Use a dynamic HWSimRadio in p2ps_channel_sta_connected_disallow_freq_mcc
to allow MCC test case to be executed in default setting (MCC disabled
for the default radios).
Signed-off-by: Jouni Malinen <j@w1.fi>
Stop the pending P2P_LISTEN operation priot to issuing P2P_GROUP_ADD to
start a GO. This avoids excessively long wait for the previous Listen
step to complete before being able to start the GO. This makes
p2ps_connect_adv_go_persistent take significantly less time.
Signed-off-by: Jouni Malinen <j@w1.fi>
The combination of starting P2P extended listen and issuing
P2P_ASP_PROVISION_RESP almost immediately after that while in P2P_LISTEN
state resulted in caes where the advertiser could end up going back to a
long listen state while trying to retransmit PD Request. This resulted
in p2ps_provision() timing out while waiting for P2PS-PROV-DONE
especially in p2ps_feature_capability_* test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify OCSP stapling response that is signed by the CA rather than a
separate OCSP responder. In addition, verify that invalid signer
certificate (missing OCSP delegation) gets rejected.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a test case verifying deferred P2PS provision discovery when an
advertiser sends the status 11 (Fail: reject by user) in the follow-on
PD Request.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Not doing so may result in a deferred PD flow failure (currently the
hwsim tests succeeded because seeker never stopped find, spending enough
time listening, so the follow-on PD would succeed).
Fix this by calling p2p_ext_listen when the seeker receives a deferred
PD failure event. Cancel extended listening when PD is done and also
stop find when seek is done.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Check that there are no unencrypted frames when using hostapd with VLANs
and WPA before the first station connects to the VLAN.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
These test cases left at least one of the attached monitor sockets
blocking for excessive time: ap_wpa2_eap_aka_ext,
ap_hs20_req_conn_capab_and_roaming_partner_preference,
ap_hs20_min_bandwidth_and_roaming_partner_preference, ap_wpa_ie_parsing.
Signed-off-by: Jouni Malinen <j@w1.fi>
At some point, these hostapd_oom_* test cases started to fail with
wpa_msg() allocation failure for the AP-ENABLED event. This resulted in
unnecessary long test execution (waiting 30 seconds for an event that
was dropped). Speed this up by using a shorter timeout.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case ended up hitting control socket output queue limit
unnecessarily due to the test script not reading pending event messages.
Signed-off-by: Jouni Malinen <j@w1.fi>
Number of test cases did not read all control interface socket events
from the dynamically added wlan5 interface. This could result in hitting
maximum socket TX queue length and failures in the following test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
connect_cmd_roam did not force a new scan to find the second AP. This
could result in failures due to the ROAM command getting rejected, e.g.,
in the following test case sequence: wext_pmksa_cache connect_cmd_roam.
Signed-off-by: Jouni Malinen <j@w1.fi>
Due to a serial number mismatch, the correct "revoked" status was not
used; instead "unknown" was used. While the test case would not fail for
this, incorrect code path was checked.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When the 'SET wpa 2' command is executed last, it seems to somehow
reset parts of the settings, causing hostapd to beacon with the
pairwise cipher suite selector set to 00-0F-AC:0 (none/use-group).
This is not permitted and should be rejected; wpa_supplicant also
cannot connect.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This verifies that ENABLE_NETWORK does not trigger reconnection if
already connected. The previous commit fixed a case where it was
possible for that to happen.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is a regression test case for the issue fixed by the previous
commit (hapd->num_probereq_cb not getting cleared on deinit).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to avoid issues in some cases where 8-bit bytestrings may
be present in the otherwise text debug log.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a Python-based minimal WSC protocol implementation to allow
more testing coverage to be reached for various error cases in protected
attributes. The wps_ext test case completes successful exchange in both
the Enrollee and Registrar roles acting in the middle of AP and STA. The
other test cases cover error cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends ap_wps_pbc_timeout to cover another long WPS timeout:
ER-initiated SetSelectedRegistrar timeout on AP. Using the same test
case for this avoids the need for another 120 second test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like NID_X9_62_prime192v1 is not available, so allow that group
to fail without failing the full ap_wpa2_eap_pwd_groups test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like NID_X9_62_prime192v1 is not available, so allow that group
to fail without failing the full sae_groups test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These test cases added a new radio for the non-FST AP and while they
removed the radio itself, they did not remove the hostapd instance for
that radio. Remove that to avoid leaving behind invalid instances.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies wpa_supplicant behavior in number of cases where the
external program opening a control interface socket does not behave
properly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
ap_open_sta_enable_disable verifies that DISABLE_NETWORK that is issued
while connect/sme-connect radio work is pending is effective, i.e.,
prevents connection to disabled network.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The number of channels was not properly passed from the
run-all.sh script to the start.sh script. Fix it.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add tests verifying a Coordination Protocol Transport exchange and
selection during P2PS provision discovery.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Reuse p2ps_provision() and p2ps_connect_pd() methods, and
remove the previous PD helper functions which are no longer used.
This fixes the previously "broken"
p2ps_connect_keypad_method_nonautoaccept and
p2ps_connect_display_method_nonautoaccept.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Re-factor p2ps_connect_p2ps_method() so it reuses generic P2PS provision
and connection flows.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
When MCC is enabled, the remain of channel scheduling might
incur additional delays, so increase the timeouts to be able
to receive delays frames.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Set peer_group_removed only if peer_group_added has already been set.
This fixes an issue where a propertiesChanged event triggered by an
earlier test case was able to get dbus_p2p_group_termination_by_go
terminated too early. This happened, e.g., with sequence
"dbus_p2p_two_groups dbus_p2p_group_termination_by_go".
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Only run peerJoined() steps once to avoid trying to use GetAll() on an
already removed group and double-removal of a group. This did not make
the test case fail, but the exception is printed out in pretty confusing
way to stdout, so better get rid of it.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Remove the duplicated -ddKt command line argument to avoid setting
hostapd debug level to EXCESSIVE.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On recent kernels, it seems that something changed (scheduler?)
that makes hwsim send the scan done event so quickly that iw isn't
scheduled back in to listen for it, causing iw to get stuck.
Work around this by using the scan trigger command (it'll be quick
enough so that we don't really need to wait) and the scan trigger
and dump commands where the results are required (and use a small
sleep there instead of waiting for the scan results.)
I'll try to fix this separately in iw later.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This verifies P2P extended listen timing operations by confirming that a
peer is not discoverable during the provisioning step and that the peer
becomes discoverable after having removed the group during such
provisioning step. The latter case was broken until the 'P2P: Cancel
group formation when deleting a group during group formation' commit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that Groups list for a P2P Peer gets updated properly on group
addition and removal (three different paths).
Signed-off-by: Jouni Malinen <j@w1.fi>
omac1_aes_128() implementation within crypto_openssl.c is used in this
case and that cannot fail the memory allocation similarly to the
non-FIPS case and aes-omac1.c.
Signed-off-by: Jouni Malinen <j@w1.fi>
OpenSSL rejects the cipher string 'EXPORT' in FIPS mode in a way that
results in the locally generated error showing up before the EAP method
has been accepted.
Signed-off-by: Jouni Malinen <j@w1.fi>
In addition, replace some of the CHAP cases with PAP since that enables
more coverage without breaking the main test focus.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PKCS12 file with default openssl options cannot be used with OpenSSL
1.0.1 in FIPS mode. Replace this with -descert version as a workaround.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to build wpa_supplicant for OpenSSL FIPS mode
testing. wpa_supplicant/.config needs following type of configuration
for this:
CONFIG_FIPS=y
CFLAGS += -I/usr/local/ssl/include
LIBS += -L/usr/local/ssl/lib
CC=/usr/local/ssl/fips-2.0/bin/fipsld
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows driver-based preference list to override default operating
channel selection mechanism by using a non-social P2P find if needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this was assumed to be the case due to default channel
selection behavior. However, that may not be the case with driver-based
preference list processing. Enforce a social channel to be used as the
operating channel here since dev[2] uses social channel only device
discovery and needs to find the GO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The openssl_ciphers="EXPORT" case may result in locally generated
disconnection event if the OpenSSL version used in the build rejects
export ciphers in default configuration (which is what OpenSSL 1.1.0
will likely do). Don't report a test case failure in such a case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add adv_cpt and seeker_cpt parameters to p2ps_provision() function.
The seeker_cpt is used in P2P_ASP_PROVISION command by a seeker, the
adv_cpt parameter is in P2P_ASP_PROVISION_RESP by an advertiser.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add an optional parameter to p2ps_advertise() function allowing to
specify CPT priority values.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add an optional CPT parameter to asp_provision() method of
WpaSupplicant.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add p2ps_connect_pd() helper method which strictly validates the PD
results and establishes the connection between peers accordingly.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add generic provision method. This method receives a seeker and an
advertiser devices, advertisement id, method, and a flag which indicates
whether deferred flow is expected. The method returns P2PS-PROV-DONE
events and the pin (if keypad or display method is used).
This method is needed to simplify the P2PS provision flows in the tests.
This method complies to the P2PS specification regarding the expected
order of the show and display PIN events.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add asp_provision method which issues either P2PS PD Request or, if the
status is provided, continues the deferred flow by sending follow on
PD Request.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
This test case could fail if there were old BSS entries remaining in
cfg80211 scan results. That happened, e.g., when running test cases in
the following sequence: "discovery_social_plus_one discovery_auto".
Signed-off-by: Jouni Malinen <j@w1.fi>
This removes quite a bit of duplicated code. In addition, this starts
using different FST group names to get additional coverage.
Signed-off-by: Jouni Malinen <j@w1.fi>
Without this, the run-tests.py socket could have been left in attached
to receive all hostapd global events during a test case. This could hit
the limit of pending messages on the socket since there is nothing
clearing this socket during the execution of a test case. Fix this by
explicitly closing the socket after having completed the RELOG command.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies FST group dialog_token wrap-around and behavior with large
number of session setups and teardowns.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a test case that goes through session initialization through
separate commands that can be modified more easily for special case. The
first such special case is using special FST Setup Request frames with
non-standard MBIE contents to hit different code paths for finding the
interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
Pass absolute path to the daemonized wpa_cli process and add read
privileges for everyone on the action script to make this test case work
better when run without a VM.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Try to use the special build for --codecov purposes, if present, instead
of hardcoding the hostapd/wpa_supplicant binary to the default location.
This is needed to collect code coverage correctly.
Signed-off-by: Jouni Malinen <j@w1.fi>