This test case adds a new AP device (wlan0_ap) with iw and removes it in
the end. However, the hostapd interface for this netdev was only added,
but not removed at the end of the test case. This could result in
consecutive test cases getting confused with the extra interface, e.g.,
if running WPS configuration steps that get applied to all enabled
interfaces.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Need to wrap back to 0 when changing value 255 to avoid generating a too
large value to fit an octet field. This was resulting in errors due to a
python exception (likely for about every 256th run).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This limits the EAP-SIM and EAP-AKA tests to 100 test frames to avoid
undesired timeouts in automated fuzz testing. The real world uses are
limited to 50 rounds, so there is not really any point in trying with
thousands of frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move from RS to PA country code to allow these test cases to work since
regdb was updated to require DFS for these operating classes in RS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add minimal testing for airtime policy configuration. mac80211_hwsim
does not actually support this functionality, so this is just for
testing coverage of src/ap/airtime_policy.c.
Signed-off-by: Jouni Malinen <j@w1.fi>
Dump pending monitor interface messages between each roaming step to
make the test log easier to understand and hostapd wait for the new
connection more robust by ensuring that the processed event if for the
very last reassociation. It looks like at least ap_ft_vlan_over_ds_many
could fail due to the connectivity check being started before the final
roam had been completed on the AP side even though there was an explicit
hapd2ap.wait_sta() wait before the test.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
APs PMF capabilities can differ. wpa_supplicant should be able to
disable and enable MBO when roaming to and from a misbehaving MBO AP
that doesn't support PMF. Verify that this is indeed happening.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
gcc-10 seems to be inlining eap_eke_prf() and eap_eke_prfplus() which
breaks this test case due to a different backtrace being generated for
triggering the local failures. Point to the functions called by those
instead of these two functions to get this working with both gcc-9 and
gcc-10.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Hide /usr/share/wireshark from hostfs to prevent tshark from loading all
the data from there since that can take significant amount of time and
is not really needed for the test cases. In addition, set HOME to point
to local tmpfs to avoid unnecessary references through hostfs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Even though the STA in this test case does not actually use SAE, it
needs to recognize the "SAE H2E only "BSS membership selector.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to explicitly wait for hostapd to report STA connection before
starting the traffic test to avoid the potential race condition when
testing with UML and time travel mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
These could fail if a scan entry from a previous test case was still
present in the BSS table, e.g., by wpa_supplicant selecting the SSID
from that old entry instead of the new SSID. Try to avoid that by
explicitly flushing the scan results before starting these tests.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to close the WpaSupplicant instance on the extra radio before
returning from this test case since that interface is going to be
removed and WpaSupplicant.__del__() can time out on trying to detach the
monitor connection after that.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make it more difficult to miss issues that were previously only printed
out in /tmp/hwsim-test-logs/*-parallel.log. This covers things like
memory leaks and test script failures or forgotten development time
prints to stdout.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was missing an explicit CAPI ap_reset_default and that
could result in hostapd being left running at the end of the test case.
This could result in issues with following test cases if they used a new
radio interface from HWSimRadio().
Signed-off-by: Jouni Malinen <j@w1.fi>
Raising an exception while the wlan5 interface was remove (i.e., between
wpas.interface_remove() and .interface_add() calls) would result in the
cleanup code failing and generating yet another exception while the
first one was being processed. Work around this by re-adding the wlan5
interface back temporarily if the interface is not available for the
cleanup operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
These commands were being issues to incorrect wpa_supplicant instance
and were missing clearing of the MAC_RAND_SCAN parameter.
Signed-off-by: Jouni Malinen <j@w1.fi>
The iteration of WpaSupplicant instances used incorrect variable and
ended up cleaning up only the wlan5 interface. This left unexpected
setband parameter for wlan0/wlan1/wlan2 which could result in
consecutive test cases failing due to scan not finding the expected
BSSs.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for these test cases to fail if the first scan iteration
did not find the AP since the 10 second timeout was small enough to
terminate the second attempt before fetching the scan results. Increase
this timeout to allow at least two full scan iterations to be completed
before declaring failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases use hidden SSIDs and left behind a BSS entry with no
SSID. That can cause issues for consecutive test cases where the BSSID
can be used as the key for finding a BSS entry. That could end up
picking the old hidden SSID BSS instead of the one that was meant to be
used in the test case.
Flush the scan cache at the end of the scan-ssid-list test cases to
reduce invalid test failures for the consecutive test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PASN_START command can fail if there is an old BSS entry for the
same BSSID from an earlier test case. Try to avoid this by flushing the
scan results before running these test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The isAlive() function is deprecated in newer versions of Python
so replace it with the is_alive() instead.
Signed-off-by: Oren Givon <oren.givon@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The function wpa_config_get_line() is used by the wpa_supplicant config
file parser to retrieve the next non-comment non-blank line. We'll need
the same kind of functionality to implement the file-based external
password backend, so as a preparatory step this commit extracts the
function into its own standalone file in the utils package.
No functional changes are expected from this commit.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Need to clear sae_groups parameter before using SAE in this test case to
avoid issues if previous test cases have left a specific group
configured.
Signed-off-by: Jouni Malinen <j@w1.fi>
This could fail in theory if running out of memory, so better check for
this explicitly instead of allowing the exchange to continue and fail
later due to checkcode mismatch.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add test cases that check preCAC, which is available for EU regulatory
domain. Also confirm that preCAC is not used for US.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Add option to:
- add a new AP on the same phy that the backhaul-sta uses
- run CSA from the parent
Adding a new AP (backhaul/fronthaul) on the same phy we have for
backhaul-sta is closer to the real repeater implementation.
Add a test case for that and run CSA.
This is a common problem when we have on the same phy:
- connected backhaul STA
- we started fronthaul/backhaul AP
- we receive (from parent) CSA on the STA interface
This is multi_ap_wps_shared_apdev_csa test case, which fails today with
both mac80211_hwsim and ath9k. To avoid always failing test cases,
ignore this failure for now. Full validation can be enabled once the
issue behind this is fixed.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Pass the backhaul parameters as a parameter. This is in preparation for
channel switch test for Multi AP.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This test first configure hostapd with an initial SSID
('test-wpa2-psk-start'). Then a new SSID is configured
('test-wpa2-psk-new') using SET and RELOAD. Next, a station is
associated using WPS, and the test verifies that the new SSID was served
to the station.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
cfg80211 may ignore user hints while there are active COUNTRY_IE hints,
thus at some timings it may ignore the country setting back to world
domain. Fix it by making sure the country is set only after all the
interfaces are stopped. In addition, call a more robust
clear_regdom_dev() function.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Test that if notify_mgmt_frames is enabled and a station connects we do
get AP-MGMT-FRAME-RECEIVED, and that it includes an Authentication
frame.
Also test that if notify_mgmt_frames is disabled, no Management frame is
sent on ctrl_iface when a station connects.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
The P2P group may be originally formed on UNII-3, so disabling UNII-1
and UNII-2 will not result in a channel switch failing the test.
Fix this by setting 44 as a preferred channel.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The test configures ft_r0_key_lifetime parameter, however ft_params
already contain the r0_key_lifetime. Since both options are accepted by
hostapd and set the same field, one of them gets overwritten.
As the dictionary enumeration order is not guaranteed in python, the
test may sporadically fail.
Fix that by explicitely removing the unneeded parameter.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Kernel commit 14486c82612a ("rfkill: add a reason to the HW rfkill
state") added an extra byte to the end of the rfkill events and that
confused the read loop here since python tried to buffer the results
from multiple read() calls into the local buffer that then delivered the
extra octets in consecutive events. Fix this by disabling buffering for
these reads.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Python enumerates dictionaries in an arbitrary order, thus the resulting
configuration file will have the parameters shuffled randomly. This may
cause the test to fail when, for example, auth_server_addr is placed
after auth_server_port. Fix this by enforcing some of the fields to be
placed before the others.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Commit 7b121af26a ("P2P: Delay P2P scan when an external scan is in
progress") added a new argument to p2p_scan_res_handled(), but did not
update this test tool. Fix this by using hardcoded value 0 for the new
delay argument.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Now that wpa_supplicant ignores the unexpected association event in
disconnected-not-trying-to-connect state, this test cases needs to be
modified to avoid incorrect failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The function name for adding frequency lists changed, so this test case
needs a matching change to avoid failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was broken in the kernel in mac80211 for a while, until commit
780a8c9efc65 ("mac80211: do not disable HE if HT is missing on 2.4 GHz")
fixed it.
Add a test for wifi generation on 2.4 GHz in addition to the 5 GHz one.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Allow to run local/remote process like:
- ubus listen
- logread -f
- tail -f
- wpa_cli
- hostapd_cli
And next wait for specific event(s).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Sweden now allows channel 149 in the updated wireless-regdb. Choose
Japan for the negative test instead.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Add a test which uses a DFS channel, waits for CAC afterwards successful
mesh join and then triggers a radar event and checks if the mesh comes
up again on the same device.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Update ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg to accept
upcoming change in the parsing validation step that catches the issue.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is in preparation for an implementation change that ends up
contradicting the operations enforced in this test case for mesh coex.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Use typecasting to match the base64_{encode,decode}() function prototype
for signed/unsigned char buffer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Even though these are not part of run-tests, it is simpler to just build
them like all other tests/test-* tools.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
tests/fuzzing/tls-{client,server} replaced this more than a year ago, so
get rid of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
tests/fuzzing/eapol-key-{auth,supp} replaced this more than a year ago,
so get rid of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
tests/fuzzing/eapol-supp replaced this more than a year ago, so get rid
of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
mesh_open_vht_160 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht_80p80 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht20 might fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht40 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_ht40 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_5ghz might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
mesh_secure_ocv_mix_legacy might fail with this message:
---------------
wlan0: Country code not reset back to 00: is AZ
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
If the .config file is already identical, avoid copying it even if -f
was specified; this improves build time if nothing has changed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the build artifacts are now landing in distinct directories, we
don't need to 'make clean' and save some rebuild time.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).
Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.
Note that due to the use of thin archives, this required
building with absolute paths.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This likely passes today (at least without ASAN), but without the next
commit, it trips up a use-after-free bug, which ASAN can catch.
So consider this a regression test.
Signed-off-by: Brian Norris <briannorris@chromium.org>
The blacklist design will be modified in the following commits and that
would result in this validation step based on the older implementation
starting to fail. Remove this check to avoid such testing failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
The file was already outdated again, so rewrite it to ignore
anything but c, h and sh files that start with "test-".
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.
This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.
For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clean up in a more common fashion as well, initially for ../src/.
Also add $(Q) to the clean target in src/
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some things are used by most of the binaries, pull them
into a common rule fragment that we can use properly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Remove this part of the dbus_network test case since it would be causing
failures after wpa_supplicant is modified to accept empty strings
through D-Bus.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is useful to run monitor quickly:
./run-tests.py -t run_monitor -m mon:36,20,36,0:1,20,1,0
In such example we will get one PCAP for 36/20 and 1/20.
After execution, PCAP file is in the log directory, e.g.:
./logs/2019_11_11_13_36_24/run_monitor_mon_wlp3s0_wlp5s0.pcap
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This is mainly for standalone monitor in case we know and would like to
setup specific monitor configuration.
-m monitor:<chan>,<bw>, <cf1>, <cf2>:...
For example:
-m monitor:1,40,3,0
-m e4300:1,40,3,0:11,40,9,0
This also supports monitor with multiple interfaces (one pcap).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Before we have to kill an application we start in the thread - in most
cases using killall and sometimes kill other applicantions, e.g., tcpdump,
iper, iperf3, tshark.
With this patch we are able to stop/kill a single application/thread
instead, based on the pid file.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
In case we are using ssh MUX (which speed up a lot test execution) with
remotehost we could hit cases where ssh will hang up. This depends on
different ssh versions and remotehost implementation.
stderr as a tmpfile fixes this problem.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This is needed to allow the test cases to work on systems using
secpolicy=2 default (e.g., Ubuntu 20.04).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Addition of MSCS support broke the test tool build due to references to
a functions from a new file. Fix this by bringing in that file to the
fuzzer build as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update the SAE-PK implementation to match the changes in the protocol
design:
- allow only Sec values 3 and 5 and encode this as a single bit field
with multiple copies
- add a checksum character
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Instead of overriding the subject field with something arbitrary, use
the value that is included in the CSR now that there is something there.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The parsed 'length' field might pointsbeyond the end of the frame, for
some malformed frames. I haven't figured the source of said packets (I'm
using kernel 4.14.177, FWIW), but we can at least be safer about our
handling of them here.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Instead of checking if the kernel allows modules (via the presence of
/proc/modules), check if mac80211_hwsim is already there and load it
only if not. This gets rid of some ugly prints from modprobe in case
code isn't even a module and cannot be found, etc.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
With python3 bytes are returned for stdout, so need to use b''
strings instead of normal strings. These are just a few places
I ran into, almost certainly more places need it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If we want the test to actually use 160/80+80 we need to explicitly
advertise that we support it ourselves, since the kernel is going to be
a bit more strict about this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clear scan results explicitly in test cases that check BSS entry flags
to avoid incorrect failures based on results from earlier test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Lambda >= 12 is needed with Sec = 2, so drop the shorter password
lengths in the sae_pk and module_wpa_supplicant test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Now that there is a pending mac80211 patch ("mac80211: allow SA-QUERY
processing in userspace") to allow wpa_supplicant to take care of SA
Query Request processing, start enforcing correct behavior for this in
ocv_sa_query and wpa2_ocv_sta_override_sa_query_resp.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the current country code cannot be fetched, do not try to report the
current value in the log since that will result in TypeError exception.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of VHT test cases missed explicit setting of hapd to None before
trying to start hostapd. Add those to avoid unexpected exceptions in
case hostapd start fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a decorator that clears ignore_old_scan_res parameter value instead
of doing this with try/finally in large number of test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a decorator that disables IPv6 and requires running
under a VM, rather than open-coding that many times.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The freqlist parameter uses comma, not space, separated values. Add
another test case for checking freqlist values that do not use the
preferred channel numbers to make sure the frequency list is actually
used as a constraint for selecting the channel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a test for delayed group rekey retransmission that checks that
the IGTK is protected against it by not resetting the IPN replay
counter when reinstalling such a key.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
While adding support for IGTK and BIGTK here, I tested this without
protections (i.e., with protections removed from both wpa_supplicant and
the driver), and while I got some bad resets on the debugfs values, it
should have failed with "unexpected connectivity".
Fix this to be correct - we need to reset the GTK PN, not the PTK PN in
this test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Replace the gtk boolean by a keytype value indicating
GTK or PTK, to be able to extend to other types later.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When run after other tests, It was likely that the target
bss was already present in scan_fail, so the
scan_for_bss() wouldn't trip the allocation failure in
wpa_bss_add(). Flush the scan results before the scan to
ensure wpa_bss_add() is called and consistently pass
scan_fail.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
If sigma_dut is not installed, start_sigma_dut() will
throw an exception. Call start_sigma_dut() inside the
try/except to correctly reset the regulatory domain.
This fixes several seemingly random failures due to
regulatory domain not being reset.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Extend DPP chirping mechanism to allow Reconfig Announcement frames to
be transmitted instead of the Presence Announcement frames. Add a new
wpa_supplicant control interface command "DPP_RECONFIG <network id>" to
initiate reconfiguration for a specific network profile.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The memory allocation in dpp_peer_intro() was moved into a helper
function dpp_check_signed_connector(), so update the test case to match.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case seems to be failing every now and then due to the AP not
getting out the Deauthentication frame after PMKSA expiration if the STA
is in power save mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It looks like this test case was supposed to set power_save off at the
end instead of repeating the same setting twice.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These test cases are using externally generated PMKSA cache entry which
does not support use of PFS. This will start failing if the station
claims to support PFS in such cases, so explicitly disable PFS
functionality in these test cases for now.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Otherwise the test will continue on and fail later due to unexpected
foreign ARP request. The try/except design here did not work properly to
detect this.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Crypto libraries are starting to refuse to accept the old shorter keys,
so move all test certificates and DH to use 2048 bit (or longer) keys.
Signed-off-by: Jouni Malinen <j@w1.fi>
Python 3.8 removed the previously used default of MD5 algorithm, so
provide the explicit digestmod=hashlib.md5 parameter to the couple of
places that were missing it.
Signed-off-by: Jouni Malinen <j@w1.fi>
The ap_beacon_rate_* test cases could end up terminating before the very
first Beacon frame is captured, so wait a bit after the connection to
make sure at least one Beacon frame is going to be in the capture file.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was using sigma_dut to set sae_pwe=2, but that value was
not cleared in the end. This could result in following SAE test cases
failing due to unexpected behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
$(LIBS) got included twice into the linker command line from $^ and
$(LIBS). The former ended up getting converted based on host CPU rather
than target. Fix that by removing duplication and -lcrypto from $(LIBS).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The eloop_register_read_sock() call in i802_init() will be skipped if
the driver supports control port for EAPOL RX, so need to skip this part
of the test case conditionally.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it more convenient to run tests with builds that disable
TKIP/WPA(v1) support completely.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is in preparation for a hostapd implementation change on how to
address the unexpected RSNXE Used field value in FTE during FT
reassociation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify hostapd behavior during FT protocol processing when a STA entry
is still present in the AP and that association has PMF negotiated.
Signed-off-by: Jouni Malinen <j@w1.fi>
Include support for MACsec testing in the (vm) kernel by default.
Don't include support in the example hostapd or wpa_supplicant configs
yet since that would potentially break the build on older distributions
like Ubuntu 16.04, which is supported until April 2021.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Specify the secondary channel offset and correct center_freq1 value to
make the parameters complete for a 40 MHz channel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Include a defconfig for building kernel as UML. Also update the README
with a few notes related to UML.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Make the included kernel-config a little more minimal by checking in the
defconfig instead.
Generate the defconfig by checking out a linux at tag wt-2020-03-17,
copy kernel-config to .config, run
'yes "" | make oldconfig && make savedefconfig',
and copy resulting defconfig to kernel-config.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
If we use user-mode-linux, we have time-travel, and then the --long
argument doesn't really make a difference, so just assume that's the
case.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
bgscan_learn_beacon_loss was failing quite frequently and it looks like
the background scans were related to those failures. Since those scans
are not really relevant to testing beacon loss, get rid of them in these
test cases to avoid incorrect failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previously used normal data TX depends on undefined driver behavior
after all keys have been removed. That may not be available, so do this
more properly with frame injection through a monitor interface.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Stopping the AP from beaconing will also stop it from acknowledging
frames and that resulted in bgscan_learn_beacon_loss failing when
mac80211_hwsim is registering REPORTS_TX_ACK_STATUS. Work around this by
moving to using PMF so that the station ignores the unprotected
deauthentiation frames from the AP and also disabling SA Query. This
allows the AP to be stopped and restarted with large enough Beacon
interval to allow the station to detect beacon loss.
This is identical to the earlier design change for
bgscan_simple_beacon_loss (somehow this bgscan_learn_beacon_loss test
case managed to pass at that time).
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks ike the authentication timeouts may continue a bit longer after
some kernel changes and that could result in temporarily disabling the
network profile. Give this test case more time to complete the
connection to avoid reporting failures unnecessarily.
Signed-off-by: Jouni Malinen <j@w1.fi>
Stopping the AP from beaconing will also stop it from acknowledging
frames and that resulted in bgscan_simple_beacon_loss failing when
mac80211_hwsim is registering REPORTS_TX_ACK_STATUS. Work around this by
moving to using PMF so that the station ignores the unprotected
deauthentiation frames from the AP and also disabling SA Query. This
allows the AP to be stopped and restarted with large enough Beacon
interval to allow the station to detect beacon loss.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like this test case can fail if the STA goes to power save mode
and the Deauthentication frame from the AP after session timeout is not
actually sent at all. Check more details to make it clear that this is
indeed the reason behind the failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
Set device_name in the test cases instead of relying on the
wpa_supplicant configuration file. This fixes problems when we run WPS
test cases in remote test environment.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Add a new command line option -f (--modules) that will run all test
cases from the specified module(s).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Leaving out the special sae_pwe value was causing failures for following
test cases, e.g., in the following sequence:
sigma_dut_sae_pw_id_pwe_loop sae_password_id_only
Signed-off-by: Jouni Malinen <j@w1.fi>
Some test case sequences seemed to prevent the station from completing
the first OBSS scan (that scan was aborted) and that resulted in failing
the test case because the AP had not received any report in time. Wait
for scan completion and allow additional scans before timing out to
avoid indicating incorrect AP behavior in cases where the report was not
even received.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update the fizzing test tools to use the new set_key() prototype, i.e.,
add the new key_flag argument, to get rid of compiler warnings.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit f3bcd69603 ("Remove CONFIG_IEEE80211N build option") broke
couple of fuzzing test tools due to missing wpa_scan_results_free(). Fix
that by pulling in driver_common.o.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update grpform_pbc_overlap not to require PBC session overlap to be
detected since in this sequence a single BSSID is specified and other
APs can be ignored while checking for session overlap. Add other test
cases to explicitly check for the PBC session overlap detection in
non-P2P and P2P cases when the BSSID is specified.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Replace the hardcoded /tmp filenames for generated ACL and BSS
configuration files with proper temporary files from tempfile.mkstemp()
to avoid conflicts with existing files or with parallel uses. Remove ACL
files from the local directory at the end of each test case. BSS files
are currently left behind, but can be cleaned up separately if needed
for non-VM testing (VM testing has those on ramdrive so they get dropped
automatically at the end) and for remote devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
When this test case is ran in remote test environment, there could be
additional APs in scan results after bssid_filter has been disabled.
That breaks the check on SCAN_RESULTS output. Extend this to cover the
remote testing case by using bssid_filter with both known APs listed
instead of full wildcard.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Instead of hardcoded bss-[1-6]*.conf files, generate them using the
correct BSSID for each AP device and send/install them on the remote
client as well if needed.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Generate ACL files instead of using files with hardcoded values for the
STA MAC addresses. Send the generated files also to the remote client if
required.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Some hostapd test cases use configuration files, e.g., ACLs in BSS
configuration. When executing remote tests (udp), we have to first send
these configuration files to the appropriate remote device. The new
send_file() helper can be used for that.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
We could have different ifconfig output formats on the remote devices,
so make the parser more flexible to handle such cases.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This allows more test cases to be run in remote setup. Previously, we
used to block all test cases that required more than two arguments
(i.e., that needed the params argument).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
In case the hwsim wrapper is used in remote tests, show also which
device will be used as
apdev - hostapd
dev - wpa_supplicant
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Kill hostapd and wpa_supplicant based on the configuration parameters.
Previously, we could have killed wrong processes.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Hardcoded CONFIG_IEEE80211N to be included to clean up implementation.
More or less all new devices support IEEE 802.11n (HT) and there is not
much need for being able to remove that functionality from the build.
Included this unconditionally to get rid of one more build options and
to keep things simpler.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_open_sta_ps checks whether a STA told its hardware to enter power
save after enabling power save.
ap_open_ps_mc_buf checks whether an AP properly buffers and releases
multicast frames when a STA with PS active is associated.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
A test may want to check multicast connectivity independent of unicast
or check multicast without exercising unicast first. Factor out the
multicast connectivity check code into its own function.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Explicitly flush cfg80211 scan cache for this test case since the BSS
entry check might fail if there are multiple results for the same BSSID.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new dpp_alloc_auth() function addition changed function call
backtraces for memory allocation failure tests.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new dpp_gen_uri() helper function can be used to build the
bootstrapping URI from locally stored information. This can be used to
make it easier to update the URI, e.g., for NFC negotiated connection
handover cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"finally" handler should not trigger a new exception when trying to
clear state for non-DPP builds. In addition, couple of checks for DPP
capability in the build were missing.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a helper function for this and add checks for number of test cases
that were missing this. This gets rid of undesired FAIL results
(converts them to SKIP) for test runs where the station do not support
SAE.
Signed-off-by: Jouni Malinen <j@w1.fi>
