The new "dpp_pfs=1" entry can be used to determine whether PFS was used
during derivation of PTK when DPP AKM is negotiated for an association.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Check AP's DPP Protocol Version during network introduction and mark the
PMKSA cache as suitable for PFS use with version 2 or newer. This avoids
unnecessary attempt of negotiating PFS with version 1 APs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It is simpler to assign wpa_s->current_ssid to a local pointer now that
there are numerous dereferences of current_ssid within sme_associate().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This can be used to determine whether to try to negotiate PFS (only
available with version 2 or higher).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Otherwise the test will continue on and fail later due to unexpected
foreign ARP request. The try/except design here did not work properly to
detect this.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Crypto libraries are starting to refuse to accept the old shorter keys,
so move all test certificates and DH to use 2048 bit (or longer) keys.
Signed-off-by: Jouni Malinen <j@w1.fi>
Increase the maximum command length from 4 kB to 8 kB mainly to allow
larger certificate blobs to be configured. Use heap memory to avoid
inconveniently large stack requirements. In addition, reject potentially
truncated commands instead of trying to process them.
The maximum length of the request can now be determined with
"GET max_command_len".
Signed-off-by: Jouni Malinen <j@w1.fi>
Python 3.8 removed the previously used default of MD5 algorithm, so
provide the explicit digestmod=hashlib.md5 parameter to the couple of
places that were missing it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Randomize GAS dialog token field, instead of using an incremental
counter with predictable values. This change will make this field
unuseful for user fingerprinting.
Signed-off-by: Hai Shalom <haishalom@google.com>
IEEE 802.11 defines reason codes for indicating 4-way handshake and
group key handshake timeouts. Use those reason codes instead of the more
generic one for these particular cases in the Authenticator state
machine.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The ap_beacon_rate_* test cases could end up terminating before the very
first Beacon frame is captured, so wait a bit after the connection to
make sure at least one Beacon frame is going to be in the capture file.
Signed-off-by: Jouni Malinen <j@w1.fi>
Convert driver indications to internal events to allow invalid Beacon
frames to be reported to the AP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Update frame processing registration for DPP Public Action frames to
include multicast reception when in DPP listen mode and the driver
indicates support for this type of explicit request.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case was using sigma_dut to set sae_pwe=2, but that value was
not cleared in the end. This could result in following SAE test cases
failing due to unexpected behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Documentation of the return values for wpa_parse_vendor_specific() and
wpa_parse_generic() were not accurate and the parsing results from these
were not really handled appropriately. There is no point in calling
wpa_parse_vendor_specific() if wpa_parse_generic() recognizes a KDE. Not
that this would break anything in practice, but still, it looks
confusing.
The part about handling wpa_parse_vendor_specific() return value can, at
least in theory, break some cases where an unexpectedly short KDE/vendor
specific element were present and something would need to be recognized
after it. That does not really happen with any standard compliant
implementation and this is unlikely to cause any real harm, but it is
clearer to handle this more appropriately even for any theoretical case,
including misbehavior of a peer device.
Instead of stopping parsing on too short vendor specific element,
continue parsing the following KDEs/IEs. Skip the
wpa_parse_vendor_specific() call when a KDE has been recognized. Also
fix the return value documentation for wpa_parse_generic() and remove
the useless return value from wpa_parse_vendor_specific().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
