Commit graph

4449 commits

Author SHA1 Message Date
Jouni Malinen
a2d4d4c98e tests: HE with ACS on 6 GHz using a 40 MHz channel
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-25 17:31:13 +03:00
Jouni Malinen
566ab39a72 tests: KDK derivation based on Secure LTF capability
This adds more production-like testing coverage for KDK derivation. Both
SAE and OWE transition mode are covered. The latter has some corner
cases that did not work correctly previously.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-25 12:08:12 +03:00
Jouni Malinen
9bad3c975d tests: Update server and user certificates (2023)
At least some of the previous versions have expired, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-04-18 11:40:10 +03:00
Jouni Malinen
07a7bcd7ea WMM: Advertise support for 16 PTKSA replay counters for non-AP STA
In theory, each device that supports WMM (or the IEEE 802.11 QoS for
that matter) is expected to advertise how many replay counters it
supports and the peer device is supposed to use that information to
restrict the total number of different MSDU priorities (AC/UP) that
might be used. In practice, this is not really done in deployed devices
and instead, it is just assumed that everyone supports the eight
different replay counters so that there is no need to restrict which
MSDU priorities can be used.

hostapd implementation of WMM has advertised support for 16 PTKSA replay
counters from the beginning while wpa_supplicant has not had any code
for setting the supported replay counter fields in RSNE, i.e., has left
the value to 0 which implies that only a single replay counter is
supported. While this does not really result in any real issues with
deployed devices, this is not really correct behavior based on the
current IEEE 802.11 standard and the WMM specification.

Update wpa_supplicant to use similar design to the hostapd RSNE
generation by setting the number of supported PTKSA replay counters to
16 whenever WMM is enabled. For now, this is done based on the
association being for HT/VHT/HE/EHT and also based on the AP supporting
WMM since it is much more likely for the local device to support WMM and
eight replay counters (which can be indicated only with the value that
implies support for 16 counters since there is no separate value for 8).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-18 11:40:10 +03:00
Jouni Malinen
22c453ae3c tests: Suite B 192-bit RSA with TLS 1.3
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-03-23 00:00:10 +02:00
Avraham Stern
23ddb3ffee tests: Remove dynamically added hostapd interfaces
When an in interface is added dynamically to hostapd with
HWSimRadio, it's not removed during device reset.
This requires to manually remove it, otherwise subsequent tests may
fail. Better do it during device reset.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2023-03-07 23:55:00 +02:00
Andrei Otcheretianski
fa4d7be5bf tests: Clear sae_groups in eht_sae test
Otherwise subsequent tests may fail.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 23:55:00 +02:00
Jouni Malinen
f0979c4ac9 tests: Fix python3 processing of Popen output reading
Need to decode cmd.stdout.read() output before using it as a string.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 21:34:53 +02:00
Jouni Malinen
f3c4d2db1f tests: DPP Configurator and @CONF-OBJ-SEP@
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 17:08:57 +02:00
Jouni Malinen
596d602de8 tests: P2P persistent group re-invocation (go_bssid) with cfg80211 P2P Device
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 14:12:58 +02:00
Jouni Malinen
f710eba172 tests: Make PASN checks for PTKSA_CACHE_LIST a bit more robust
It was apparently possible for the test script to fetch the
PTKSA_CACHE_LIST information from hostapd before the PASN message 3 had
been processed since only the event from wpa_supplicant related to
sending of that frame was explicitly waited for. Add a small wait to try
to avoid this race condition with UML time-travel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 19:46:17 +02:00
Jouni Malinen
6d7a9a890d tests: Country information in hostapd STATUS
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 17:36:28 +02:00
Jouni Malinen
eb6f8dab12 tests: PASN/KDK derivation with FT
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 17:28:15 +02:00
Jouni Malinen
1cde2549ec tests: WPA2-PSK and STA using 4addr mode
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 00:12:34 +02:00
Jouni Malinen
217d5e4796 tests: WNM event report
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-20 22:00:16 +02:00
Jouni Malinen
351761e994 tests: Ignore dpp-ca.py in git status
Some of the test cases can use dpp-ca.py symlink to sigma-dut.git. That
symlink is not in the repository, so ignore it explicitly in git status.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-17 16:25:33 +02:00
Jouni Malinen
1bc93b7fe3 tests: Clear SAE groups for dpp_ap_config_sae
This is needed to avoid failures due to previously executed test cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-17 16:20:20 +02:00
Jouni Malinen
9f5f066d27 tests: Clear SAE groups before the HE 6 GHz test cases
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 13:55:36 +02:00
Jouni Malinen
641f2868de tests: FT and VLAN in wpa_psk file
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 11:47:25 +02:00
Jouni Malinen
e4d1000cac tests: Verify hostapd STA vlan_id value
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-13 23:22:10 +02:00
Jouni Malinen
eff82f93af tests: Make pmksa_cache_and_cui more robust
Make sure hostapd has had time to complete 4-way handshake processing
before initiating reauthentication from wpa_supplicant. There is a small
window for race condition here when testing with UML and time travel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 13:11:54 +02:00
Jouni Malinen
2d3afc273d tests: MACsec with EAP-PSK
This verifies use of a shorter than 65 octet EAP Session-Id.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 12:41:03 +02:00
Jouni Malinen
047da5fe3a tests: wpa_supplicant config file parsing of an invalid network
This is a regression test for a NULL pointer dereferencing from commit
d8d2b3a338 ("Implement read-only mode for SSIDs from the additional
config (-I)") .

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-01 18:26:35 +02:00
Jouni Malinen
825a545279 tests: Clear sae_groups in radius_sae_password
This is needed to avoid failures caused by previous test cases having
left behind constraints on the allowed groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-31 12:00:18 +02:00
Jouni Malinen
d44a7e38d1 tests: Use nproc for determining how many parallel jobs to use (fuzz)
This was already done in tests/hwsim/build.sh, but the fuzzing
build-test.sh can do same instead of using the hardcoded value 8.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:21:45 +02:00
Shivani Baranwal
bf931c5f8d tests: P2P Service Discovery initiated from Go device.
Add a new P2P Service Discovery test to verify the handling of the
SD response frame received by the GO device.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
e8706c109e tests: Work around pyrad issues with octet strings that start with "0x"
pyrad's tools.py EncodeOctets() uses a design that tries to
automatically determine when the octetstring is a hex string based on
the binary data starting with "0x". That is not really nice since it
will result in failing one out of 65536 possible random inputs with
"binascii.Error: Non-hexadecimal digit found" when trying to decode an
actual (non-hex) binary string as a hexstring.

Work around this by convering the special cases where the
Message-Authenticator binary value happens to start with b"0x" to a
hexstring.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
85ac165d64 tests: Allow some more time for a scan in discovery_group_client
This makes the test case a bit more likely to be able to complete with
S1G being enabled in mac80211_hwsim. However, the 15 second P2P protocol
timeout itself can be hit in this type of a case and the test case will
still fail every now and then if all mac80211_hwsim supported channels
are included.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
d5b7560de5 tests: Clear sae_groups in pasn_sae_kdk
This test case could have failed when executed after a test case that
had forced a specific set of SAE groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
a70a4672d8 tests: Allow more VMs to be used that there are screen lines
curses prints were causing parallel-vm.py to terminate if there were too
many VMs to fit into the screen. For now, simply hide any VMs from the
live status if there is not sufficient room for them.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
48cb42182f tests: Disable both APs before flushing PBC state
One of the PBC APs was left running at the end of the tet case with
active PBC. Stop that AP as well before flushing scan information on the
STA.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 19:06:25 +02:00
Jouni Malinen
ec277b5237 tests: Make ap_roam_open work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 23:06:38 +02:00
Jouni Malinen
415458e2b3 tests: Make wext_pmksa_cache work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 12:40:46 +02:00
Jouni Malinen
19d3e0383f tests: Make ap_wps_iteration_error work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not long enough to allow two scan iterations to be completed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 12:40:41 +02:00
Jouni Malinen
2377d817da tests: DPP QR Code and hostapd as initiator/Configurator (offchannel)
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
6bc9ce67b2 tests: HE on 6 GHz and automatic security settings on STA
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
007a43ac59 tests: Per-ESS MAC address and PMKSA caching
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:16 +02:00
Jouni Malinen
823cf218e4 tests: Use different mechanism for failing random MAC address change
gas_failures was using an invalid preassoc_mac_addr value 1111 to
trigger a failure. That won't work once wpa_supplicant starts validating
the range of the configuration parameter. Use a different mechanism to
force a failure in the actual random MAC address change functionality.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:02 +02:00
Jouni Malinen
317adf2359 tests: Set address lifetime to be sufficiently large for the test
sta_dynamic_random_mac_addr and sta_dynamic_random_mac_addr_keep_oui
assumed that the same random MAC address remains in use even though it
set the lifetime to 0 seconds. This might have worked in the past by
accident, but set this properly to configure a longer lifetime.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:24:32 +02:00
Jouni Malinen
3b4a5e58b7 tests: EHT with SAE
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-17 21:07:42 +02:00
Andrei Otcheretianski
694a1c6873 SAE: Make sme_sae_auth() return IE offset
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).

To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:11:16 +02:00
Jouni Malinen
c58178b922 tests: More coverage for D-Bus CreateInterface() parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-17 12:11:15 +02:00
Ilan Peer
24b4c3abef tests: Extend SAE-EXT-KEY testing
Extend the SAE-EXT-KEY testing to also cover GCMP-256.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 22:37:31 +02:00
Jouni Malinen
6cc0a885c8 tests: require_he=1
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-16 20:31:14 +02:00
Aloka Dixit
96ab7529c1 tests: MBSSID and EMA
Add test cases for MBSSID functionality with EMA.

Add helper functions to create the configuration file, start hostapd
instance and client association with the transmitting interface.

he_ap_mbssid_open: 4 VAPs with open security in multiple BSSID
configuration. The first interface transmits beacons and probe responses
which include the multiple BSSID element(s) with remaining profiles.

he_ap_mbssid_same_security: 2 VAPs, all with SAE. In such a case the
Multiple BSSID elements in management frames do not include RSN and RSNE
elements as all non-transmitting profiles have exact same security
configuration as the transmitting interface.

he_ap_mbssid_mixed_security{1,2}: 8 VAPs with mixed security
configurations (SAE, OWE, WPA2-PSK, open). he_ap_mbssid_mixed_security1:
Transmitting interface uses SAE. In this case the non-transmitting
profiles will include non inheritance element (IEEE Std 802.11-2020,
9.4.2.240) wherever the security differs from the transmitting profile.
he_ap_mbssid_mixed_security2: Transmitting profile is open hence no need
for the non inheritance elements. Instead each non-transmitting profile
includes RSN, RSNE if applicable.

he_ap_ema: Enhanced multi-BSS advertisements (EMA) with 8 VAPs all with
SAE configuration.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2022-12-02 23:06:32 +02:00
Daniel Gabay
bb67d5b52b AP: Add testing option to delay EAPOL Tx
Add a testing option to delay EAPOL-Key messages 1/4 and 3/4. By setting
delay_eapol_tx=1, the actual EAPOL Tx will occur on the last possible
attempt (wpa_pairwise_update_count) thus all previous attempts will fail
on timeout which is the wanted delay.

In addition, add an hwsim test that uses this testing option to verify
that non protected Robust Action frames are dropped prior to keys
installation in MFP.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-02 13:07:03 +02:00
Jouni Malinen
12d8b8a91e tests: EAP-TEAP with and without EAP method sequence optimization
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-01 17:53:05 +02:00
Andrei Otcheretianski
1b025bda57 tests: Extend EHT estimated throughput testing
Add a basic test to verify AP selection algorithm with EHT AP.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-11-30 20:33:44 +02:00
Jouni Malinen
ed68ac9301 tests: Public key hash information in authentication and AP association
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-29 16:37:54 +02:00
Jouni Malinen
8de2881426 tests: Automatic channel selection for 40 MHz channel (HE)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 23:31:36 +02:00