Set device_name in the test cases instead of relying on the
wpa_supplicant configuration file. This fixes problems when we run WPS
test cases in remote test environment.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Add a new command line option -f (--modules) that will run all test
cases from the specified module(s).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Leaving out the special sae_pwe value was causing failures for following
test cases, e.g., in the following sequence:
sigma_dut_sae_pw_id_pwe_loop sae_password_id_only
Signed-off-by: Jouni Malinen <j@w1.fi>
Some test case sequences seemed to prevent the station from completing
the first OBSS scan (that scan was aborted) and that resulted in failing
the test case because the AP had not received any report in time. Wait
for scan completion and allow additional scans before timing out to
avoid indicating incorrect AP behavior in cases where the report was not
even received.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update the fizzing test tools to use the new set_key() prototype, i.e.,
add the new key_flag argument, to get rid of compiler warnings.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit f3bcd69603 ("Remove CONFIG_IEEE80211N build option") broke
couple of fuzzing test tools due to missing wpa_scan_results_free(). Fix
that by pulling in driver_common.o.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update grpform_pbc_overlap not to require PBC session overlap to be
detected since in this sequence a single BSSID is specified and other
APs can be ignored while checking for session overlap. Add other test
cases to explicitly check for the PBC session overlap detection in
non-P2P and P2P cases when the BSSID is specified.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Replace the hardcoded /tmp filenames for generated ACL and BSS
configuration files with proper temporary files from tempfile.mkstemp()
to avoid conflicts with existing files or with parallel uses. Remove ACL
files from the local directory at the end of each test case. BSS files
are currently left behind, but can be cleaned up separately if needed
for non-VM testing (VM testing has those on ramdrive so they get dropped
automatically at the end) and for remote devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
When this test case is ran in remote test environment, there could be
additional APs in scan results after bssid_filter has been disabled.
That breaks the check on SCAN_RESULTS output. Extend this to cover the
remote testing case by using bssid_filter with both known APs listed
instead of full wildcard.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Instead of hardcoded bss-[1-6]*.conf files, generate them using the
correct BSSID for each AP device and send/install them on the remote
client as well if needed.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Generate ACL files instead of using files with hardcoded values for the
STA MAC addresses. Send the generated files also to the remote client if
required.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Some hostapd test cases use configuration files, e.g., ACLs in BSS
configuration. When executing remote tests (udp), we have to first send
these configuration files to the appropriate remote device. The new
send_file() helper can be used for that.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
We could have different ifconfig output formats on the remote devices,
so make the parser more flexible to handle such cases.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This allows more test cases to be run in remote setup. Previously, we
used to block all test cases that required more than two arguments
(i.e., that needed the params argument).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
In case the hwsim wrapper is used in remote tests, show also which
device will be used as
apdev - hostapd
dev - wpa_supplicant
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Kill hostapd and wpa_supplicant based on the configuration parameters.
Previously, we could have killed wrong processes.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Hardcoded CONFIG_IEEE80211N to be included to clean up implementation.
More or less all new devices support IEEE 802.11n (HT) and there is not
much need for being able to remove that functionality from the build.
Included this unconditionally to get rid of one more build options and
to keep things simpler.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_open_sta_ps checks whether a STA told its hardware to enter power
save after enabling power save.
ap_open_ps_mc_buf checks whether an AP properly buffers and releases
multicast frames when a STA with PS active is associated.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
A test may want to check multicast connectivity independent of unicast
or check multicast without exercising unicast first. Factor out the
multicast connectivity check code into its own function.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Explicitly flush cfg80211 scan cache for this test case since the BSS
entry check might fail if there are multiple results for the same BSSID.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new dpp_alloc_auth() function addition changed function call
backtraces for memory allocation failure tests.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new dpp_gen_uri() helper function can be used to build the
bootstrapping URI from locally stored information. This can be used to
make it easier to update the URI, e.g., for NFC negotiated connection
handover cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
"finally" handler should not trigger a new exception when trying to
clear state for non-DPP builds. In addition, couple of checks for DPP
capability in the build were missing.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a helper function for this and add checks for number of test cases
that were missing this. This gets rid of undesired FAIL results
(converts them to SKIP) for test runs where the station do not support
SAE.
Signed-off-by: Jouni Malinen <j@w1.fi>
Explicitly clear cfg80211 scan cache to avoid issues with old BSS
entries from previous test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previously used timeout of two seconds did not allow more than a
single scan attempt and that could fail every now and then. Make these
more robust by increasing the timeout to 10 seconds which allows another
scan attempt to be completed similarly to the most non-sigma_dut test
cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE P802.11-REVmd was modified to require H2E to be used whenever
Password Identifier is used with SAE. Since wpa_supplicant and mac80211
do not yet support SAE H2E in mesh, Password Identifier cannot be used
in mesh cases. Remove the test cases that verified this behavior for now
to allow H2E to be required per updated REVmd definition. These test
cases will be restored once H2E is fully functionality in mesh cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow running without curses, in which case the log is simply written to
stdout instead of a file. This is useful for automated (but parallel)
testing. Note that in most cases, you'd want to specify --debug, and so
I added a .rstrip() there on the lines to clean that up a bit.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some of the sigma_dut test cases were not yet using try/finally to
ensure stop_sigma_dut() gets called. That could result in not logging
all failure reasons in the log and getting stuck with being unable to
start new sigma_dut processes after failed test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There is no point in having to enable this separately for each test case
since the debug details are always useful if something fails.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes logs easier to understand and this may also help in running
over buffer space and getting stuck with sigma_dut termination.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Current Python versions have no os.sleep(), use time.sleep() instead.
module 'os' has no attribute 'sleep'
Traceback (most recent call last):
File "./run-tests.py", line 521, in main
t(dev, apdev)
File "/home/mtheil/hostap/tests/hwsim/test_pmksa_cache.py", line 356, in test_pmksa_cache_expiration
hapd.wait_ptkinitdone(dev[0].own_addr())
File "/home/mtheil/hostap/tests/hwsim/hostapd.py", line 282, in wait_ptkinitdone
os.sleep(0.1)
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
The digestmod argument also exists in earlier Python versions,
version 3.8 does not set a default argument anymore.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
This tests an error, where the p2p_long_listen information from the
wrong device was used internally in wpa_supplicant when using the
separate P2P Device interface.
Signed-off-by: Benjamin Berg <bberg@redhat.com>
This functionality has been available in mac80211_hwsim for years, so
there is no need to maintain this old workaround.
Signed-off-by: Jouni Malinen <j@w1.fi>
sae_pwe=1 could be left configured when exiting this test case since
sigma_dut does not guarantee the default value to be restored. This
could result in test case failures, e.g., in the following sequence:
sigma_dut_sae_h2e_rsnxe_mismatch sae_pwe_h2e_only_ap_sta_forcing_loop
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like this test case can start showing failures with a change in
the retransmission limit behavior for a server change. Check for
retransmissions every second instead of only at the end of the four
second wait to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 407879b690ba ("mac80211: Adjust SAE authentication timeout") in
the kernel tree increased the SAE authentication timeout. This caused
some error case tests to fail. To fix this, extend the timeout for some
error case tests.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This NS seems to go out from the AP interface every now and then and it
makes proxyarp_open_ebtables_ipv6 fails inconveniently often. That frame
should not really be there, but it's not clear what exactly is needed to
stop it going through. It does not come from the test operations
themselves, so ignore it for now to keep test results cleaner.
Signed-off-by: Jouni Malinen <j@w1.fi>
Explicitly clear cfg80211 scan cache to avoid issues from scan results
from previous test cases interfering with INTERWORKING_CONNECT
operation.
Signed-off-by: Jouni Malinen <j@w1.fi>
This removes dependency on tcpdump by using an already included test
tool for capturing frames with Ethernet headers. There were some issues
in getting tcpdump working on Ubuntu 19.10, so this seems to be a clean
way of addressing that.
Signed-off-by: Jouni Malinen <j@w1.fi>
Flush cfg80211 scan cache explicitly when running this test case to
avoid issues with the ROAM command not working due to a scan result from
an earlier test case. This was causing failures in the following test
case sequence:
rrm_beacon_req_active_ap_channels rrm_reassociation
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to generate these OCSP responses for every single test
session. Generate these more dynamically if a test case that uses these
files is executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to generate this OCSP response for every single test
session. Generate this more dynamically if the test case that uses the
particular file is executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some of the error paths in go_neg_pbc() and go_neg_pin() did not wait
for the helper thread to complete processing. This could result in
unexpected behavior when the test case could have exited while the
thread was still performing tasks for the GO Negotiation. This could
result in getting stuck in one of the following test cases with
"go_neg_init_pbc thread caught an exception from p2p_go_neg_init: Group
formation timed out" showing up in the log.
This was hit, e.g., with the following test sequence:
no_go_freq p2p_channel_drv_pref_autogo
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of the loop that was polling for things to do every 0.25
seconds and instead, reacts to any data from VMs as soon as it becomes
available. This avoids unnecessary operations when no new data is
available and avoids unnecessary waits when new data becomes available
more quickly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to enter the PTKINITDONE state before checking
connectivity. This is needed to avoid a race condition with UML
time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is more efficient since we can now start only the necessary number
of VMs instead of always forcing all VMs to start with one second delay.
This can also control the starting delay by keeping at most two VMs
starting at a time instead of using the hardcoded one second wait for
each consecutive VM.
Signed-off-by: Jouni Malinen <j@w1.fi>
For some reason, running tshark in the test cases can take significant
time especially with UML time-travel. Optimize this by reducing the
number of times tshark needs to be executed in the loop.
Signed-off-by: Jouni Malinen <j@w1.fi>
The wlan_mgt to wlan renaming is already included in most recent tshark
versions, so replace the backwards compatibility option to prefer the
new version so that current versions do not need to take the performance
hit.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like these test cases can fail with the new "Undefined
secondary channel: drop OBSS scan results" case. Add more checks to
determine if something is wrong with the connection.
In addition, force clearing of the cfg80211 scan cache on the main AP
interface so that a scan result from a previous test case cannot prevent
40 MHz channel bandwidth from being used. This could apparently happen
in the following test case sequence:
ap_ht40_scan_conflict obss_scan
Signed-off-by: Jouni Malinen <j@w1.fi>
These were doing practically the same thing, so get rid of the external
helper function and standardize on using hapd.wait_sta().
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to indicate connection before disconnecting from the
station side. This avoids a race condition especially with UML
time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to report completion of the connection before going
through the disconnection and reconnection steps to avoid a race
condition especially with UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to report connection completion before performing
connectivity test to avoid race conditions especially with UML
time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
The RECONNECT command on the station was issued immediately after
wpa_supplicant had processed EAPOL-Key msg 3/4. This could happen before
hostapd has processed EAPOL-Key msg 4/4 and especially with UML
time-travel, this could result in the following FT protocol exchange
going through in a manner that makes the hostapd process EAPOL-Key msg
4/4 from the first association as a postponed EAPOL RX at the beginning
of the second association. Avoid this by waiting hostapd to report
completion of the connection before issuing RECONNECT.
Signed-off-by: Jouni Malinen <j@w1.fi>
This PMKID replacement case is not going to prevent connection after a
change in wpa_insert_pmkid() so remove it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Data connectivity test could have been started in the middle of 4-way
handshake. This test case needs to wait for two STA connections before
starting the connectivity test since the first one is only for the
provisioning step.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous waits were matching both DPP-TX and DPP-TX-STATUS and if
the latter event was received, the test cases would either report
failure or would not really test what was supposed to be verified. Fix
this by waiting explicitly for "DPP-TX " to avoid matching
"DPP-TX-STATUS" prefix.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait STA connection to be completed in hostapd before testing
connectivity. This avoids a possible race condition that could be hit
especially when testing with UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
openssl engines may dynamically load external libraries. Our event_*()
functions happen to be named very generically, such that event_add()
collides with the libevent library (https://libevent.org/). This can
have disastrous effects (esp. when using CONFIG_WPA_TRACE, which enables
partial linking) when our SSL engines call into the WPS event_add()
instead of their intended libevent event_add().
Resolve this by providing a more unique prefix to these functions.
Rename performed via:
sed -i -E \
's:\<event_(add|delete_all|send_all_later|send_stop_all)\>:wps_upnp_event_\1:g' \
$(git grep -l event_)
Tested via (among other things) hwsim '-f ap_wps' module.
Signed-off-by: Brian Norris <briannorris@chromium.org>
The 127.0.0.11/24 address that could have been left on the wlan0
interface resulted in some test case sequence failures. Fix this by
explicitly clearing that address when terminating sigma_dut.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
start_sigma_dut() can raise an exception and as such, assigning a
variable to its return value within a try block does not work in this
manner when the result is supposed to be used in the finally statement.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The second round may use PMKSA caching, but AP will need to reject msg
2/4 in that case as well due to RSNXE mismatch.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
sigma_dut does not clear sae_pwe value when the command line argument
"-2" is used, so we need to explicitly clear this from wpa_supplicant at
the end of the test case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous description of wmediumd_scan_only_one used multiple lines
and that resulted in parallel-vm.py miscounting total number of test
cases. Fix that by getting rid of the newlines from the description.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that parallel-vm.py is actually stopping VMs as soon as they are not
needed for retries, it is not really an unexpected exit to see a VM exit
while test cases remain in the queue as long as at least that many VMs
remain running. Get rid of confusing 'unexpected exit' status from the
UI in such cases.
Fixes: 4aaddecdd8 ("tests: Handle test retries through the same queue")
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that wpa_supplicant was modified to use NAI realm query even if
roaming_consortium is set, this test case is actually able to find a
match. Update it to avoid cause incorrect test failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There was a bug in wmediumd in that it didn't set the
frequency of frames, and thus they were always received
by mac80211_hwsim, regardless of channel it was on.
Add two tests that verify we only find a single instance
of an AP if we only have that one, and run this both with
and without wmediumd.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Avoid race conditions in completing mesh group removal/re-addition steps
and starting connectivity check. It seemed to be possible to get to the
connectivity test in some cases before the mesh STA had rejoined the
mesh and completed key configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is in preparation of an implementation to to remove the alternative
SSWU path that was needed only for this particular group.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These test cases were all using group 21 even though they were supposed
to go through all the possible groups.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It looks like the wpa_auth_get_seqnum() function might not always be
visible in the backtrace since the compiler may optimize that wrapper
away. Use the i802_get_seqnum() function instead as a trigger for the
get_seqnum operation failure trigger to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to be able to compare the received RSNXE to a protected
version in EAPOL-Key msg 2/4.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify behavior with sae_pwe configuration values 0..2, i.e., test the
new hash-to-element mechanism for deriving PWE and negotiation for which
method to use.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This verifies mac80211 behavior for Layer 2 Update frame use and other
unexpected frames from a not fully authentication station.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait hostapd to complete key setup before asking it to send a frame that
may need PMF. This is needed especially with UML time-travel.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This looked like a copy-paste error in the event message check and once
that was fixed, couple of test cases needed fixes to expect a success
from the Configurator.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
IEEE Std 802.11F-2003 was withdrawn in 2006 and as such it has not been
maintained nor is there any expectation of the withdrawn trial-use
recommended practice to be maintained in the future. Furthermore,
implementation of IAPP in hostapd was not complete, i.e., only parts of
the recommended practice were included. The main item of some real use
long time ago was the Layer 2 Update frame to update bridges when a STA
roams within an ESS, but that functionality has, in practice, been moved
to kernel drivers to provide better integration with the networking
stack.
Signed-off-by: Jouni Malinen <j@w1.fi>
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.
Signed-off-by: Jouni Malinen <j@w1.fi>
The hostapd side operations and data connectivity test were executed
without explicitly waiting for hostapd to report connection as having
been completed. This could result in trying to transmit data before
EAPOL-Key msg 4/4 was processed especially when using UML time-travel.
Make this more robust by waiting for hostapd to be ready before the data
test.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was failing if wlantest was able to decrypt the CCMP
protected frames. Fix the tshark filter string to include only the
actually encrypted frames for PN comparison.
Signed-off-by: Jouni Malinen <j@w1.fi>
These were moved from test_sae.py to utils.py, so import them from the
correct location instead of through test_sae.py that imports them from
utils.py.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to report completion of connection so that the WNM
Notification Request frame does not get sent before the AP has processed
EAPOL-Key msg 4/4 and configured the TK. This could result in a race
condition especially when testing using UML with time-travel.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed with the increased maximum EAP round limit since the
server side sends out longer messages in this exchange and that prevent
the short message limit from being reached.
Signed-off-by: Jouni Malinen <j@w1.fi>
This cleans up coding style of the EAP implementation by avoiding
typedef of an enum hiding the type of the variables.
Signed-off-by: Jouni Malinen <j@w1.fi>
In addition, update the generation script to allow convenient update of
the server and user certificates without having to generate new keys.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The wlan.mesh.config doesn't have to be the last element of beacon. Things
like VHT or HE oper/cap are usually follow the mesh configuration element.
The workaround must first get the position of a correct reference value in
wlan.mesh.config (ps_protocol) and then calculate the correct
wlan.mesh.config.cap offset based on that.
Reported-by: Johannes Berg <johannes@sipsolutions.net>
Fixes: 2cbaf0de22 ("tests: Work around tshark bug in wpas_mesh_max_peering")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
It was clearly too easy to get unexpected behavior by accidentially
passing in a string instead of a list of strings to these functions, so
enforce the correct type to notice such issues automatically.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wait_event() expects a list of events instead of a single event name.
The previous implementation of wait_sta() did not really wait for
AP-STA-CONNECT; instead, it returned the next event from hostapd
regardless of what that event was.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The AP side may not have had enough time to configure the new TK into
the driver if the connectivity test is started immediately after the
station side event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.
Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.
Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.
Signed-off-by: Jouni Malinen <j@w1.fi>
This helps in avoiding issues with another test case trying to bind to
the same UDP port and failing due to the previous use by pyrad still
being open. This showed up with failures in radius_ipv6 when it followed
a test case like eap_proto_tls with suitable set of test cases between
them.
Signed-off-by: Jouni Malinen <j@w1.fi>
Test case sequence "persistent_group_channel scan_bss_expiration_count"
was failing with UML when using time travel. This seemed to be because
there was no explicit wait to confirm that the AP has been fully
disabled before running the next scan. Work around this by verifying
that hostapd has terminated the BSS and waiting a bit after that before
proceeding.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
ap_vht160_no_dfs fails with this message:
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wep_ht_vht fails with this message:
---------------
wlan0: Country code not reset back to 00: is SE
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_wps_conf_5ghz fails with this message:
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_vht160 fails with this message:
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_vht40 fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_vht fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_5ghz_40mhz fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_5ghz fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
rrm_beacon_req_passive_scan_vht fails with this message:
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
hostap commit 91b6eba773
'Move MAC address randomization enable/disable to helper functions'.
wireless-testing commit 66c112cbd1d44d05322bb4eef908c82a68adbb5e
tag: wt-2019-06-26.
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This removes the separate rerun step from the parallel-vm.py processing
and instead, simply requeues the failed test cases into the same queue
that is used for the initial run. This is simpler and more efficient
since reruns start as soon as any VM is ready for processing them
instead of having to wait for all VMs to complete the first round.
Furthermore, this allows VMs to be stopped sooner when no more test
cases remain and that is helpful especially with the time travel patches
that make the wait-for-next-test step in the VM use all available CPU.
Signed-off-by: Jouni Malinen <j@w1.fi>
Enable all supported groups in the existing ap_wpa2_eap_pwd_groups and
ap_wpa2_eap_pwd_invalid_group test cases to maintain current testing
functionality once wpa_supplicant is modified to use a different default
for the enabled groups.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Test names can now use wildcard in the end (e.g., ap_wpa2_psk*) to match
all test cases with the specified prefix.
Signed-off-by: Jouni Malinen <j@w1.fi>
scan_dfs fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_go_move_scm_peer_does_not_support fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_channel_5ghz_165_169_us fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_channel_5ghz_only fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
autogo_ht_vht fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
p2p_autogo_pref_chan_not_in_regulatory fails with this message.
---------------
wlan0: Country code not reset back to 00: is SE
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_to_24g_ht fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_40_fallback_to_20 fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_tkip fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
prefer_vht40 fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_csa fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80plus80_invalid fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht160_no_ht40 fails with this message.
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_40 fails with this message.
---------------
wlan0: Country code not reset back to 00: is DE
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_20 fails with this message.
---------------
wlan0: Country code not reset back to 00: is DE
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_invalid2 fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80_invalid fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_wifi_generation fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80 fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_wps_conf_chan14 fails with this message.
---------------
wlan0: Country code not reset back to 00: is JP
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_acs_vht160_scan_disable fails with this message.
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
rrm_beacon_req_passive_scan_vht160 fails with this message.
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
rrm_beacon_req_table_vht fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_ht40_5ghz_disabled_sec fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_ht40_5ghz_invalid_pair fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_force_2ghz fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_force_5ghz fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_no_auth_passive fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_no_auth fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta_no_probe_resp fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_track_sta fails with this message.
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
nfc_wps_handover_chan14 fails with this message.
---------------
wlan0: Country code not reset back to 00: is JP
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_use_sta_nsts fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht_capab_not_supported fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
ap_vht80c/d fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
dfs_radar2 fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Matching with roaming_consortium requires EAP type to be specified to
work for the connection. This test case was not really testing the
connection part, so this has not been much of an issue in the past, but
in preparation for the matching rules to start filtering out invalid
credential configurations from selection, the EAP type needs to be
explicitly set here.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
src/*/Makefile needs to allow additional CFLAGS values to be provided
from the calling Makefiles so that the clang command line arguments to
enable sanitizers consistently. In addition, it can be useful to be able
to provide CC, CFLAGS, and LDFLAGS from external setup while still
requesing LIBFUZZER=y build. Allow that by not overriding these
variables if they are already set.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This struct needs to remain valid through the lifetime of the
authenticator state machine, so move it to the context struct instead of
being a local stack variable inside the setup function that returns
before the actual test functionality is executed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Looks like the previous fix for a newer OpenSSL versions broke
functionality with older versions that did not seem to like @SECLEVEL=0
in the cipher list. Make that addition conditional on OpenSSL version to
work with both versions.
Fixes: e87e6f609b ("tests: Fix EAP-FAST protocol testing with newer OpenSSL and pyOpenSSL")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpas_ap_async_fail fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
nfc_wps_handover_5ghz fails with this message.
---------------
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
dfs_cac_restart_on_enable fails with this message.
---------------
START dfs_cac_restart_on_enable 1/1
wlan0: Country code not reset back to 00: is FI
wlan0: Country code cleared back to 00
FAIL dfs_cac_restart_on_enable 3.037694 2019-05-28 01:35:07.548390
failed tests: dfs_cac_restart_on_enable
---------------
This patch fixes the false negative.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is a newer version of tests/wnm-fuzzer tool as the initial step in
creating a more uniform set of fuzzing tools that can be used with both
libFuzzer and afl-fuzz.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the previously used sleep time was not sufficient to allow
capturing the frames from wlan0/wlan1/wlan2 to start and complete so
that all the necessary frames can be checked. This was the case
especially with UML time-travel=inf-cpu.
Signed-off-by: Jouni Malinen <j@w1.fi>
Recent regdb enabled UNII 3 in Finland. Change the
mbo_supp_oper_classes_fi test accordingly to accept either the previous
or the current value to be reported.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
It is fine for the station to associate with either AP in this test
case, so do not force AP side connection check with apdev[0].
Signed-off-by: Jouni Malinen <j@w1.fi>
When the serial ports are set into raw mode on stdio (fd:0,fd:1)
then Ctrl-C is sort of passed through, but not effective. Request
non-raw mode to avoid that and let us cancel test execution with
Ctrl-C properly (both in parallel-vm.py and vm-run.sh cases).
Note that this requires a currently out-of-tree patch, but so
does the virtual time. If the patch is not applied, the command
line argument is ignored.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
time-travel=inf-cpu needs bit more wait before being able to fetch the
STATUS* items after initial connection request.
Signed-off-by: Jouni Malinen <j@w1.fi>
Waiting for exactly one second for a one second timeout with
time-travel=inf-cpu is not exactly robust, so increase that wait to be
able to see the last EAPOL-Key TX attempt from hostapd.
Signed-off-by: Jouni Malinen <j@w1.fi>
Busy loop for waiting is not going to work with time-travel=inf-cpu, so
need to something a bit more explicit to wait for the wpa_supplicant
process to proceed while not fully breaking the idea of this test case
to iteration through large number of STATUS-VERBOSE commands to hit
different states.
Signed-off-by: Jouni Malinen <j@w1.fi>
The sae_groups parameter needs to be cleared before attempt a SAE
connection in a test case to avoid issues with this parameter having
been left to something else than the default one by a previous test
case. This was found with the following sequence:
sae_pwe_failure dpp_auto_connect_legacy_psk_sae_1
Signed-off-by: Jouni Malinen <j@w1.fi>
The earlier change from using apdev[1] to using a no-interface
ifname=as-erp in the ERP related test cases ended up leaving the
separate authentication server interface running after the end of the
test case. This left UDP port 18128 open and any consecutive test case
needing this port failed to start another authentication server.
This can be reproduced with following test case sequence:
fils_auth_gtk_rekey authsrv_unknown_user
Fixes: e374def207 ("tests: Start ERP authentication server without AP")
Signed-off-by: Jouni Malinen <j@w1.fi>
This fuzzing wrapper does not go through full hostapd_clean_iface() call
to free memory, so call ap_list_deinit() to avoid reporting memory leaks
from added AP list entries. This case could not be hit with
hostapd/wpa_supplicant since they perform full interface deinit on
interface removal.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14928
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Couple of the callback functions had changed their prototypes and
p2p-fuzzer compilation resulted in a warning and not returning
*scheduled from the send_action() callback. This was reported as
use-of-uninitialized-value which was not really possible with
wpa_supplicant since the issue was only in the fuzzing wrapper.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14924
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Avoid a memory leak in fuzzer tests by calling wnm_deallocate_memory()
before exiting since this fuzzing wrapper does not use full
wpa_supplicant_cleanup().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There is no actual need for running the authentication server with
driver=nl80211, so simplify this by using driver=none instead. This
frees up apdev[1] for actual AP needs in the test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This speeds up test execution significantly by removing unnecessary
waiting for things to happen since the kernel log is allowed to jump
forward whenever there is nothing to do.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case was failing frequently due to the station not being able
to connect back to the AP if the interrupted channel switch ended up
moving the AP to the new channel anyway on restart. Scan both possible
channels to allow the AP to be found in either case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows UML builds to be used in running user mode without having to
run the full x86 kernel in virtual machine.
Signed-off-by: Jouni Malinen <j@w1.fi>
The change to use a shared dragonfly_generate_scalar() helper function
resulted in failures in sae_no_random and sae_bignum_failure test cases
due to renamed functions and removed uses.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The change to use shared dragonfly_get_random_qr_qnr() and
dragonfly_get_rand_1_to_p_1() helper functions resulted in failures in
sae_no_random and sae_bignum_failure test cases due to renamed functions
and removed uses.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.
Signed-off-by: Jouni Malinen <j@w1.fi>
dbus_p2p_go_neg_init, dbus_p2p_group_idle_timeout, and
dbus_p2p_group_termination_by_go could end up print a "DETACH failed"
exception as a warning from WpaSupplicant.__del__ for the dev1 instance
used within the TestDbusP2p class. This did not cause the test cases to
fail, but the output is a bit confusing, so clean this up be explicitly
closing the control interface monitor sockets and furthermore by
ignoring the "DETACH failed" exception within __del__.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is in preparation of disallowing all use of these groups. Negative
test case for the groups will be added in a separate commit after the
implementation has been changed.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the scan operation could end up reverting regdom back to
the previously configured one, so configure 00 country before starting
the disconnect-and-stop-scan operation to give some more time for the
regdom to be cleared.
Signed-off-by: Jouni Malinen <j@w1.fi>
The last beacon report indication was set in all the beacon report
elements in the last frame of the beacon report, while it should be set
only in the last beacon report element of the last frame. This is now
fixed in wpa_supplicant, so update the test case expectation to match
the fixed behavior.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The change to python3 broke trace-cmd recording, two
strings need to be bytes instead. Fix that.
Also add a flush() that seems to be needed now.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This makes it easier to test various X.509 certificate validation steps
with the server certificate being generated and signed using pyOpenSSL
dynamically.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
cfg80211 was modified to allow the Multiple BSSID Index element to be
included in the IEs for a nontransmitted BSS. Update the validation step
in this test case to allow that different with the IEs in the Beacon
frame (transmitted BSS).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Reduce testing dependency on the unsuitable groups so that a test case
against a production build would not fail the test case unnecessarily.
This is in preparation of making production builds
(CONFIG_TESTING_OPTIONS not defined) of wpa_supplicant hostapd disable
all DH groups that have been indicated as being unsuitable.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
FLUSH should be done on P2P device interface, otherwise the networks are
not removed. Fix that.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The separate dpp_bootstrap_gen() functions were merged into a single
one, so the test case needs a matching change to avoid failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Increase testing coverage by going through all six possible curves with
full provisioning of AP and STA and connection (which includes PFS with
DPP2).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case did not clear a possibly modified sae_groups value from a
prior test case for adev[2] and could fail if the previously set group
was not supported by the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases did not clear a possibly modified sae_groups value from
a prior test case and could fail if the previously set group was not
supported by the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case did not clear a possibly modified sae_groups value from a
prior test case and could fail if the previously set group was not
supported by the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a helper function to perform this common sequence to disconnect and
stop any possibly started reconnection attempt.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the ABORT_SCAN command succeeds, CTRL-EVENT-SCAN-RESULTS event is
delivered for the aborted scan. Following this with an immediate
flush_scan_cache() call can result in the first scan interpreting that
pending event as the completion and that results in trying to start
another scan while the first scan is still in progress.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to avoid leaving behind a ROC operation at the end of the
test case. This was found with the following test sequence:
p2p_ext_vendor_elem_invitation wifi_display_r2
Signed-off-by: Jouni Malinen <j@w1.fi>
Parsing of the DER encoded signature was unable to handle results that
were shorter than the prime. These need to be zero padded from left to
generate the correct value.
Signed-off-by: Jouni Malinen <j@w1.fi>
The long wait for the monitor socket events resulted in another socket
running out of TX buffer space. Split the wait into smaller segments and
clear the other socket in each iteration.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not leave all the event messages pending in the socket queue for the
full duration of the test case to avoid hitting the TX socket queue
limit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some of the test cases left behind attached control interface monitor
sockets that could result in hitting the wpa_supplicant socket TX queue
limit. Try to be a bit more careful about detaching and closing the
sockets to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
The "_ipv6" part of the file name was missing and this resulted in file
names that conflicted with the IPv4 test cases and could overwrite logs
for those.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It does not look like there would be two CTRL-EVENT-ASSOC-REJECT events
here, so only check the first one instead of requiring both to be
received with status_code=27. This test case could fail based on the
second connection attempt (due to that extra event wait) timing out.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Print a list of full paths to log files from failed test cases both the
parallel.log and stdout so that they can be easily opened for analysis.
In addition, renumber the VM lines in the <timestamp>-parallel.log to
match the i+1 numbering used in the log directories and UI that is
tracking test execution.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
One of the steps that expected failure due to PMKID mismatch did not
stop connection attempts. This could result in the following test step
failing due to the previous profile with peaplabel=1 getting used to
derive the MSK incorrectly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The wait_event() call for scan completion could have processed a
previously received event from a prior scan instead of the newly started
one. This could result in flush_scan_cache() assuming there are still
results in the cache even though the scan request to clear the cache had
not even be started yet.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use more readable "foo not in bar" construction for the couple of places
that did "not foo in bar".
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Prior cleanup broke the indentation here and made the addition of test
cases unreachable.
Fixes: 0663ae22ff ("tests: Do not use tabs for indentation")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new DPP Configuration Result message can result in a bit different
behavior at the end of the configuration exchange and some of the test
cases need more flexibility to work with that DPP2 behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
gas_address3 was set to 1 in this test case, but it was never cleared.
That can result in unexpected behavior in other test cases that dpeends
on gas_address3 being in its default value 0. Clear the parameter
explicitly to avoid this.
This resulted in an error in the following test sequence:
dpp_qr_code_auth_initiator_enrollee gas_anqp_address3_ap_forced
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There was a race condition on starting the flush_scan_cache() operations
if a scan happened to be in progress when the test case ended since the
ABORT_SCAN success case did not wait for the pending scan operation to
be completed. Wait for the scan completion event in addition to the
disconnection event if the ABORT_SCAN command is accepted.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
There was a race condition on starting the flush_scan_cache() operations
if a scan happened to be in progress when the test case ended since the
ABORT_SCAN success case did not wait for the pending scan operation to
be completed. Wait for the scan completion event in addition to the
disconnection event if the ABORT_SCAN command is accepted.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
These TDLS test cases missed Popen() result decode() calls in the
earlier python3 compatibility changes. Add those to make debug log more
readable.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Wait explicitly for the DPP-NOT-COMPATIBLE event when going through
protocol testing with local failures instead of just waiting for a fixed
0.1 second duration. This prevents a test failure at least in
dppauth_resp_status_failure in a case where the failing operation may be
delayed under heavy CPU load.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Test case sequence "ap_wps_ap_scan_2 ap_wps_pbc_2ap" resulted in a
failure due to a scan entry being left behind from the first test case
and the second one ending up using that obsolete result during WPS_PBC
processing. Fix this by clearing the scan results explicitly on dev5.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Accept a smaller number of token responses in second round to avoid
failing this test case as frequently.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The configurated fragmentation/RTS threshold value survives AP mode
interface restarts, so these values need to be explicitly cleared back
to default (disabled). This fixes an issue where some test cases could
not work correctly if fragmentation on the interface was enabled. For
example, this combination used to fail:
ap_fragmentation_open ap_hs20_fetch_osu
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The first scan for the unknown BSSID could have been timed in a manner
that allows passive scanning to find the real AP even if that AP's
beacon interval was 1000 (e.g., heavy CPU load changed timing so that
the AP beaconing started at suitable time). The check for BSS result
entry not including Probe Response frame was comparing incorrect BSS
entries (bss2 vs. bss1) which resulted in the test case claiming failure
even when there was no unexpected Probe Response frame.
Fix this by comparing the beacon_ie and ie parameters from the same BSS
entry (bss1).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Number of these test cases start connection attempt in wpa_supplicant
and then expected a specific failure to happen relatively quickly. This
could result in timeouts if the first scanning round missed to find the
AP (e.g., due to CPU load pushing out the Probe Response frame long
enough for the station having left the channel) and wpa_supplicant then
waiting five seconds before starting a new scan.
Make this more robust by scanning explicitly for the specific BSSID
before starting the connection attempt.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This old interface has been obsoleted and should not have been used
since 2010, so remove testing for it in preparation to dropping the
interface completely from wpa_supplicant.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
No need to duplicate this functionality when all the ap_ft_pmf_*_over_ds
test cases are doing practically the same thing and the
no-specific-cipher-configuration case can be addressed easily with the
same helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
The main step of the test case was accidentally removed when adding the
cipher specific versions.
Fixes: ffcaca68d3 ("tests: FT with different BIP algorithms")
Signed-off-by: Jouni Malinen <j@w1.fi>
Configure the sae_groups parameter for hostapd explicitly in preparation
for the default value change in the implementation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Configure the sae_groups parameter for hostapd explicitly in preparation
for the default value change in the implementation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Avoid an invalid failure case due to scan results being left behind from
connect_cmd_bssid_hint when executing connect_cmd_reject_assoc by
explicitly clearing the scan results from dev5. This fixes an error case
that happened with the following test case sequence:
connect_cmd_bssid_hint connect_cmd_reject_assoc
Signed-off-by: Jouni Malinen <j@w1.fi>
The wpas (dev5) control interface socket did not always get cleared in
the MACsec test cases and this could result in issues with following
test cases if the dev5 message queue hit the maximum limit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that the backhaul STA Multi-AP association is not rejected anymore
by the AP, update the test case to expect disconnection to be triggered
by the STA.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
With just one additional argument, the run_multi_ap_association()
function can be used for all tests.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This seems to be needed when using python3 in VM for the ssid_utf8 test
case debug prints from the control interface requests. This breaks
python2 support for the same logging entries, but there does not seem to
be any easy way of addressing this in a manner that works for both
python versions, so move ahead with the python3-only support from now
on.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case was failing pretty frequently due to an issue in being
able to send out the Provision Discovery Response frame on the operating
channel. Now that wpa_supplicant has a fix for that issue, modify this
test case to hit this error condition every time. In addition, make sure
the possible exception from p2ps_exact_seek() does not get hidden with a
failing remove_group() call in the finally section.
Signed-off-by: Jouni Malinen <j@w1.fi>
Once mac80211 starts reporting the used Association Request frame IEs in
the association event, wpa_supplicant will update RSN supplicant IE
information based on that and that will make the AP reject EAPOL-Key msg
2/4 in this particular test scenario due to the hack of including two
RSN IEs in the Association Request frame. Accept this sequence as a
valid test execution in addition to the previously expected connection
to avoid reporting incorrect failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows unexpected cases to terminate parallel-vm.py without being
hidden by the exception handler.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Some of the WNM implementation expects configuration to be available
(e.g., ieee802_!1_rx_wnm_coloc_intf_req() dereferences wpa_s->conf), so
add a dummy configuration to allow the fuzzer tool to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add test-eapol program that can be used for fuzzing the EAPOL-Key
Supplicant and Authenticator implementations. This tool can write
Supplicant or Authenticator messages into a file as an initialization
step and for the fuzzing step, that file (with potential modifications)
can be used to replace the internally generated message contents.
The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the EAPOL-Key operations. This will
also make the implementation ignore Key MIC and AES keywrap errors to
allow processing of modified messages to continue further.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add test-tls program that can be used for fuzzing the internal TLS
client and server implementations. This tool can write client or server
messages into a file as an initialization step and for the fuzzing step,
that file (with potential modifications) can be used to replace the
internally generated message contents.
The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the TLS operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
The result of reading non blocked empty stream is different between
python2 and 3. The python2 sends "[Errno 11] Resource temporarily
unavailable" exception. The python3 could read "None" without
exception, so handle this "None" case as well.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
In recent Debian versions, ebtables is an alias managed by
the alternatives(8) mechanism. This means /usr/sbin/ebtables
is a symlink to /etc/alternatives/ebtables, which in turn
links to the real binary.
As we mount a tmpfs over /etc, we cannot access this.
Fix this by bind-mounting the real /etc to /tmp/etc and
adding a symlink from /etc/alternatives to this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Evidently this file must exist when running the sigma_dut
dependent tests, add it to .gitignore so it's not seen as
making the tree "unclean" when it is added manually.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
For tests, build the HS 2.0 OSU client (without browser to avoid
having webkit/curl dependencies).
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add a test that drops the authentication frame, so that
hostapd thinks the station is unknown, and then sends one
by itself, so the station thinks it's associated. This
tests mostly the kernel's capability to recover from this
scenario.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If telnetd is installed and --telnet <port> is passed on the
vm-run.sh command line, start a telnet server (directly connected
to bash, no login) inside the VM(s) to be able to look into them
when something is wrong. Use a user network in qemu with a single
host forward from the specified port for this, listening only on
'localhost'.
Please note that this provides unauthenticated access to the guest
system from anything that can open a TCP connection on the host system.
The guess system does have access to reading all files on the host that
the user account running kvm has access to (and even write access if the
default ROTAG ,readonly parameter is cleared). In other words, this
option should not be used on any multiuser systems where kvm is run
under user accounts that are not dedicated for testing purposes (i.e.,
do not have access to any files that should not be readable to
everyone).
This needs CONFIG_VIRTIO_NET=y in the guest kernel.
For parallel-vm.py, the --telnet argument specifies the base port
and each VM index (0, 1, ...) is added to it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Recently, qemu/seabios grew an annoying console/terminal reset,
which also causes my terminal to be left in a state where long
lines don't work well and less gets confused because of this.
Suppress this by suppressing all output from qemu before a new
magic string printed from inside.sh.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of relying on existing configuration (which may conflict
with other tests) and skipping otherwise, create a new radio with
two channels in this test and use it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of relying on existing configuration (which may conflict
with other tests) and skipping otherwise, create a new radio with
two channels in this test and use it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is needed to fix issues with dict iteration resulting in different
order of attributes when trying to calculate Message-Authenticator
externally to pyrad.
Signed-off-by: Jouni Malinen <j@w1.fi>
All other test cases seem to work, but radius_das_disconnect_time_window
is still failing due to incorrect authenticator or Message-Authenticator
in Disconnect-Request.
Signed-off-by: Jouni Malinen <j@w1.fi>
Sending UTF-8 encoded data to logger file is currently not working
properly, so create a separate binary file with a copy of
sigma_dut-ap.conf instead to work with both python2 and python3.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use struct.unpack() to get a list of int and then generate a list of
hexstr octets from it for ':'.join() to get consistent behavior for both
python2 and python3.
Signed-off-by: Jouni Malinen <j@w1.fi>
WPSAPHTTPServer class needs to explicitly decode the read value from
a bytes object to a str object.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Use ET.tostring() to avoid implicit bytes/str conversion issues within
ET implementation. Add XML declaration separately to match previous
behavior.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is needed for python3 since the two argument version of
str.translate() is not available for unicode. Furthermore, these cases
of delete colons from the string are simple enough for replace.
Signed-off-by: Jouni Malinen <j@w1.fi>
Only python3 warns to this bug.
TypeError: '>' not supported between instances of 'type' and 'int'
Exception: '>' not supported between instances of 'type' and 'int'
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Need to do this to avoid issues with following operations that assume
the output to be a str object.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Avoid implicit conversion errors when constructing bytes objects or
passing a str object to a function that needs a bytes object.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
The wpas_config_file_key_mgmt fails with this error if wpa_supplicant is
built without CONFIG_SUITEB192=y:
Exception: SET_NETWORK failed
Exception: SET_NETWORK failed
Skip the WPA-EAP-SUITE-B-192 case if it is not supported in
wpa_supplicant so that the rest of the key_mgmt test coverage is
included.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is needed in cases the hexlify() output is used to concatenate with
a string or used in string comparisons.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
This patch is made by using 2to3 command with some modifications.
$ find . -name *.py | xargs 2to3 -f imports -w -n
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
These were not used at all and caused unnecessary operations and in some
cases, compatibility issues with python3.
Signed-off-by: Jouni Malinen <j@w1.fi>
This code is identical to the wait_event() code, except for the
mon/global_mon instance. Create a _wait_event() function that
encapsulates this, and use it for both.
While at it, fix the bug in wait_global_event() where in the case
of not having a global_mon it always returns None.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is useful when running a test multiple times, looking at
log output etc. to not have to pick out the right directory
each and every time.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The wnm_sleep_mode_proto test case was already covering number of
invalid WNM-Sleep Mode Request frame cases, but it was missing the
shortest possible case with a missing Dialog Token field. Add that as a
regression test case for bounds checking in
ieee802_11_rx_wnmsleep_req().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Since 3bdc651a62, start.sh creates the logs/current symlink even if
LOGDIR was set in the environment, as is the case when using run-all.sh.
However, run-all.sh and start.sh use a separate 'date' invocation so the
resulting string may be different. Usually it is the same because the
two invocations immediately follow each other, *except* if run-all.sh
also does a build. In addition, if the user sets LOGDIR to something
else, the symlink is completely bogus.
Fix this by not relying on the 'date' invocation for creating the
symlink. Instead, use the basename of LOGDIR. To keep things consistent
with current behavior, only create the symlink if LOGDIR points to a
subdirectory of DIR/logs.
The following use cases now work reliably:
* run-all.sh with or without the -B option;
* manually calling start.sh followed by run-tests.py without setting
LOGDIR.
* manually calling start.sh with LOGDIR set to a subdirectory of logs
and calling run-tests.py without --logdir option (which makes it
default to logs/current).
* run-all.sh with LOGDIR set to a subdirectory of logs.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This is in preparation for an implementation change that results in this
unreachable server case not incrementing radiusAuthClientAccessRequests.
Signed-off-by: Jouni Malinen <j@w1.fi>
These checks were repeated in almost every test case, so use helper
functions to get rid of duplicated (copy-pasted) code.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add even more workarounds for cfg80211 regulatory state clearing since
these DFS test cases seem to be the most likely ones to fail due to
country=98 issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add even more workarounds for cfg80211 regulatory state clearing since
these DFS test cases seem to be the most likely ones to fail due to
country=98 issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add even more workarounds for cfg80211 regulatory state clearing since
these WNM test cases seem to be the most likely ones to fail due to
country=98 issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
In addition, add even more workarounds for cfg80211 regulatory state
clearing since this test case seems to be the most likely one to fail
due to country=98 issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a regression test case for FT-over-DS that got broken on
mac80211-based drivers when the extra key reinstallation checks were
added.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_ft_oom seemed to depend on undesired wpa_supplicant behavior of
trying to do FT protocol even without being ready for reassociation.
This is going to be fixed in wpa_supplicant which would make this test
case fail, so split it into separate test cases for each failure item to
be able to avoid incorrect test failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous roam() and roam_over_ds() checks would have ignored failing
association rejection if a consecutive attempt to connect succeeds
within the initial time limit. This can miss incorrect behavior, so
check explicitly for association rejection.
Signed-off-by: Jouni Malinen <j@w1.fi>
The number of direct allocation within wpa_supplicant_mesh_init()
has been reduced due to RSN init function is factored out.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Verify that the beacon report contains the last beacon report
indication subelement when requested in the beacon request.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when the frame body subelement causes the
measurement report element to exceed the maximum element size,
the beacon report is fragmented and the frame body fragment ID
subelement is added with the correct fragment number.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that not updating GTK (i.e., only update PTK) in the driver does
not break connectivity. This case is different after the check for
"already in-use GTK" and rejection of GTK reinstallation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use of country=00 (world roaming) seemed to not work anymore with the
current cfg80211 regulatory implementation since the existing channel is
left enabled when moving to country=00. Use a specific country code that
does enforce the selected channel from being used anymore to make this
test case pass again.
The change in cfg80211 behavior is from the kernel commit 113f3aaa81bd
("cfg80211: Prevent regulatory restore during STA disconnect in
concurrent interfaces").
Signed-off-by: Jouni Malinen <j@w1.fi>
With this command, RSSI signal can be controlled. Due to restrictions in
kernel, only values in the range of [-30, -50] can be used. The command
is implemented by changing the TX power.
Signed-off-by: Beni Lev <beni.lev@intel.com>
It was possible for the 5 GHz PKEX channels to be enabled, e.g., when
running "ap_ht40_csa2 dpp_pkex_no_responder" test sequence, and that
resulted in a failure in dpp_pkex_no_responder due to the unexpectedly
long wait needed for the DPP-FAIL event. Increase the wait time to allow
for 5 GHz PKEX channels to be probed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows more accurate logging of failures related to the cfg80211
country=98 (intersection) case. This version is trying to give some more
time to allow the country code to clear, but that does not seem to be
sufficient with the current cfg80211 implementation for country=98 (but
might be for other cases).
The additional check for country=98 at the beginning of each test case
is an attempt to force cfg80211 to restore world roaming state with a
new association and disconnection at the station side detected after the
AP side has already stopped. This is needed after the Linux kernel
commit 113f3aaa81bd ("cfg80211: Prevent regulatory restore during STA
disconnect in concurrent interfaces").
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to avoid leaving unexpected cfg80211 regulatory country
code in place at the point when a test case terminates.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the special value 0 was used to indicate no UDP checksum.
Replace that with the calculated checksum for more like use case.
Signed-off-by: Jouni Malinen <j@w1.fi>
The ap_open_tdls_vht* test cases could leave some pending regulatory
Beacon hints waiting to be cleared during the following test case. This
would result in a failure if the following test case expected specific
regdom event behavior. For example, this caused "ap_open_tdls_vht160
dbus_country" sequence to result in failure in dbus_country. Fix this by
using more robust sequence in clearing regdom state at the end of the
TDLS test cases that have the AP advertising a country code.
Signed-off-by: Jouni Malinen <j@w1.fi>
Not all driver interfaces provide driver status information with the
local address, so skip the override step if the field is not available.
This is needed, e.g., with macsec_linux.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a new test to check that the AP won't send frames to the client if
it tries to talk to itself.
Note that this fails until the relevant mac80211 patch is merged.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These test cases seemed to have copy-paste errors where
wait_enabled=False was forgotten even though there was no additional
steps checking the AP mode startup results. This did not break the
tests, but could have resulted in slowing them down if the STAs did not
find the AP in the first scan.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Linux kernel commit 113f3aaa81bd ("cfg80211: Prevent regulatory
restore during STA disconnect in concurrent interfaces") broke the
regulatory clearing attempt in many test cases since
cfg80211_is_all_idle() is now returning false due to the AP interface
being up and that results in the Country IE -based regulatory
information not getting cleared back to defaults.
Work around this by stopping the AP interface first so that when the
station interface receives the disconnection, there are no other active
interfaces in the system. In addition, wait for REGDOM event for the
Country IE hint after association to avoid disconnection before the
regulatory events have been fully processed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Linux kernel commit 113f3aaa81bd ("cfg80211: Prevent regulatory
restore during STA disconnect in concurrent interfaces") broke the
regulatory clearing attempt in this test case since
cfg80211_is_all_idle() is now returning false due to the AP interface
being up and that results in the Country IE -based regulatory
information not getting cleared back to defaults.
Work around this by stopping the AP interface first so that when the
station interface receives the disconnection, there are no other active
interfaces in the system. In addition, wait for REGDOM event for the
Country IE hint after association to avoid disconnection before the
regulatory events have been fully processed.
Signed-off-by: Jouni Malinen <j@w1.fi>
cfg80211 regulatory code gets into pretty inconvenient state if it needs
to intersect regulatory domain information from multiple regulations
(country=98). The existing mechanisms in the hwsim test cases are not
able to clear that up for the following test case and this can result in
large number of failures.
It looks like country=98 case is hit frequently in WNM test cases where
a station associates with an AP that advertises a specific country code
and that station is then asked to disconnect before the REGDOM events
have been received. Avoid this by waiting for the REGDOM events for the
init=COUNTRY_IE case before disconnecting.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This adds some minimal testing for Multi-BSS connection attempts. The
part for nontransmitted BSS is limited since hostapd/mac80211 does not
yet have sufficient support for Multi-BSS in AP mode.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Perform detailed tests with OCV enabled, for both the 4-way and group
key handshakes. These tests include establishing a working connection
with OCV enabled, assuring that a STA without OCV enabled can still
connect to a STA with OCV enabled (and vice versa), verifying that
invalid OCI elements get silently ignored, verifying that missing OCI
elements are reported, and so on.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
parallel-vm.py has obsoleted this a long time ago and there is no need
to maintain two scripts for doing more or less the same thing.
Signed-off-by: Jouni Malinen <j@w1.fi>
Now that hostapd starts mandating PMF for Hotspot 2.0 Release 2
association, this test case needs some more tweaks to work. Hardcode
Hotspot 2.0 Release 1 to be used and disable PMF explicitly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The Beacon loss event was not reported anymore, so remove that as an
unnecessary step in the test case. In addition, check the key_mgmt
values explicitly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to meet the Hotspot 2.0 Release 2 requirement for the
third station that is actually using RSN.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Match the implementation change to fix the test cases that verified a
specific Hotspot 2.0 release number indication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is a regression test case for a potential NULL pointer
dereferencing fixed in the previous commit.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This verifies that radio measurement capabilities are negotiated
correctly for the reassociation cases with and without FT.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no point in building this tarball in /tmp that is on the
ramdisk of the VM since it will go away when the VM exits.
Signed-off-by: Jouni Malinen <j@w1.fi>
The call to remove_group() may fail, in which case all following
cleanup is skipped. This may result in failing many tests since
cleanup did not complete successfully.
Fix this by calling remove_group() after other cleanup is done so
even it fails it will not affect the following tests.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Implement ECDSA signing functionality in the Python test script for
generating a valid signedConnector. This allows coverage of DPP config
object testing to be increased more easily.
Signed-off-by: Jouni Malinen <j@w1.fi>
Based on Jouni Malinen's [76055b4c6 "tests: D-Bus Get/Set Pmf"], modified
to use the correct "s" signature for the "Pmf" property.
Removed the negative test cases, because the synthesized property doens't
seem to do error checking upon being set.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
The hwsim's start.sh script spawns hostapd process using "sudo".
Since sudo forks a child process, $! holds the pid of sudo itself.
Fix that by storing the PID of the child process instead.
Since in VM "sudo" is replaced with a dummy script, pass an additional
argument to run-all.sh and start.sh scripts to indicate that they are
running inside a VM.
This is needed to fix ap_config_reload and ap_config_reload_file test
cases on some platforms where sudo is apparently not relaying the
signals properly.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In ap_acl_deny test, the AP doesn't send probe responses during scan due
to ACL reject. As the result, dev[0] might miss the AP's Beacon frame
because the dwell time is too short. Make the test more robust and
trigger passive scan, and by that increase the probability of hearing
the AP.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
The OSU Providers List includes two providers, so there should be two
OSU_METHOD values listed just like there was two OSU_SERVER_URI URLs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to allow sigma_dut to enable ap_isolate=1. In addition,
verify that the two associated STAs with RSN(EAP) and OSEN cannot
exchange frames between them.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
P2P related configuration should be done on a global control interface.
This way this test can be reused also when a dedicated P2P device
interface is used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
It looks like tshark parser was broken at some point for
wlan.mesh.config.cap which is now (tshark 2.6.3) pointing to incorrect
field (same as wlan.mesh.config.ps_protocol). This used to work with
tshark 2.2.6.
For now, assume the capability field ends up being the last octet of the
frame.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It looks like at least tshark 2.6.3 uses a different error message for
unknown display filter fields:
tshark: Neither "wlan_mgt.fixed.category_code" nor "4" are field or protocol names.
and a different status exit code (2 instead of 1).
Add a new handler for this combination to allow automatic wlan_mgt to
wlan conversion to happen.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test starts two identical APs and assumes a connection to the first
one, though it is not necessary true. Fix that by starting the second AP
only after the connection is established.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This test case had an error that hit an unexpected disconnection. Add an
explicit check to verify that this does not happen anymore.
Signed-off-by: Jouni Malinen <j@w1.fi>
The channel configuration in CHAN_SWITCH command was incorrect. This
resulted in switching to HT40+ channel, while announcing HT40- in the
secondary channel IE. This caused a disconnection after the channel
switch. Fix that.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Verify that PMF does not end up reporting unexpected status code 30
(temporary rejection; SA Query).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This verifies that wpa_supplicant and hostapd behave consistently with
PMKSA caching when Suite B AKMs end up deriving a new PMKID from each
4-way handshake.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is a regression test case for a memory leak on DPP_CONFIGURATOR_ADD
error path in dpp_keygen_configurator() when an unsupported curve is
specified.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that the automatically generated network profile is able to
connect to a non-FT network automatically after having used FT for the
first connection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that EAP-AKA' client rejects Challenge with an appended AT_KDF
and a modified AT_KDF value during KDF negotiation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Check that the @1@ macro gets replaced correctly both when in the middle
and when in the end of the URL template.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed with the modified hostapd implementation to fix the
ap_hs20_terms_and_conditions* test cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It is easier to understand the hostapd debug log here if each step is
noted there before starting the wpa_supplicant operation. In addition,
it looks safer to process all pending event messages between each step
to avoid running out of any buffer limits.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case verifies that wpa_supplicant is able to perform CSA to a
VHT80 channel when having to move the GO due to an avoid-frequencies
driver event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The implementation changes in hostapd FT error path handling in the
follow commit would result in ap_ft_ap_oom7 test case failing. This is
triggered partially by PMF protections and SA Query attempts, so it
looks like it is easier to split each failure case into a separate test
case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of "invalid value" tests started to fail now that mac80211_hwsim
actually accepts power save configuration. Fix these by running the same
command for more code coverage, but in a way that ignores the result of
the operation (succeeds with older kernel versions and fails with
newer).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
For testing purposes, enable TLS v1.3 in the authentication server so
that the protocol version can be controlled from wpa_supplicant side
more easily.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like OpenSSL 1.1.1 accepted the openssl_ciphers=FOO test
configuration or well, at least does not reject it like previous
versions did. For now, ignore this failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
RC4-SHA cipher case ended up allowing the handshake to be started just
to fail with "no ciphers available" when trying to generate ClientHello.
Fix this by handling an EAP failure case for the RC4-SHA test step with
OpenSSL 1.1.*.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that the AP initialization failure is reported back to
wpa_supplicant also when the initialization is complete in a callback.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
time.sleep() in run_roams() is required because the target AP sets the
key once the station was associated. There are races, when the station
processes the (Re)Association Response frame AND the test suite starts
FT_DS before the AP processes its local confirmation and thus
wpa_auth_sm_event(ASSOC_FT). Therefore, the ActionFrame will be lost, as
the AP driver is missing the key.
Since this is this speed is highly synthetic, wait a few milliseconds
before roaming back.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This is a regression test for a sequence where wpa_supplicant interface
MAC address is changed externally and the ifdown-ifup sequence is
processed only after the interface has already been set UP.
Signed-off-by: Jouni Malinen <j@w1.fi>
Test the hostapd venue_url configuration parameter. In addition, fix the
previous defined gas_anqp_venue_url test case to use correct encoding of
the Venue URL ANQP-element payload (URLs were missing and Venue Number
was off-by-one).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case uses EAP-MSCHAPv2 within the PEAP tunnel, so verify that
the build includes support for that before running the test.
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
Enable appropriate Suite B test cases with BoringSSL. Currently, this
means enabling only the 192-bit level ECDSA and ECDHE-RSA since
BoringSSL has removed support for DHE and there is no need to support
128-bit level ECDSA anymore.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
On Fedora 26, start.sh fails with these error messages.
Failed to connect to wpa_supplicant global interface: /tmp/wpas-wlan0 error: Permission denied
Failed to connect to wpa_supplicant global interface: /tmp/wpas-wlan0 error: Permission denied
...
This is because Fedora 26 uses "wheel" group as administrative group.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This is used in the tests, too, and was already covered by the build.sh
script, but not this README file.
Signed-off-by: Vasyl Vavrychuk <vvavrychuk@gmail.com>
Clear the model_name parameter back to the default (empty string) at the
beginning and the end of dbus_set_global_properties to avoid failures if
the test case is run multiple times.
Signed-off-by: Jouni Malinen <j@w1.fi>
Ignore any unexpected deviceLost event before the peer devices has been
discovered. This works around issues where the previous test case
terminates before the D-Bus events have been fully delivered. This could
happen, e.g., when running dbus_p2p_discovery twice in a row.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for the configuration exchange to complete before issuing the
DPP_STOP_LISTEN command to avoid confusing sequence of operation between
the ongoing and immediately following DPP exchanges.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Fix bssid2 value to make scanning more reliable for the second OWE BSS.
In addition, reorder the STA status checks to happen before the data
connectivity check to get more accurate failure reason into the log if
the test case fails.
Signed-off-by: Jouni Malinen <j@w1.fi>
Linux kernel commit c9491367b759 ("mac80211: always update the PM state
of a peer on MGMT / DATA frames") enforces the AP to check only
mgmt/data frames PM bit, and to update station's power save accordingly.
When sending only a PS-Poll (control frame) the AP will ignore the PM
bit. As the result, the partial virtual bitmap will not be updated, and
the test ap_open_disconnect_in_ps will fail on tshark check. Since the
test needs only the TIM to be updated, setting PS enabled will send NDP
that will signal that the station is sleeping. Sending PS-Poll to enable
power save is not correct, according to the following standard
statement: "A PS-Poll frame exchange does not necessarily result in an
Ack frame from the AP, so a non-AP STA cannot change power management
mode using a PS-Poll frame."
Signed-off-by: Adiel Aloni <adiel.aloni@intel.com>
This does not really work with mac80211_hwsim due to missing offload
support, but at least some minimal extra code coverage can be achieved.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it a bit clearer to see which parameters need to be modified
if the test vector needs to be recreated based on new values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that PMF can be marked required OWE networks and verify that a
station in transition mode can connect to an open network.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that unexpected 2048-bit RSA client certificate gets rejected by
the RADIUS server if the server is configured to use Suite B at 192-bit
level.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify that unexpected p256 client certificate gets rejected if the
server is configured to use Suite B at 192-bit level.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
PMF is supposed to be enabled automatically in sigma_dut, so remove
the explicit argument to do so from the commands.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
All SAE and OWE associations are expected to require PMF to be
negotiated, so enable or require PMF in AP and STA configurations
accordingly to match the new sigma_dut behavior.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
GnuTLS seems to require the intermediate CA certificate to be included
both in the ca_cert and client_cert file for the cases of server and
client certificates using different intermediate CA certificates. Use
the user_and_ica.pem file with GnuTLS builds and reorder the
certificates in that file to make this work with GnuTLS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check for unexpected connection to avoid timeout on TLS alert event if
the implementation does not check DH key size at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to ignore missing RX-ANQP event for the FILS Realm Info if
wpa_supplicant build does not include FILS support.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit b488a12948 ('Clear PMK length and
check for this when deriving PTK') started rejecting PTK derivation
based on PMK length. This reduced coverage from the eapol-fuzzer, so set
the default length when initializing the state machine in the fuzzer to
reach the previously used code paths.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for test/allocation failure for longer than the wait_fail_trigger()
default two seconds to allow DPP (in particular, PKEX) retransmission to
occur. This removes some issues where the previous wait was more or less
exactly the same duration as the retransmission interval and the first
Listen operation not always starting quickly enough to receive the first
frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
When executing ./start.sh with OpenSSL 1.1.0f, an OCSP operation fails.
Put "-sha256" ahead of "-serial" to fix this.
~# openssl version
OpenSSL 1.1.0f 25 May 2017
~# openssl ocsp -reqout /lkp/benchmarks/hwsim/tests/hwsim/logs/current/ocsp-req.der -issuer /lkp/benchmarks/hwsim/tests/hwsim/auth_serv/ca.pem -serial 0xD8D3E3A6CBE3CD12 -no_nonce -sha256
ocsp: Digest must be before -cert or -serial
ocsp: Use -help for summary.
~# openssl ocsp -reqout /lkp/benchmarks/hwsim/tests/hwsim/logs/current/ocsp-req.der -issuer /lkp/benchmarks/hwsim/tests/hwsim/auth_serv/ca.pem -sha256 -serial 0xD8D3E3A6CBE3CD12 -no_nonce
Signed-off-by: leishaoting <leist.fnst@cn.fujitsu.com>
src/crypto/libcrypto.a and src/tls/libtls.a have circular references
and will need special handling with the linker at least for the time
being. This could be cleaned up eventually, but for now, provide a
mechanism to get the program linked.
This was already done in tests/Makefile, but tests/eapol-fuzzer/Makefile
needs the same.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not include this argument in normal case, but add a test case to
cover the special extra check case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This test case is not really realistic and the second connection attempt
would fail if additional AES-based ciphers get provisioned. Work this
around by dropping to CCMP only if other ciphers are present.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to avoid false errors with GCMP-256 and CCMP-256 to be
added in the implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The kernel started enforcing attribute lengths, and nl80211.py had been
doing it all wrong - the padding must be present, but not part of the
length.
Fix it to do it the right way.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
These test cases were failing when run immediately after
dpp_pkex_test_fail. It looks like timing of the TX status and the short
eloop wait were getting reordered in this cases. This ended up with some
of the DPP-TX-STATUS event messages missing. Instead of explicitly
checking for those message, simply count the number of DPP-TX messages
to verify that the correct number of retries are being sent.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Fix problem when running ap_ft test cases with real HW using remote
tests and hwsim wrapper by using the newer hostapd.app_ap() API.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
These VHT160 with DFS cases were in a single test case to optimize test
execution time with parallel wait for the 60 second CAC. However, this
design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Signed-off-by: Jouni Malinen <j@w1.fi>
These DFS radar detection cases were in a single test case to optimize
test execution time with parallel wait for the 60 second CAC. However,
this design has become difficult to support with the kernel changes that
allow radar events to be shared between interfaces. To avoid need for
more workarounds here just for testing purposes, split this into two
test cases so that conflicting events from another interface do not
cause the test case to fail.
Signed-off-by: Jouni Malinen <j@w1.fi>
mac80211_hwsim module typically dumps a lot of details into the kernel
message buffer. While it's probably okay in a dedicated VM, it's way too
chatty in other setups.
The kernel allows fine-tuning logging via the dynamic debugging
facility. Let's enable all logging locations in the mac80211_hwsim
module so that we don't loose debugging output when the kernel adopts
the dynamic debug mechanism for the driver.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
hostapd implementation was changed to use a valid Status Code when
rejecting the connection. This test case was forgotten at the time, but
it needs a matching change to allow the new value (1 instead of 14).
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows mesh_sae_groups_invalid and
wpas_mesh_secure_sae_group_negotiation to be run with BoringSSL (group
25 not available anymore).
Signed-off-by: Jouni Malinen <j@w1.fi>
Use absolute path name for configuration file to ensure the file can be
succesfully reloaded and read on SIGHUP signal. This is needed when
running the test case on host (i.e., not using a VM).
Signed-off-by: Sriram R <srirrama@qti.qualcomm.com>
Change the test condition from "is OpenSSL 1.0.2" to "is not OpenSSL
1.0.1", so that the TLSv1.2 test step gets executed with OpenSSL 1.0.2
and 1.1 (and newer).
Signed-off-by: Jouni Malinen <j@w1.fi>
Recent versions of tshark/wireshark renamed these fields, deal
with that in the tshark wrapper code.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Beacon more frequently since Probe Request frames are practically ignored
in this test setup (ext_mgmt_frame_handled=1 on hostapd side) and
wpa_supplicant scans may end up getting ignored if no new results are
available due to the missing Probe Response frames.
Signed-off-by: Jouni Malinen <j@w1.fi>