Now that wpa_supplicant does this internally as a part of the FLUSH
command, there is no need for the test scripts to try to clear the
parameter between test cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test case could fail in some sequences like "sigma_dut_sae
scan_parsing" due to the ignore_old_scan_res parameter accidentally
being left to 1 by the former test case and the simulated scan result
being older than the previous scan trigger. Reduce the age of that scan
entry to make this less likely to happen.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The DPP Enrollee might wait for up to 60 seconds for the configuration,
so use a longer timeout value to be able to cover this negative test
case where the Configurator never sends the response.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This group should not be used with SAE and as such, it could cause
confusing test errors here. Use an acceptable group instead.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
At least for the time being PKEXv2 needs CONFIG_DPP3=y to work in a
testable manner. Couple of the test cases did not cover this correctly
and resulted in failures (instead of skipping the tests) when the
default build configuration was used. Fix that by checking for DPP
version 3.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Before, we could loose some events because of pipe buffering. I saw this
problem when running "ubus listen" or "logread -f" and waiting some
specific events. After disabling buffering this works much better.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This parameter was added with the commit message indicating the valid
reason code values to be 1-5, but with the implementation allowed only
1. There are five defined reason code values for the Association
Disallowed attribute, so extend the allowed range to cover all those
values.
Fixes: fb9a1c3e28 ("hostapd: Add MBO IE to Beacon, Probe Response, Association Response")
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Add the "InterworkingSelect" method to the DBus API to trigger an
Interworking scan with ANQP fetches. When a BSS that matches a
configured credential is found, the result is emitted using the signal
"InterworkingAPAdded". Completion of the full InterworkingSelect
operation is indicated with the "InterworkingSelectDone" signal.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
Add "AddCred", "RemoveCred", and "RemoveAllCreds" methods to the D-Bus
API of the network interface to allow the caller to manipulate a set of
Interworking credentials similarly to the way this was enabled through
the control interface.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When checking DPP capabilities the Brainpool flag was not always set
when needed, leading to run a test with the Brainpool curves not
supported by BoringSSL.
Use a short form for the DER length of EC privateKey with NIST P-521
curve. Indeed BoringSSL returns an error when parsing DER sequence 30 81
50 ... because the length 81 50 could have been encoded as 50 and
according comment in BoringSSL:
ITU-T X.690 section 10.1 (DER length forms) requires encoding the
length with the minimum number of octets.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().
The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Move code of dpp_get_pubkey_point() to a crypto library specific
function crypto_ec_key_get_pubkey_point().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add a common well-known regulatory database to the test VMs during runs
to remove one thing to have correct in the host.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Replaced the word "sanity" with the inclusive word "validity". The
comment in acs_survey_interference_factor() was referring a function
that does not exist, so remove it instead of trying rename the function.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Using __del__ for any kind of cleanup is not a good idea
as it's not guaranteed to be called at any particular time,
it's only called whenever the next garbage collect cycle
kicks in.
Use a context manager instead, which basically removes the
need for the try/finally and fixes the reliance on __del__.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Couple of the PASN test cases did not verify whether the wpa_supplicant
build used in the test included PASN support.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case adds a new AP device (wlan0_ap) with iw and removes it in
the end. However, the hostapd interface for this netdev was only added,
but not removed at the end of the test case. This could result in
consecutive test cases getting confused with the extra interface, e.g.,
if running WPS configuration steps that get applied to all enabled
interfaces.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Need to wrap back to 0 when changing value 255 to avoid generating a too
large value to fit an octet field. This was resulting in errors due to a
python exception (likely for about every 256th run).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This limits the EAP-SIM and EAP-AKA tests to 100 test frames to avoid
undesired timeouts in automated fuzz testing. The real world uses are
limited to 50 rounds, so there is not really any point in trying with
thousands of frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move from RS to PA country code to allow these test cases to work since
regdb was updated to require DFS for these operating classes in RS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add minimal testing for airtime policy configuration. mac80211_hwsim
does not actually support this functionality, so this is just for
testing coverage of src/ap/airtime_policy.c.
Signed-off-by: Jouni Malinen <j@w1.fi>
Dump pending monitor interface messages between each roaming step to
make the test log easier to understand and hostapd wait for the new
connection more robust by ensuring that the processed event if for the
very last reassociation. It looks like at least ap_ft_vlan_over_ds_many
could fail due to the connectivity check being started before the final
roam had been completed on the AP side even though there was an explicit
hapd2ap.wait_sta() wait before the test.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
APs PMF capabilities can differ. wpa_supplicant should be able to
disable and enable MBO when roaming to and from a misbehaving MBO AP
that doesn't support PMF. Verify that this is indeed happening.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
gcc-10 seems to be inlining eap_eke_prf() and eap_eke_prfplus() which
breaks this test case due to a different backtrace being generated for
triggering the local failures. Point to the functions called by those
instead of these two functions to get this working with both gcc-9 and
gcc-10.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Hide /usr/share/wireshark from hostfs to prevent tshark from loading all
the data from there since that can take significant amount of time and
is not really needed for the test cases. In addition, set HOME to point
to local tmpfs to avoid unnecessary references through hostfs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Even though the STA in this test case does not actually use SAE, it
needs to recognize the "SAE H2E only "BSS membership selector.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to explicitly wait for hostapd to report STA connection before
starting the traffic test to avoid the potential race condition when
testing with UML and time travel mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
These could fail if a scan entry from a previous test case was still
present in the BSS table, e.g., by wpa_supplicant selecting the SSID
from that old entry instead of the new SSID. Try to avoid that by
explicitly flushing the scan results before starting these tests.
Signed-off-by: Jouni Malinen <j@w1.fi>