the maximum number of channels per operating class
so that all channels will get populated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-12 23:17:24 +02:00
Vamsi Krishna
75d0ec4702 P2P: Fix a possible buffer overflow in struct p2p_reg_class
Avoid adding more than P2P_MAX_REG_CLASSES operating classes or
P2P_MAX_REG_CLASS_CHANNELS channels while populating P2P channels. The
current limits on the operating classes or channels per operating class
could be hit in some case (mainly, with 6 GHz, but in theory, with a
2.4/5/60 GHz capable device as well).

If the local driver advertised a larger number of supported operarting
classes or channels per operating class, the construction of the struct
p2p_reg_class instances could have resulted in writing beyond the end of
the buffer and ending up corrupting memory around the struct p2p_config.
This could result in unexpected behavior in some other operations that
used corrupted memory, e.g., generation of a P2P Channel List failing
(with validation code stopping the process to avoid writing beyond the
end of the message buffer) due to not having sufficient buffer space for
the corrupted data.

This issue is triggered only based on information from the local driver
(mainly based on addition of support for 6 GHz band operating classes),
so the issue cannot be triggered based on received frames or any other
remote information.

The issue was introduced by commit d7c2c5c98c ("AP: Add initial
support for 6 GHz band") which added the operating class 131 which has
sufficiently large number of channels to go beyond the
P2P_MAX_REG_CLASS_CHANNELS limit.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-12 23:17:24 +02:00
Sunil Dutt
5551317834 Introduce QCA_WLAN_VENDOR_ATTR_BEACON_REPORT_FAIL
This attribute aims to configure the STA to send the Beacon Report
Response with failure reason for the scenarios where the Beacon Report
Request cannot be handled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-12 21:19:37 +02:00
Jouni Malinen
dd900637b2 tests: Make gas_anqp_extra_elements more robust
Explicitly flush cfg80211 scan cache for this test case since the BSS
entry check might fail if there are multiple results for the same BSSID.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 07:54:47 +02:00
Jouni Malinen
c304bddcf9 DPP: Stop Action frame sequence on DPP_STOP_LISTEN and PKEX failure
Previously it was possible for the PKEX/DPP exchange to terminate with
an error and the ongoing Action frame TX/RX offchannel operation not
getting terminated. This could leave the driver waiting on offchannel
until timeout and failing following operations before that timeout
happens. Fix this by explicitly stopping the Action frame sequence in
the driver in the previously missed cases.

This fixes a case that was showing up with the following test sequence
every now and then:
dpp_qr_code_chan_list_unicast dpp_pkex_test_fail dpp_enrollee_reject_config

dpp_pkex_test_fail was adding a large number of pending offchannel
operations and dpp_enrollee_reject_config could fail if those pending
operations were blocking new remain-on-channel or offchannel TX
operation for a sufficiently long time.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 07:09:47 +02:00
Jouni Malinen
d299756e3e tests: DPP QR Code and enrollee initiating with netrole specified
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 06:43:02 +02:00
Jouni Malinen
de08fae66a DPP: Do not require dpp_configurator_params to start with a space
This ugly hack for being able to search for optional arguments with
space before them was quite inconvenient and unexpected. Clean this up
by handling this mess internally with a memory allocation and string
duplication if needed so that the users of wpa_supplicant control
interface do not need to care about such details.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 06:43:02 +02:00
Jouni Malinen
c7cc80fbc8 DPP: Reset DPP_AUTH_INIT netrole back to STA by default
Previously DPP_AUTH_INIT command update wpa_s->dpp_netrole only if the
netrole parameter was included. This could leave AP or configurator
network in place for the next DPP_AUTH_INIT command. This would be
unexpected behavior, so reset wpa_s->dpp_netrole back to the
DPP_NETROLE_STA default if no explicit netrole parameter is included.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 06:33:24 +02:00
Jouni Malinen
ef39ac497e tests: wifi_generation on 2.4 GHz with subset of VHT
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 05:19:16 +02:00
Veerendranath Jakkam
adf3de44ca Add check to consider band in enabling connection_vht flag
connection_vht flag was set to true when both Association Request and
Response frame IEs have VHT capability. Thus all devices that have
support for the vendor specific partial VHT support in the 2.4 GHz band
were also being reported as VHT capable. However, IEEE Std 802.11ac-2013
defines VHT STA to operate in frequency bands below 6 GHz excluding the
2.4 GHz band.

Do not set connection_vht when the operating band is 2.4 GHz. This
avoids reporting wifi_generation 5 on the 2.4 GHz band and reserves the
generation value 5 for full VHT as defined in the IEEE 802.11 standard.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2020-02-11 05:19:16 +02:00
Vamsi Krishna
490d90db40 Define macro BIT() in qca_vendor.h
As qca_vendor.h alone can be included by other applications, define
macro BIT() in qca_vendor.h itself if not yet defined, e.g., by
including utils/common.h before qca_vendor.h.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-11 04:59:38 +02:00