Commit graph

6065 commits

Author SHA1 Message Date
Jouni Malinen
369f9c20ee tests: Validate EAP-GPSK cipher suite negotiation
This covers all currently supported algorithms and the case of no match.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
c4b8c71ba4 EAP-GPSK: Report CSuite negotiation failure properly
Setting methodState = DONE for the case where GPSK-1 is found to be
invalid or incompatible allows EAP state machine to proceed to FAILURE
state instead of remaining stuck until AP times out the connection.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
5a0f596b7b EAP-GPSK: Allow forced algorithm selection to be configured
phase1 parameter 'cipher' can now be used to specify which algorithm
proposal is selected, e.g., with phase1="cipher=1" selecting AES-based
design and cipher=2 SHA256-based. This is mainly for testing purposes,
but can also be used to enforce stronger algorithms to be used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
5f01c3c84a EAP peer: Improve failure reporting from METHOD with no eapRespData
One of the RFC 4137 state transitions (METHOD -> FAILURE) had been
forgotten and this could result in EAP peer method processing not
reporting failure immediately and instead, remain stuck waiting for the
connection to time out. Fix this by adding the methodState == DONE &&
decision == FAIL case to allow immediate reporting of failures.

The condition from RFC 4137 as-is would cause problems for number of the
existing EAP method implementations since they use that in places where
the final message before EAP-Failure should really be sent to the EAP
server (e.g., WSC_Done in EAP-WSC). Address this by includng eapRespData
== NULL as an additional constraint for entering FAILURE state directly
from METHOD.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
7271ee8769 Fix EAP-GPSK server compilation for SHA256 cipher suite
Need to use common EAP_GPSK_SHA256 define for this instead of the
server-specific EAP_SERVER_GPSK_SHA256 which was not really used
anywhere.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
324c99296a tests: Document the unique index needed for the tests table
This is needed for "INSERT OR REPLACE INTO tests" to work correctly with
run-tests.py -L.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
aa5fcc558b tests: Show missing descriptions in more helpful format
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
82fa9b62ff tests: Add forgotten test_wifi_display description
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
2f37a66dda tests: Optimize Interworking test cases with single-channel scans
Leave couple of cases to use full scan for better test coverage, but
change all other places to use a single channel scan with
INTERWORKING_SELECT to reduce the time it takes to execute the tests.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
fce6ddd8d0 tests: Avoid unnecessary wlantest failures
It is possible that wlantest has not yet created the BSS entry in all
cases, so interpret failures (no BSS entry being the most likely cause)
as zero counters. Similarly, ignore clear_bss_counters errors since they
are most likely reporting that the BSS was not found and as such, there
was no need to clear the counters anyway.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
356d1488c4 Interworking: Add optional freq argument to INTERWORKING_SELECT
This can be used to limit which channels are scanned using the specified
list of frequency ranges in the same format that the SCAN command uses.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
a09ffd5f2f Fix req_scan-deplete-timeout and update eloop API for this
Commit e2f5a9889a was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.

Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
bce774ad63 tests: Use ctrl_iface event for EAP reauth instead of STATUS poll
This speeds up the EAP test cases a bit by avoiding polling for
wpa_supplicant status.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
710f96fd8c tests: Remove unnecessary reset() steps
The FLUSH command clears disallow_aps, p2p_disabled, and
p2p_per_sta_psk, so there is no need to clear them separately.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
083916c022 P2P: Clear p2p_disabled and p2p_per_sta_psk on FLUSH command
The control interface FLUSH command now includes clearing of
"P2P_SET disabled 1" and "P2P_SET per_sta_psk 1".

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
3f45fc403f P2P: Clear services on FLUSH command
The control interface FLUSH command now includes the step executed by
the P2P_SERVICE_FLUSH command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
36408936f8 tests: Optimize wait_event()
Replace the fixed 100 ms waits with a select()-based wait and timeout
for full wait based on monotonic time to optimize wait_event().

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
606110e647 wpaspy: Add optional timeout argument for pending()
This can be used to wait for up to the specified limit on new event
messages.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
adf277a007 tests: Minor clean up for GAS test cases
Do not run a full scan in gas_generic since this is not really needed.
Dump pending event messages after long wait to make logs clearer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
d45e417f7b tests: Clean up hostapd ctrl_iface debug logging
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
1d646f5ee1 tests: Write debug logs into the database for failed test cases
This makes it easier to build a web page for analyzing failures without
having to fetch the log files themselves from the test server.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
26b846672c tests: Radio work items
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
1f965e622a Allow external programs to request wpa_radio work items
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
e766f56643 tests: Verify behavior during externally triggered scan
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6428d0a71f Do not start wpa_radio work during externally triggered scan
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
7c0d8645a1 tests: Verify cfg80211 connect API with concurrent operation
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
6470f471e4 Remove unneeded scan delay on connection-in-progress
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
4bb232153f Remove unneeded GAS query delay on connection-in-progress
This type of protection against concurrent connection and offchannel GAS
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
6ac4b15ef8 Use wpa_radio work for connection
This protects against conflicting offchannel operations during
connection (authentication, association, EAP exchanges, 4-way
handshake).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
b9e6d7001d Use radio work for GAS requests
Avoid concurrent GAS operations with any other exclusive use of the
radio by using the radio work queuing mechanism. This replaces some of
the earlier constraints on concurrent operations with the more generic
wpa_radio work concept.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e05e130837 P2P: Use radio work to protect offchannel Action frame exchanges
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e1d1c8e223 Use radio work for P2P Listen requests
Avoid concurrent P2P Listen operations with any other exclusive use of
the radio by using the radio work queuing mechanism. This removes some
of the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 09:45:32 +02:00
Jouni Malinen
1b5d4714dd Use radio work for P2P scan requests
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:39:25 +02:00
Jouni Malinen
d12a51b5d2 Use radio work for scan requests
Avoid concurrent scan requests by using the radio work queuing
mechanism.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:50 +02:00
Jouni Malinen
b1ae396f59 Add framework for exclusive radio operations
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:03 +02:00
Jouni Malinen
dd43aaa509 Add helper functions for cloning and freeing scan parameters
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:35:52 +02:00
Jouni Malinen
06f9acce18 Ignore externally triggered scan results with scan_res_handler
wpa_s->scan_res_handler is set only for cases where a scan operation is
requested for a specific purpose. As such, this callback should only be
called when a scan result from a scan that was triggered by
wpa_supplicant is processed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:34:17 +02:00
Jouni Malinen
c9b5559737 Clean up ctrl_iface debug prints for monitor events
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:34:09 +02:00
Jouni Malinen
d31b5ac778 Use cleaner debug print for ctrl_iface commands with private info
Convert this to a text string instead of ASCII hexdump to make the
debug log more convenient to use.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:33:50 +02:00
Jouni Malinen
9595151f3f Remove duplicated RX ctrl_iface hexdump
The newer wpa_dbg() print includes the same information in a more
convenient form, so remove the duplicate RX ctrl_iface hexdump in the
cases where there is no key material in the control interface commands
(the possible-key-material case is still using wpa_hexdump_ascii_key).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:33:18 +02:00
Jouni Malinen
6be79541ad tests: Fix unit test linking after reltime changes
librt needs to be linked in with older glibc versions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:33:10 +02:00
Jouni Malinen
d7a99700de tests: Clean up and optimize gas_concurrent_scan and _connect
No need to run a full scan as the first step since it only needs to find
the AP from a known channel for the GAS operation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:33:06 +02:00
Jouni Malinen
ad36d27d6a tests: Remove ignore_old_scan_res workaround
Now that wpa_supplicant requests the driver (cfg80211) to clear its scan
cache automatically after each BSS_FLUSH/FLUSH command, the previously
used ignore_old_scan_res workaround should not be needed for the hwsim
test cases anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-03 08:59:59 +02:00
Jouni Malinen
9b850799c1 Fix scan-cache-clearing operation to avoid unnecessary cases
wpa_drv_scan() success case was supposed to clear
wpa_s->clear_driver_scan_cache, not params->only_new_results (which
would do nothing here).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-03 08:55:51 +02:00
Jouni Malinen
2f30cac36f Avoid unnecessary key clearing operations
Track set_key operations per-key index and clear keys on disconnection
only if the key was set (or may have been set which is the case for the
first operation after wpa_supplicant start).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:49:38 +02:00
Jouni Malinen
466bcf99c3 Remove some unnecessary EAPOL port (un)authorized callbacks
If the port status did not change or would not need to get an update
after portEnabled changes, there is no need to try to set the driver to
use the same value it is already using based on the previous state.
Remove such calls to reduce number of operations during reassociation.
In addition, this cleans up the debug log by removing unnecessary
duplicated entries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:49:38 +02:00
Jouni Malinen
949938aadf Ask driver to report only new scan results if requested
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).

In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:03:31 +02:00
Jouni Malinen
a1a31b6c3f Remove hostapd dump_file functionality
This debugging mechanism has now been deprecated by the control
interface commands that can be used to fetch same internal information
from hostapd in a more convenient way. Leave the empty USR1 signal
handler and configuration file parameter for backwards compatibility.
They can be removed in future versions of hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 18:15:07 +02:00
Jouni Malinen
5dec879d5b tests: Verify STA command output and EAPOL state
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 18:10:30 +02:00
Jouni Malinen
ea23df652a Make EAPOL dump data available through ctrl_iface STA command
The per-STA/Supplicant state information from the EAPOL authenticator
is now available through "STA <MAC Address> eapol" command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 17:49:48 +02:00