The DPP Enrollee might wait for up to 60 seconds for the configuration,
so use a longer timeout value to be able to cover this negative test
case where the Configurator never sends the response.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This group should not be used with SAE and as such, it could cause
confusing test errors here. Use an acceptable group instead.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
At least for the time being PKEXv2 needs CONFIG_DPP3=y to work in a
testable manner. Couple of the test cases did not cover this correctly
and resulted in failures (instead of skipping the tests) when the
default build configuration was used. Fix that by checking for DPP
version 3.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Before, we could loose some events because of pipe buffering. I saw this
problem when running "ubus listen" or "logread -f" and waiting some
specific events. After disabling buffering this works much better.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This parameter was added with the commit message indicating the valid
reason code values to be 1-5, but with the implementation allowed only
1. There are five defined reason code values for the Association
Disallowed attribute, so extend the allowed range to cover all those
values.
Fixes: fb9a1c3e28 ("hostapd: Add MBO IE to Beacon, Probe Response, Association Response")
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Add the "InterworkingSelect" method to the DBus API to trigger an
Interworking scan with ANQP fetches. When a BSS that matches a
configured credential is found, the result is emitted using the signal
"InterworkingAPAdded". Completion of the full InterworkingSelect
operation is indicated with the "InterworkingSelectDone" signal.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
Add "AddCred", "RemoveCred", and "RemoveAllCreds" methods to the D-Bus
API of the network interface to allow the caller to manipulate a set of
Interworking credentials similarly to the way this was enabled through
the control interface.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When checking DPP capabilities the Brainpool flag was not always set
when needed, leading to run a test with the Brainpool curves not
supported by BoringSSL.
Use a short form for the DER length of EC privateKey with NIST P-521
curve. Indeed BoringSSL returns an error when parsing DER sequence 30 81
50 ... because the length 81 50 could have been encoded as 50 and
according comment in BoringSSL:
ITU-T X.690 section 10.1 (DER length forms) requires encoding the
length with the minimum number of octets.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().
The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Move code of dpp_get_pubkey_point() to a crypto library specific
function crypto_ec_key_get_pubkey_point().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add a common well-known regulatory database to the test VMs during runs
to remove one thing to have correct in the host.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Replaced the word "sanity" with the inclusive word "validity". The
comment in acs_survey_interference_factor() was referring a function
that does not exist, so remove it instead of trying rename the function.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Using __del__ for any kind of cleanup is not a good idea
as it's not guaranteed to be called at any particular time,
it's only called whenever the next garbage collect cycle
kicks in.
Use a context manager instead, which basically removes the
need for the try/finally and fixes the reliance on __del__.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Couple of the PASN test cases did not verify whether the wpa_supplicant
build used in the test included PASN support.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case adds a new AP device (wlan0_ap) with iw and removes it in
the end. However, the hostapd interface for this netdev was only added,
but not removed at the end of the test case. This could result in
consecutive test cases getting confused with the extra interface, e.g.,
if running WPS configuration steps that get applied to all enabled
interfaces.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Need to wrap back to 0 when changing value 255 to avoid generating a too
large value to fit an octet field. This was resulting in errors due to a
python exception (likely for about every 256th run).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move from RS to PA country code to allow these test cases to work since
regdb was updated to require DFS for these operating classes in RS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add minimal testing for airtime policy configuration. mac80211_hwsim
does not actually support this functionality, so this is just for
testing coverage of src/ap/airtime_policy.c.
Signed-off-by: Jouni Malinen <j@w1.fi>
Dump pending monitor interface messages between each roaming step to
make the test log easier to understand and hostapd wait for the new
connection more robust by ensuring that the processed event if for the
very last reassociation. It looks like at least ap_ft_vlan_over_ds_many
could fail due to the connectivity check being started before the final
roam had been completed on the AP side even though there was an explicit
hapd2ap.wait_sta() wait before the test.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
APs PMF capabilities can differ. wpa_supplicant should be able to
disable and enable MBO when roaming to and from a misbehaving MBO AP
that doesn't support PMF. Verify that this is indeed happening.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
gcc-10 seems to be inlining eap_eke_prf() and eap_eke_prfplus() which
breaks this test case due to a different backtrace being generated for
triggering the local failures. Point to the functions called by those
instead of these two functions to get this working with both gcc-9 and
gcc-10.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Hide /usr/share/wireshark from hostfs to prevent tshark from loading all
the data from there since that can take significant amount of time and
is not really needed for the test cases. In addition, set HOME to point
to local tmpfs to avoid unnecessary references through hostfs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Even though the STA in this test case does not actually use SAE, it
needs to recognize the "SAE H2E only "BSS membership selector.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to explicitly wait for hostapd to report STA connection before
starting the traffic test to avoid the potential race condition when
testing with UML and time travel mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
These could fail if a scan entry from a previous test case was still
present in the BSS table, e.g., by wpa_supplicant selecting the SSID
from that old entry instead of the new SSID. Try to avoid that by
explicitly flushing the scan results before starting these tests.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to close the WpaSupplicant instance on the extra radio before
returning from this test case since that interface is going to be
removed and WpaSupplicant.__del__() can time out on trying to detach the
monitor connection after that.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make it more difficult to miss issues that were previously only printed
out in /tmp/hwsim-test-logs/*-parallel.log. This covers things like
memory leaks and test script failures or forgotten development time
prints to stdout.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was missing an explicit CAPI ap_reset_default and that
could result in hostapd being left running at the end of the test case.
This could result in issues with following test cases if they used a new
radio interface from HWSimRadio().
Signed-off-by: Jouni Malinen <j@w1.fi>
Raising an exception while the wlan5 interface was remove (i.e., between
wpas.interface_remove() and .interface_add() calls) would result in the
cleanup code failing and generating yet another exception while the
first one was being processed. Work around this by re-adding the wlan5
interface back temporarily if the interface is not available for the
cleanup operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
These commands were being issues to incorrect wpa_supplicant instance
and were missing clearing of the MAC_RAND_SCAN parameter.
Signed-off-by: Jouni Malinen <j@w1.fi>
The iteration of WpaSupplicant instances used incorrect variable and
ended up cleaning up only the wlan5 interface. This left unexpected
setband parameter for wlan0/wlan1/wlan2 which could result in
consecutive test cases failing due to scan not finding the expected
BSSs.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for these test cases to fail if the first scan iteration
did not find the AP since the 10 second timeout was small enough to
terminate the second attempt before fetching the scan results. Increase
this timeout to allow at least two full scan iterations to be completed
before declaring failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases use hidden SSIDs and left behind a BSS entry with no
SSID. That can cause issues for consecutive test cases where the BSSID
can be used as the key for finding a BSS entry. That could end up
picking the old hidden SSID BSS instead of the one that was meant to be
used in the test case.
Flush the scan cache at the end of the scan-ssid-list test cases to
reduce invalid test failures for the consecutive test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PASN_START command can fail if there is an old BSS entry for the
same BSSID from an earlier test case. Try to avoid this by flushing the
scan results before running these test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The isAlive() function is deprecated in newer versions of Python
so replace it with the is_alive() instead.
Signed-off-by: Oren Givon <oren.givon@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Need to clear sae_groups parameter before using SAE in this test case to
avoid issues if previous test cases have left a specific group
configured.
Signed-off-by: Jouni Malinen <j@w1.fi>
This could fail in theory if running out of memory, so better check for
this explicitly instead of allowing the exchange to continue and fail
later due to checkcode mismatch.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add test cases that check preCAC, which is available for EU regulatory
domain. Also confirm that preCAC is not used for US.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Add option to:
- add a new AP on the same phy that the backhaul-sta uses
- run CSA from the parent
Adding a new AP (backhaul/fronthaul) on the same phy we have for
backhaul-sta is closer to the real repeater implementation.
Add a test case for that and run CSA.
This is a common problem when we have on the same phy:
- connected backhaul STA
- we started fronthaul/backhaul AP
- we receive (from parent) CSA on the STA interface
This is multi_ap_wps_shared_apdev_csa test case, which fails today with
both mac80211_hwsim and ath9k. To avoid always failing test cases,
ignore this failure for now. Full validation can be enabled once the
issue behind this is fixed.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Pass the backhaul parameters as a parameter. This is in preparation for
channel switch test for Multi AP.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This test first configure hostapd with an initial SSID
('test-wpa2-psk-start'). Then a new SSID is configured
('test-wpa2-psk-new') using SET and RELOAD. Next, a station is
associated using WPS, and the test verifies that the new SSID was served
to the station.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
cfg80211 may ignore user hints while there are active COUNTRY_IE hints,
thus at some timings it may ignore the country setting back to world
domain. Fix it by making sure the country is set only after all the
interfaces are stopped. In addition, call a more robust
clear_regdom_dev() function.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Test that if notify_mgmt_frames is enabled and a station connects we do
get AP-MGMT-FRAME-RECEIVED, and that it includes an Authentication
frame.
Also test that if notify_mgmt_frames is disabled, no Management frame is
sent on ctrl_iface when a station connects.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
The P2P group may be originally formed on UNII-3, so disabling UNII-1
and UNII-2 will not result in a channel switch failing the test.
Fix this by setting 44 as a preferred channel.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The test configures ft_r0_key_lifetime parameter, however ft_params
already contain the r0_key_lifetime. Since both options are accepted by
hostapd and set the same field, one of them gets overwritten.
As the dictionary enumeration order is not guaranteed in python, the
test may sporadically fail.
Fix that by explicitely removing the unneeded parameter.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Kernel commit 14486c82612a ("rfkill: add a reason to the HW rfkill
state") added an extra byte to the end of the rfkill events and that
confused the read loop here since python tried to buffer the results
from multiple read() calls into the local buffer that then delivered the
extra octets in consecutive events. Fix this by disabling buffering for
these reads.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Python enumerates dictionaries in an arbitrary order, thus the resulting
configuration file will have the parameters shuffled randomly. This may
cause the test to fail when, for example, auth_server_addr is placed
after auth_server_port. Fix this by enforcing some of the fields to be
placed before the others.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Now that wpa_supplicant ignores the unexpected association event in
disconnected-not-trying-to-connect state, this test cases needs to be
modified to avoid incorrect failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The function name for adding frequency lists changed, so this test case
needs a matching change to avoid failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was broken in the kernel in mac80211 for a while, until commit
780a8c9efc65 ("mac80211: do not disable HE if HT is missing on 2.4 GHz")
fixed it.
Add a test for wifi generation on 2.4 GHz in addition to the 5 GHz one.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Allow to run local/remote process like:
- ubus listen
- logread -f
- tail -f
- wpa_cli
- hostapd_cli
And next wait for specific event(s).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Sweden now allows channel 149 in the updated wireless-regdb. Choose
Japan for the negative test instead.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Add a test which uses a DFS channel, waits for CAC afterwards successful
mesh join and then triggers a radar event and checks if the mesh comes
up again on the same device.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Update ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg to accept
upcoming change in the parsing validation step that catches the issue.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is in preparation for an implementation change that ends up
contradicting the operations enforced in this test case for mesh coex.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
mesh_open_vht_160 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht_80p80 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht20 might fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht40 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_ht40 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_5ghz might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
mesh_secure_ocv_mix_legacy might fail with this message:
---------------
wlan0: Country code not reset back to 00: is AZ
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
If the .config file is already identical, avoid copying it even if -f
was specified; this improves build time if nothing has changed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the build artifacts are now landing in distinct directories, we
don't need to 'make clean' and save some rebuild time.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This likely passes today (at least without ASAN), but without the next
commit, it trips up a use-after-free bug, which ASAN can catch.
So consider this a regression test.
Signed-off-by: Brian Norris <briannorris@chromium.org>
The blacklist design will be modified in the following commits and that
would result in this validation step based on the older implementation
starting to fail. Remove this check to avoid such testing failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
Remove this part of the dbus_network test case since it would be causing
failures after wpa_supplicant is modified to accept empty strings
through D-Bus.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is mainly for standalone monitor in case we know and would like to
setup specific monitor configuration.
-m monitor:<chan>,<bw>, <cf1>, <cf2>:...
For example:
-m monitor:1,40,3,0
-m e4300:1,40,3,0:11,40,9,0
This also supports monitor with multiple interfaces (one pcap).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Before we have to kill an application we start in the thread - in most
cases using killall and sometimes kill other applicantions, e.g., tcpdump,
iper, iperf3, tshark.
With this patch we are able to stop/kill a single application/thread
instead, based on the pid file.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
In case we are using ssh MUX (which speed up a lot test execution) with
remotehost we could hit cases where ssh will hang up. This depends on
different ssh versions and remotehost implementation.
stderr as a tmpfile fixes this problem.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This is needed to allow the test cases to work on systems using
secpolicy=2 default (e.g., Ubuntu 20.04).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Update the SAE-PK implementation to match the changes in the protocol
design:
- allow only Sec values 3 and 5 and encode this as a single bit field
with multiple copies
- add a checksum character
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Instead of overriding the subject field with something arbitrary, use
the value that is included in the CSR now that there is something there.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The parsed 'length' field might pointsbeyond the end of the frame, for
some malformed frames. I haven't figured the source of said packets (I'm
using kernel 4.14.177, FWIW), but we can at least be safer about our
handling of them here.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Instead of checking if the kernel allows modules (via the presence of
/proc/modules), check if mac80211_hwsim is already there and load it
only if not. This gets rid of some ugly prints from modprobe in case
code isn't even a module and cannot be found, etc.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
With python3 bytes are returned for stdout, so need to use b''
strings instead of normal strings. These are just a few places
I ran into, almost certainly more places need it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If we want the test to actually use 160/80+80 we need to explicitly
advertise that we support it ourselves, since the kernel is going to be
a bit more strict about this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clear scan results explicitly in test cases that check BSS entry flags
to avoid incorrect failures based on results from earlier test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Lambda >= 12 is needed with Sec = 2, so drop the shorter password
lengths in the sae_pk and module_wpa_supplicant test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Now that there is a pending mac80211 patch ("mac80211: allow SA-QUERY
processing in userspace") to allow wpa_supplicant to take care of SA
Query Request processing, start enforcing correct behavior for this in
ocv_sa_query and wpa2_ocv_sta_override_sa_query_resp.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the current country code cannot be fetched, do not try to report the
current value in the log since that will result in TypeError exception.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of VHT test cases missed explicit setting of hapd to None before
trying to start hostapd. Add those to avoid unexpected exceptions in
case hostapd start fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a decorator that clears ignore_old_scan_res parameter value instead
of doing this with try/finally in large number of test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a decorator that disables IPv6 and requires running
under a VM, rather than open-coding that many times.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The freqlist parameter uses comma, not space, separated values. Add
another test case for checking freqlist values that do not use the
preferred channel numbers to make sure the frequency list is actually
used as a constraint for selecting the channel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a test for delayed group rekey retransmission that checks that
the IGTK is protected against it by not resetting the IPN replay
counter when reinstalling such a key.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
While adding support for IGTK and BIGTK here, I tested this without
protections (i.e., with protections removed from both wpa_supplicant and
the driver), and while I got some bad resets on the debugfs values, it
should have failed with "unexpected connectivity".
Fix this to be correct - we need to reset the GTK PN, not the PTK PN in
this test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Replace the gtk boolean by a keytype value indicating
GTK or PTK, to be able to extend to other types later.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When run after other tests, It was likely that the target
bss was already present in scan_fail, so the
scan_for_bss() wouldn't trip the allocation failure in
wpa_bss_add(). Flush the scan results before the scan to
ensure wpa_bss_add() is called and consistently pass
scan_fail.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
If sigma_dut is not installed, start_sigma_dut() will
throw an exception. Call start_sigma_dut() inside the
try/except to correctly reset the regulatory domain.
This fixes several seemingly random failures due to
regulatory domain not being reset.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>