We wait for the PASN auth to complete on the wpas side, but there's no
indication of this on the AP side. So if scheduling ordering is bad, we
can ask the AP for the PTKSA cache before it even received the frame
from the kernel and created the PTKSA entry.
To fix this, try this a few times, to see if it becomes available.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clients could connect in a different order depending on
timing differences, don't check for the order here.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
check_beacon_req() will request from hostapd to request a beacon
report from the STA, but that only works if it already knows about
the STA. Due to scheduling issues, it may not know even if wpa_s
reports it has successfully connected, so also wait for the STA to
show up in hostapd before check_beacon_req().
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since DPP listen is a radio work, it doesn't start immediately and
then we can end up missing whatever happens next in the test. Wait
for the radio work to start before continuing the test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
hostapd now has support for SAE in MLD cases, so there is no need to
maintain this exception that allowed the test case to pass even if the
connection failed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The first MGMT-TX-STATUS event might be for the initial broadcast
Deauthentication frame instead of the SAE Authentication frame. Skip the
first event and try to process TX status for the first Authentication
frame instead.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This extends testing coverage to detect an issue that was fixed in
commit bf9cbb462f ("Fix writing of BIGTK in FT protocol").
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Changing sae_pwe and leaving the modified value for the following test
cases can result in failures.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The last update of the wireless-regdb database to the wireless-regdb.git
version of 2023-02-13 in commit c4034a69fe ("tests: Update regulatory
database to VMs") forgot to update regulatory.db.p7s. Update it as well.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This adds more production-like testing coverage for KDK derivation. Both
SAE and OWE transition mode are covered. The latter has some corner
cases that did not work correctly previously.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
At least some of the previous versions have expired, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
In theory, each device that supports WMM (or the IEEE 802.11 QoS for
that matter) is expected to advertise how many replay counters it
supports and the peer device is supposed to use that information to
restrict the total number of different MSDU priorities (AC/UP) that
might be used. In practice, this is not really done in deployed devices
and instead, it is just assumed that everyone supports the eight
different replay counters so that there is no need to restrict which
MSDU priorities can be used.
hostapd implementation of WMM has advertised support for 16 PTKSA replay
counters from the beginning while wpa_supplicant has not had any code
for setting the supported replay counter fields in RSNE, i.e., has left
the value to 0 which implies that only a single replay counter is
supported. While this does not really result in any real issues with
deployed devices, this is not really correct behavior based on the
current IEEE 802.11 standard and the WMM specification.
Update wpa_supplicant to use similar design to the hostapd RSNE
generation by setting the number of supported PTKSA replay counters to
16 whenever WMM is enabled. For now, this is done based on the
association being for HT/VHT/HE/EHT and also based on the AP supporting
WMM since it is much more likely for the local device to support WMM and
eight replay counters (which can be indicated only with the value that
implies support for 16 counters since there is no separate value for 8).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When an in interface is added dynamically to hostapd with
HWSimRadio, it's not removed during device reset.
This requires to manually remove it, otherwise subsequent tests may
fail. Better do it during device reset.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
It was apparently possible for the test script to fetch the
PTKSA_CACHE_LIST information from hostapd before the PASN message 3 had
been processed since only the event from wpa_supplicant related to
sending of that frame was explicitly waited for. Add a small wait to try
to avoid this race condition with UML time-travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Some of the test cases can use dpp-ca.py symlink to sigma-dut.git. That
symlink is not in the repository, so ignore it explicitly in git status.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Make sure hostapd has had time to complete 4-way handshake processing
before initiating reauthentication from wpa_supplicant. There is a small
window for race condition here when testing with UML and time travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is a regression test for a NULL pointer dereferencing from commit
d8d2b3a338 ("Implement read-only mode for SSIDs from the additional
config (-I)") .
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid failures caused by previous test cases having
left behind constraints on the allowed groups.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>