This PMKID replacement case is not going to prevent connection after a
change in wpa_insert_pmkid() so remove it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Data connectivity test could have been started in the middle of 4-way
handshake. This test case needs to wait for two STA connections before
starting the connectivity test since the first one is only for the
provisioning step.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous waits were matching both DPP-TX and DPP-TX-STATUS and if
the latter event was received, the test cases would either report
failure or would not really test what was supposed to be verified. Fix
this by waiting explicitly for "DPP-TX " to avoid matching
"DPP-TX-STATUS" prefix.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait STA connection to be completed in hostapd before testing
connectivity. This avoids a possible race condition that could be hit
especially when testing with UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
openssl engines may dynamically load external libraries. Our event_*()
functions happen to be named very generically, such that event_add()
collides with the libevent library (https://libevent.org/). This can
have disastrous effects (esp. when using CONFIG_WPA_TRACE, which enables
partial linking) when our SSL engines call into the WPS event_add()
instead of their intended libevent event_add().
Resolve this by providing a more unique prefix to these functions.
Rename performed via:
sed -i -E \
's:\<event_(add|delete_all|send_all_later|send_stop_all)\>:wps_upnp_event_\1:g' \
$(git grep -l event_)
Tested via (among other things) hwsim '-f ap_wps' module.
Signed-off-by: Brian Norris <briannorris@chromium.org>
The 127.0.0.11/24 address that could have been left on the wlan0
interface resulted in some test case sequence failures. Fix this by
explicitly clearing that address when terminating sigma_dut.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
start_sigma_dut() can raise an exception and as such, assigning a
variable to its return value within a try block does not work in this
manner when the result is supposed to be used in the finally statement.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The second round may use PMKSA caching, but AP will need to reject msg
2/4 in that case as well due to RSNXE mismatch.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
sigma_dut does not clear sae_pwe value when the command line argument
"-2" is used, so we need to explicitly clear this from wpa_supplicant at
the end of the test case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous description of wmediumd_scan_only_one used multiple lines
and that resulted in parallel-vm.py miscounting total number of test
cases. Fix that by getting rid of the newlines from the description.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that parallel-vm.py is actually stopping VMs as soon as they are not
needed for retries, it is not really an unexpected exit to see a VM exit
while test cases remain in the queue as long as at least that many VMs
remain running. Get rid of confusing 'unexpected exit' status from the
UI in such cases.
Fixes: 4aaddecdd8 ("tests: Handle test retries through the same queue")
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that wpa_supplicant was modified to use NAI realm query even if
roaming_consortium is set, this test case is actually able to find a
match. Update it to avoid cause incorrect test failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There was a bug in wmediumd in that it didn't set the
frequency of frames, and thus they were always received
by mac80211_hwsim, regardless of channel it was on.
Add two tests that verify we only find a single instance
of an AP if we only have that one, and run this both with
and without wmediumd.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Avoid race conditions in completing mesh group removal/re-addition steps
and starting connectivity check. It seemed to be possible to get to the
connectivity test in some cases before the mesh STA had rejoined the
mesh and completed key configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is in preparation of an implementation to to remove the alternative
SSWU path that was needed only for this particular group.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These test cases were all using group 21 even though they were supposed
to go through all the possible groups.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It looks like the wpa_auth_get_seqnum() function might not always be
visible in the backtrace since the compiler may optimize that wrapper
away. Use the i802_get_seqnum() function instead as a trigger for the
get_seqnum operation failure trigger to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to be able to compare the received RSNXE to a protected
version in EAPOL-Key msg 2/4.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify behavior with sae_pwe configuration values 0..2, i.e., test the
new hash-to-element mechanism for deriving PWE and negotiation for which
method to use.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This verifies mac80211 behavior for Layer 2 Update frame use and other
unexpected frames from a not fully authentication station.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait hostapd to complete key setup before asking it to send a frame that
may need PMF. This is needed especially with UML time-travel.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This looked like a copy-paste error in the event message check and once
that was fixed, couple of test cases needed fixes to expect a success
from the Configurator.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE Std 802.11F-2003 was withdrawn in 2006 and as such it has not been
maintained nor is there any expectation of the withdrawn trial-use
recommended practice to be maintained in the future. Furthermore,
implementation of IAPP in hostapd was not complete, i.e., only parts of
the recommended practice were included. The main item of some real use
long time ago was the Layer 2 Update frame to update bridges when a STA
roams within an ESS, but that functionality has, in practice, been moved
to kernel drivers to provide better integration with the networking
stack.
Signed-off-by: Jouni Malinen <j@w1.fi>
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.
Signed-off-by: Jouni Malinen <j@w1.fi>
The hostapd side operations and data connectivity test were executed
without explicitly waiting for hostapd to report connection as having
been completed. This could result in trying to transmit data before
EAPOL-Key msg 4/4 was processed especially when using UML time-travel.
Make this more robust by waiting for hostapd to be ready before the data
test.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was failing if wlantest was able to decrypt the CCMP
protected frames. Fix the tshark filter string to include only the
actually encrypted frames for PN comparison.
Signed-off-by: Jouni Malinen <j@w1.fi>
These were moved from test_sae.py to utils.py, so import them from the
correct location instead of through test_sae.py that imports them from
utils.py.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to report completion of connection so that the WNM
Notification Request frame does not get sent before the AP has processed
EAPOL-Key msg 4/4 and configured the TK. This could result in a race
condition especially when testing using UML with time-travel.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed with the increased maximum EAP round limit since the
server side sends out longer messages in this exchange and that prevent
the short message limit from being reached.
Signed-off-by: Jouni Malinen <j@w1.fi>
This cleans up coding style of the EAP implementation by avoiding
typedef of an enum hiding the type of the variables.
Signed-off-by: Jouni Malinen <j@w1.fi>
In addition, update the generation script to allow convenient update of
the server and user certificates without having to generate new keys.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The wlan.mesh.config doesn't have to be the last element of beacon. Things
like VHT or HE oper/cap are usually follow the mesh configuration element.
The workaround must first get the position of a correct reference value in
wlan.mesh.config (ps_protocol) and then calculate the correct
wlan.mesh.config.cap offset based on that.
Reported-by: Johannes Berg <johannes@sipsolutions.net>
Fixes: 2cbaf0de22 ("tests: Work around tshark bug in wpas_mesh_max_peering")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
It was clearly too easy to get unexpected behavior by accidentially
passing in a string instead of a list of strings to these functions, so
enforce the correct type to notice such issues automatically.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wait_event() expects a list of events instead of a single event name.
The previous implementation of wait_sta() did not really wait for
AP-STA-CONNECT; instead, it returned the next event from hostapd
regardless of what that event was.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The AP side may not have had enough time to configure the new TK into
the driver if the connectivity test is started immediately after the
station side event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.
Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.
Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.
Signed-off-by: Jouni Malinen <j@w1.fi>
This helps in avoiding issues with another test case trying to bind to
the same UDP port and failing due to the previous use by pyrad still
being open. This showed up with failures in radius_ipv6 when it followed
a test case like eap_proto_tls with suitable set of test cases between
them.
Signed-off-by: Jouni Malinen <j@w1.fi>
Test case sequence "persistent_group_channel scan_bss_expiration_count"
was failing with UML when using time travel. This seemed to be because
there was no explicit wait to confirm that the AP has been fully
disabled before running the next scan. Work around this by verifying
that hostapd has terminated the BSS and waiting a bit after that before
proceeding.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
ap_vht160_no_dfs fails with this message:
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wep_ht_vht fails with this message:
---------------
wlan0: Country code not reset back to 00: is SE
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_wps_conf_5ghz fails with this message:
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_vht160 fails with this message:
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_vht40 fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_vht fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_5ghz_40mhz fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_5ghz fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
rrm_beacon_req_passive_scan_vht fails with this message:
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This removes the separate rerun step from the parallel-vm.py processing
and instead, simply requeues the failed test cases into the same queue
that is used for the initial run. This is simpler and more efficient
since reruns start as soon as any VM is ready for processing them
instead of having to wait for all VMs to complete the first round.
Furthermore, this allows VMs to be stopped sooner when no more test
cases remain and that is helpful especially with the time travel patches
that make the wait-for-next-test step in the VM use all available CPU.
Signed-off-by: Jouni Malinen <j@w1.fi>
Enable all supported groups in the existing ap_wpa2_eap_pwd_groups and
ap_wpa2_eap_pwd_invalid_group test cases to maintain current testing
functionality once wpa_supplicant is modified to use a different default
for the enabled groups.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Test names can now use wildcard in the end (e.g., ap_wpa2_psk*) to match
all test cases with the specified prefix.
Signed-off-by: Jouni Malinen <j@w1.fi>
scan_dfs fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_go_move_scm_peer_does_not_support fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_channel_5ghz_165_169_us fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_channel_5ghz_only fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
autogo_ht_vht fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_autogo_pref_chan_not_in_regulatory fails with this message.
---------------
wlan0: Country code not reset back to 00: is SE
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_to_24g_ht fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_40_fallback_to_20 fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_tkip fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
prefer_vht40 fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_csa fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80plus80_invalid fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht160_no_ht40 fails with this message.
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_40 fails with this message.
---------------
wlan0: Country code not reset back to 00: is DE
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_20 fails with this message.
---------------
wlan0: Country code not reset back to 00: is DE
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_invalid2 fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_invalid fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_wifi_generation fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80 fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_wps_conf_chan14 fails with this message.
---------------
wlan0: Country code not reset back to 00: is JP
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_vht160_scan_disable fails with this message.
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
rrm_beacon_req_passive_scan_vht160 fails with this message.
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
rrm_beacon_req_table_vht fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_ht40_5ghz_disabled_sec fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_ht40_5ghz_invalid_pair fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_force_2ghz fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_force_5ghz fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_no_auth_passive fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_no_auth fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_no_probe_resp fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
nfc_wps_handover_chan14 fails with this message.
---------------
wlan0: Country code not reset back to 00: is JP
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_use_sta_nsts fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_capab_not_supported fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80c/d fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
dfs_radar2 fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Matching with roaming_consortium requires EAP type to be specified to
work for the connection. This test case was not really testing the
connection part, so this has not been much of an issue in the past, but
in preparation for the matching rules to start filtering out invalid
credential configurations from selection, the EAP type needs to be
explicitly set here.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
src/*/Makefile needs to allow additional CFLAGS values to be provided
from the calling Makefiles so that the clang command line arguments to
enable sanitizers consistently. In addition, it can be useful to be able
to provide CC, CFLAGS, and LDFLAGS from external setup while still
requesing LIBFUZZER=y build. Allow that by not overriding these
variables if they are already set.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This struct needs to remain valid through the lifetime of the
authenticator state machine, so move it to the context struct instead of
being a local stack variable inside the setup function that returns
before the actual test functionality is executed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Looks like the previous fix for a newer OpenSSL versions broke
functionality with older versions that did not seem to like @SECLEVEL=0
in the cipher list. Make that addition conditional on OpenSSL version to
work with both versions.
Fixes: e87e6f609b ("tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpas_ap_async_fail fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
nfc_wps_handover_5ghz fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
dfs_cac_restart_on_enable fails with this message.
---------------
START dfs_cac_restart_on_enable 1/1
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
FAIL dfs_cac_restart_on_enable 3.037694 2019-05-28 01:35:07.548390
failed tests: dfs_cac_restart_on_enable
---------------
This patch fixes the false negative.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is a newer version of tests/wnm-fuzzer tool as the initial step in
creating a more uniform set of fuzzing tools that can be used with both
libFuzzer and afl-fuzz.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the previously used sleep time was not sufficient to allow
capturing the frames from wlan0/wlan1/wlan2 to start and complete so
that all the necessary frames can be checked. This was the case
especially with UML time-travel=inf-cpu.
Signed-off-by: Jouni Malinen <j@w1.fi>
Recent regdb enabled UNII 3 in Finland. Change the
mbo_supp_oper_classes_fi test accordingly to accept either the previous
or the current value to be reported.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
It is fine for the station to associate with either AP in this test
case, so do not force AP side connection check with apdev[0].
Signed-off-by: Jouni Malinen <j@w1.fi>
When the serial ports are set into raw mode on stdio (fd:0,fd:1)
then Ctrl-C is sort of passed through, but not effective. Request
non-raw mode to avoid that and let us cancel test execution with
Ctrl-C properly (both in parallel-vm.py and vm-run.sh cases).
Note that this requires a currently out-of-tree patch, but so
does the virtual time. If the patch is not applied, the command
line argument is ignored.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
time-travel=inf-cpu needs bit more wait before being able to fetch the
STATUS* items after initial connection request.
Signed-off-by: Jouni Malinen <j@w1.fi>
Waiting for exactly one second for a one second timeout with
time-travel=inf-cpu is not exactly robust, so increase that wait to be
able to see the last EAPOL-Key TX attempt from hostapd.
Signed-off-by: Jouni Malinen <j@w1.fi>
Busy loop for waiting is not going to work with time-travel=inf-cpu, so
need to something a bit more explicit to wait for the wpa_supplicant
process to proceed while not fully breaking the idea of this test case
to iteration through large number of STATUS-VERBOSE commands to hit
different states.
Signed-off-by: Jouni Malinen <j@w1.fi>
The sae_groups parameter needs to be cleared before attempt a SAE
connection in a test case to avoid issues with this parameter having
been left to something else than the default one by a previous test
case. This was found with the following sequence:
sae_pwe_failure dpp_auto_connect_legacy_psk_sae_1
Signed-off-by: Jouni Malinen <j@w1.fi>
The earlier change from using apdev[1] to using a no-interface
ifname=as-erp in the ERP related test cases ended up leaving the
separate authentication server interface running after the end of the
test case. This left UDP port 18128 open and any consecutive test case
needing this port failed to start another authentication server.
This can be reproduced with following test case sequence:
fils_auth_gtk_rekey authsrv_unknown_user
Fixes: e374def207 ("tests: Start ERP authentication server without AP")
Signed-off-by: Jouni Malinen <j@w1.fi>
This fuzzing wrapper does not go through full hostapd_clean_iface() call
to free memory, so call ap_list_deinit() to avoid reporting memory leaks
from added AP list entries. This case could not be hit with
hostapd/wpa_supplicant since they perform full interface deinit on
interface removal.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14928
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Couple of the callback functions had changed their prototypes and
p2p-fuzzer compilation resulted in a warning and not returning
*scheduled from the send_action() callback. This was reported as
use-of-uninitialized-value which was not really possible with
wpa_supplicant since the issue was only in the fuzzing wrapper.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14924
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Avoid a memory leak in fuzzer tests by calling wnm_deallocate_memory()
before exiting since this fuzzing wrapper does not use full
wpa_supplicant_cleanup().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There is no actual need for running the authentication server with
driver=nl80211, so simplify this by using driver=none instead. This
frees up apdev[1] for actual AP needs in the test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This speeds up test execution significantly by removing unnecessary
waiting for things to happen since the kernel log is allowed to jump
forward whenever there is nothing to do.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case was failing frequently due to the station not being able
to connect back to the AP if the interrupted channel switch ended up
moving the AP to the new channel anyway on restart. Scan both possible
channels to allow the AP to be found in either case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows UML builds to be used in running user mode without having to
run the full x86 kernel in virtual machine.
Signed-off-by: Jouni Malinen <j@w1.fi>
The change to use a shared dragonfly_generate_scalar() helper function
resulted in failures in sae_no_random and sae_bignum_failure test cases
due to renamed functions and removed uses.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The change to use shared dragonfly_get_random_qr_qnr() and
dragonfly_get_rand_1_to_p_1() helper functions resulted in failures in
sae_no_random and sae_bignum_failure test cases due to renamed functions
and removed uses.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.
Signed-off-by: Jouni Malinen <j@w1.fi>
dbus_p2p_go_neg_init, dbus_p2p_group_idle_timeout, and
dbus_p2p_group_termination_by_go could end up print a "DETACH failed"
exception as a warning from WpaSupplicant.__del__ for the dev1 instance
used within the TestDbusP2p class. This did not cause the test cases to
fail, but the output is a bit confusing, so clean this up be explicitly
closing the control interface monitor sockets and furthermore by
ignoring the "DETACH failed" exception within __del__.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is in preparation of disallowing all use of these groups. Negative
test case for the groups will be added in a separate commit after the
implementation has been changed.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the scan operation could end up reverting regdom back to
the previously configured one, so configure 00 country before starting
the disconnect-and-stop-scan operation to give some more time for the
regdom to be cleared.
Signed-off-by: Jouni Malinen <j@w1.fi>
The last beacon report indication was set in all the beacon report
elements in the last frame of the beacon report, while it should be set
only in the last beacon report element of the last frame. This is now
fixed in wpa_supplicant, so update the test case expectation to match
the fixed behavior.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The change to python3 broke trace-cmd recording, two
strings need to be bytes instead. Fix that.
Also add a flush() that seems to be needed now.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This makes it easier to test various X.509 certificate validation steps
with the server certificate being generated and signed using pyOpenSSL
dynamically.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
cfg80211 was modified to allow the Multiple BSSID Index element to be
included in the IEs for a nontransmitted BSS. Update the validation step
in this test case to allow that different with the IEs in the Beacon
frame (transmitted BSS).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Reduce testing dependency on the unsuitable groups so that a test case
against a production build would not fail the test case unnecessarily.
This is in preparation of making production builds
(CONFIG_TESTING_OPTIONS not defined) of wpa_supplicant hostapd disable
all DH groups that have been indicated as being unsuitable.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
FLUSH should be done on P2P device interface, otherwise the networks are
not removed. Fix that.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The separate dpp_bootstrap_gen() functions were merged into a single
one, so the test case needs a matching change to avoid failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Increase testing coverage by going through all six possible curves with
full provisioning of AP and STA and connection (which includes PFS with
DPP2).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case did not clear a possibly modified sae_groups value from a
prior test case for adev[2] and could fail if the previously set group
was not supported by the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases did not clear a possibly modified sae_groups value from
a prior test case and could fail if the previously set group was not
supported by the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case did not clear a possibly modified sae_groups value from a
prior test case and could fail if the previously set group was not
supported by the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a helper function to perform this common sequence to disconnect and
stop any possibly started reconnection attempt.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the ABORT_SCAN command succeeds, CTRL-EVENT-SCAN-RESULTS event is
delivered for the aborted scan. Following this with an immediate
flush_scan_cache() call can result in the first scan interpreting that
pending event as the completion and that results in trying to start
another scan while the first scan is still in progress.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to avoid leaving behind a ROC operation at the end of the
test case. This was found with the following test sequence:
p2p_ext_vendor_elem_invitation wifi_display_r2
Signed-off-by: Jouni Malinen <j@w1.fi>
Parsing of the DER encoded signature was unable to handle results that
were shorter than the prime. These need to be zero padded from left to
generate the correct value.
Signed-off-by: Jouni Malinen <j@w1.fi>
The long wait for the monitor socket events resulted in another socket
running out of TX buffer space. Split the wait into smaller segments and
clear the other socket in each iteration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not leave all the event messages pending in the socket queue for the
full duration of the test case to avoid hitting the TX socket queue
limit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some of the test cases left behind attached control interface monitor
sockets that could result in hitting the wpa_supplicant socket TX queue
limit. Try to be a bit more careful about detaching and closing the
sockets to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
The "_ipv6" part of the file name was missing and this resulted in file
names that conflicted with the IPv4 test cases and could overwrite logs
for those.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It does not look like there would be two CTRL-EVENT-ASSOC-REJECT events
here, so only check the first one instead of requiring both to be
received with status_code=27. This test case could fail based on the
second connection attempt (due to that extra event wait) timing out.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Print a list of full paths to log files from failed test cases both the
parallel.log and stdout so that they can be easily opened for analysis.
In addition, renumber the VM lines in the <timestamp>-parallel.log to
match the i+1 numbering used in the log directories and UI that is
tracking test execution.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
One of the steps that expected failure due to PMKID mismatch did not
stop connection attempts. This could result in the following test step
failing due to the previous profile with peaplabel=1 getting used to
derive the MSK incorrectly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The wait_event() call for scan completion could have processed a
previously received event from a prior scan instead of the newly started
one. This could result in flush_scan_cache() assuming there are still
results in the cache even though the scan request to clear the cache had
not even be started yet.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use more readable "foo not in bar" construction for the couple of places
that did "not foo in bar".
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Prior cleanup broke the indentation here and made the addition of test
cases unreachable.
Fixes: 0663ae22ff ("tests: Do not use tabs for indentation")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new DPP Configuration Result message can result in a bit different
behavior at the end of the configuration exchange and some of the test
cases need more flexibility to work with that DPP2 behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
gas_address3 was set to 1 in this test case, but it was never cleared.
That can result in unexpected behavior in other test cases that dpeends
on gas_address3 being in its default value 0. Clear the parameter
explicitly to avoid this.
This resulted in an error in the following test sequence:
dpp_qr_code_auth_initiator_enrollee gas_anqp_address3_ap_forced
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There was a race condition on starting the flush_scan_cache() operations
if a scan happened to be in progress when the test case ended since the
ABORT_SCAN success case did not wait for the pending scan operation to
be completed. Wait for the scan completion event in addition to the
disconnection event if the ABORT_SCAN command is accepted.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There was a race condition on starting the flush_scan_cache() operations
if a scan happened to be in progress when the test case ended since the
ABORT_SCAN success case did not wait for the pending scan operation to
be completed. Wait for the scan completion event in addition to the
disconnection event if the ABORT_SCAN command is accepted.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These TDLS test cases missed Popen() result decode() calls in the
earlier python3 compatibility changes. Add those to make debug log more
readable.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Wait explicitly for the DPP-NOT-COMPATIBLE event when going through
protocol testing with local failures instead of just waiting for a fixed
0.1 second duration. This prevents a test failure at least in
dppauth_resp_status_failure in a case where the failing operation may be
delayed under heavy CPU load.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Test case sequence "ap_wps_ap_scan_2 ap_wps_pbc_2ap" resulted in a
failure due to a scan entry being left behind from the first test case
and the second one ending up using that obsolete result during WPS_PBC
processing. Fix this by clearing the scan results explicitly on dev5.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Accept a smaller number of token responses in second round to avoid
failing this test case as frequently.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The configurated fragmentation/RTS threshold value survives AP mode
interface restarts, so these values need to be explicitly cleared back
to default (disabled). This fixes an issue where some test cases could
not work correctly if fragmentation on the interface was enabled. For
example, this combination used to fail:
ap_fragmentation_open ap_hs20_fetch_osu
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The first scan for the unknown BSSID could have been timed in a manner
that allows passive scanning to find the real AP even if that AP's
beacon interval was 1000 (e.g., heavy CPU load changed timing so that
the AP beaconing started at suitable time). The check for BSS result
entry not including Probe Response frame was comparing incorrect BSS
entries (bss2 vs. bss1) which resulted in the test case claiming failure
even when there was no unexpected Probe Response frame.
Fix this by comparing the beacon_ie and ie parameters from the same BSS
entry (bss1).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Number of these test cases start connection attempt in wpa_supplicant
and then expected a specific failure to happen relatively quickly. This
could result in timeouts if the first scanning round missed to find the
AP (e.g., due to CPU load pushing out the Probe Response frame long
enough for the station having left the channel) and wpa_supplicant then
waiting five seconds before starting a new scan.
Make this more robust by scanning explicitly for the specific BSSID
before starting the connection attempt.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This old interface has been obsoleted and should not have been used
since 2010, so remove testing for it in preparation to dropping the
interface completely from wpa_supplicant.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
No need to duplicate this functionality when all the ap_ft_pmf_*_over_ds
test cases are doing practically the same thing and the
no-specific-cipher-configuration case can be addressed easily with the
same helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
The main step of the test case was accidentally removed when adding the
cipher specific versions.
Fixes: ffcaca68d3 ("tests: FT with different BIP algorithms")
Signed-off-by: Jouni Malinen <j@w1.fi>
Configure the sae_groups parameter for hostapd explicitly in preparation
for the default value change in the implementation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Configure the sae_groups parameter for hostapd explicitly in preparation
for the default value change in the implementation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>