Commit graph

6280 commits

Author SHA1 Message Date
Jouni Malinen
fa0ddb1484 tests: MSCHAPv2 password as hash value
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
e745c811ef tests: Verify EAP vendor test
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
d0ce105068 tests: Verify EAP-PEAP/EAP-TLS
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
f10ba3b2fc tests: Negative test cases with incorrect EAP password
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
188ebcd07b EAP-IKEv2 peer: Fix a memory leak in notify round
The plaintext notification needs to be freed after encryption.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
a190189d22 Remove PEAPv2 support
PEAPv2 implementation was not fully completed and there does not seem to
be any deployments of PEAPv2 nor any clear sign of such showing up in
the future either. As such, there is not much point in maintaining this
implementation in hostapd/wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
6daf5b9c1c tests: Add more EAP fragmentation tests
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
16a19ddae8 EAP-pwd peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-pwd fragmentation limit instead of always using the
hardcoded value of 1020.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
60bf585cce EAP-IKEv2 peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-IKEv2 fragmentation limit instead of always using the
hardcoded value of 1400.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
40759604f6 tests: Interactive identity/password query for EAP
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
ea6fc58ccf WPS: Convert printf() debug print to use wpa_printf()
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
8674c02244 tests: Allow multiple Enrollee events in ap_wps_er_add_enrollee_pbc
It was possible for the AP to report two enrollees in this test case
(i.e., both the expected wlan1 device and also the ER device on wlan0).
The previous test script would fail if the wlan0 device is reported
first. Fix this by allowed the expected target to be found in either the
first or the second WPS-ER-ENROLLEE-ADD event.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
d4b21766e5 tests: Force p2p_find in p2p_service_discovery_fragmentation
It was possible for this test case to fail if P2P_FLUSH was issued
during a search scan and that scan adding back the peer. Avoid this by
forcing p2p_find to be started regardless of the current P2P peer table
contents for each round of service discovery.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
cb33ee143b tests: Make WPA2-Enterprise reauth test cases more robust
With the extra latencies removed from run-tests.py operations, it was
possible to hit race conditions in pairwise cipher configuration at the
end of the 4-way handshake. In some cases, the EAPOL-Start frame from
the station was not received by the AP and that could result in these
test cases failing. Since there are not really trying to test the race
condition, wait for the AP side to complete key configuration prior to
initiating the reauthentication sequence.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
0c35b91c5f tests: Cleaner error processing for threads
When a thread is used to follow P2P group formation progress, it is
better to return a clear failure indication from the thread instead of
allowing an exception to be thrown from the thread.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
369f9c20ee tests: Validate EAP-GPSK cipher suite negotiation
This covers all currently supported algorithms and the case of no match.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
c4b8c71ba4 EAP-GPSK: Report CSuite negotiation failure properly
Setting methodState = DONE for the case where GPSK-1 is found to be
invalid or incompatible allows EAP state machine to proceed to FAILURE
state instead of remaining stuck until AP times out the connection.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
5a0f596b7b EAP-GPSK: Allow forced algorithm selection to be configured
phase1 parameter 'cipher' can now be used to specify which algorithm
proposal is selected, e.g., with phase1="cipher=1" selecting AES-based
design and cipher=2 SHA256-based. This is mainly for testing purposes,
but can also be used to enforce stronger algorithms to be used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
5f01c3c84a EAP peer: Improve failure reporting from METHOD with no eapRespData
One of the RFC 4137 state transitions (METHOD -> FAILURE) had been
forgotten and this could result in EAP peer method processing not
reporting failure immediately and instead, remain stuck waiting for the
connection to time out. Fix this by adding the methodState == DONE &&
decision == FAIL case to allow immediate reporting of failures.

The condition from RFC 4137 as-is would cause problems for number of the
existing EAP method implementations since they use that in places where
the final message before EAP-Failure should really be sent to the EAP
server (e.g., WSC_Done in EAP-WSC). Address this by includng eapRespData
== NULL as an additional constraint for entering FAILURE state directly
from METHOD.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
7271ee8769 Fix EAP-GPSK server compilation for SHA256 cipher suite
Need to use common EAP_GPSK_SHA256 define for this instead of the
server-specific EAP_SERVER_GPSK_SHA256 which was not really used
anywhere.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
324c99296a tests: Document the unique index needed for the tests table
This is needed for "INSERT OR REPLACE INTO tests" to work correctly with
run-tests.py -L.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
aa5fcc558b tests: Show missing descriptions in more helpful format
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
82fa9b62ff tests: Add forgotten test_wifi_display description
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
2f37a66dda tests: Optimize Interworking test cases with single-channel scans
Leave couple of cases to use full scan for better test coverage, but
change all other places to use a single channel scan with
INTERWORKING_SELECT to reduce the time it takes to execute the tests.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
fce6ddd8d0 tests: Avoid unnecessary wlantest failures
It is possible that wlantest has not yet created the BSS entry in all
cases, so interpret failures (no BSS entry being the most likely cause)
as zero counters. Similarly, ignore clear_bss_counters errors since they
are most likely reporting that the BSS was not found and as such, there
was no need to clear the counters anyway.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
356d1488c4 Interworking: Add optional freq argument to INTERWORKING_SELECT
This can be used to limit which channels are scanned using the specified
list of frequency ranges in the same format that the SCAN command uses.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
a09ffd5f2f Fix req_scan-deplete-timeout and update eloop API for this
Commit e2f5a9889a was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.

Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
bce774ad63 tests: Use ctrl_iface event for EAP reauth instead of STATUS poll
This speeds up the EAP test cases a bit by avoiding polling for
wpa_supplicant status.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
710f96fd8c tests: Remove unnecessary reset() steps
The FLUSH command clears disallow_aps, p2p_disabled, and
p2p_per_sta_psk, so there is no need to clear them separately.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
083916c022 P2P: Clear p2p_disabled and p2p_per_sta_psk on FLUSH command
The control interface FLUSH command now includes clearing of
"P2P_SET disabled 1" and "P2P_SET per_sta_psk 1".

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
3f45fc403f P2P: Clear services on FLUSH command
The control interface FLUSH command now includes the step executed by
the P2P_SERVICE_FLUSH command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
36408936f8 tests: Optimize wait_event()
Replace the fixed 100 ms waits with a select()-based wait and timeout
for full wait based on monotonic time to optimize wait_event().

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
606110e647 wpaspy: Add optional timeout argument for pending()
This can be used to wait for up to the specified limit on new event
messages.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
adf277a007 tests: Minor clean up for GAS test cases
Do not run a full scan in gas_generic since this is not really needed.
Dump pending event messages after long wait to make logs clearer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
d45e417f7b tests: Clean up hostapd ctrl_iface debug logging
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
1d646f5ee1 tests: Write debug logs into the database for failed test cases
This makes it easier to build a web page for analyzing failures without
having to fetch the log files themselves from the test server.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
26b846672c tests: Radio work items
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
1f965e622a Allow external programs to request wpa_radio work items
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
e766f56643 tests: Verify behavior during externally triggered scan
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6428d0a71f Do not start wpa_radio work during externally triggered scan
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
7c0d8645a1 tests: Verify cfg80211 connect API with concurrent operation
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
6470f471e4 Remove unneeded scan delay on connection-in-progress
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
4bb232153f Remove unneeded GAS query delay on connection-in-progress
This type of protection against concurrent connection and offchannel GAS
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
6ac4b15ef8 Use wpa_radio work for connection
This protects against conflicting offchannel operations during
connection (authentication, association, EAP exchanges, 4-way
handshake).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
b9e6d7001d Use radio work for GAS requests
Avoid concurrent GAS operations with any other exclusive use of the
radio by using the radio work queuing mechanism. This replaces some of
the earlier constraints on concurrent operations with the more generic
wpa_radio work concept.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e05e130837 P2P: Use radio work to protect offchannel Action frame exchanges
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e1d1c8e223 Use radio work for P2P Listen requests
Avoid concurrent P2P Listen operations with any other exclusive use of
the radio by using the radio work queuing mechanism. This removes some
of the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 09:45:32 +02:00
Jouni Malinen
1b5d4714dd Use radio work for P2P scan requests
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:39:25 +02:00
Jouni Malinen
d12a51b5d2 Use radio work for scan requests
Avoid concurrent scan requests by using the radio work queuing
mechanism.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:50 +02:00
Jouni Malinen
b1ae396f59 Add framework for exclusive radio operations
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:03 +02:00