This group should not be used with SAE and as such, it could cause
confusing test errors here. Use an acceptable group instead.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
At least for the time being PKEXv2 needs CONFIG_DPP3=y to work in a
testable manner. Couple of the test cases did not cover this correctly
and resulted in failures (instead of skipping the tests) when the
default build configuration was used. Fix that by checking for DPP
version 3.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Before, we could loose some events because of pipe buffering. I saw this
problem when running "ubus listen" or "logread -f" and waiting some
specific events. After disabling buffering this works much better.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This parameter was added with the commit message indicating the valid
reason code values to be 1-5, but with the implementation allowed only
1. There are five defined reason code values for the Association
Disallowed attribute, so extend the allowed range to cover all those
values.
Fixes: fb9a1c3e28 ("hostapd: Add MBO IE to Beacon, Probe Response, Association Response")
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Add the "InterworkingSelect" method to the DBus API to trigger an
Interworking scan with ANQP fetches. When a BSS that matches a
configured credential is found, the result is emitted using the signal
"InterworkingAPAdded". Completion of the full InterworkingSelect
operation is indicated with the "InterworkingSelectDone" signal.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
Add "AddCred", "RemoveCred", and "RemoveAllCreds" methods to the D-Bus
API of the network interface to allow the caller to manipulate a set of
Interworking credentials similarly to the way this was enabled through
the control interface.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When checking DPP capabilities the Brainpool flag was not always set
when needed, leading to run a test with the Brainpool curves not
supported by BoringSSL.
Use a short form for the DER length of EC privateKey with NIST P-521
curve. Indeed BoringSSL returns an error when parsing DER sequence 30 81
50 ... because the length 81 50 could have been encoded as 50 and
according comment in BoringSSL:
ITU-T X.690 section 10.1 (DER length forms) requires encoding the
length with the minimum number of octets.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().
The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Move code of dpp_get_pubkey_point() to a crypto library specific
function crypto_ec_key_get_pubkey_point().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add a common well-known regulatory database to the test VMs during runs
to remove one thing to have correct in the host.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Replaced the word "sanity" with the inclusive word "validity". The
comment in acs_survey_interference_factor() was referring a function
that does not exist, so remove it instead of trying rename the function.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Using __del__ for any kind of cleanup is not a good idea
as it's not guaranteed to be called at any particular time,
it's only called whenever the next garbage collect cycle
kicks in.
Use a context manager instead, which basically removes the
need for the try/finally and fixes the reliance on __del__.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Couple of the PASN test cases did not verify whether the wpa_supplicant
build used in the test included PASN support.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case adds a new AP device (wlan0_ap) with iw and removes it in
the end. However, the hostapd interface for this netdev was only added,
but not removed at the end of the test case. This could result in
consecutive test cases getting confused with the extra interface, e.g.,
if running WPS configuration steps that get applied to all enabled
interfaces.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Need to wrap back to 0 when changing value 255 to avoid generating a too
large value to fit an octet field. This was resulting in errors due to a
python exception (likely for about every 256th run).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This limits the EAP-SIM and EAP-AKA tests to 100 test frames to avoid
undesired timeouts in automated fuzz testing. The real world uses are
limited to 50 rounds, so there is not really any point in trying with
thousands of frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move from RS to PA country code to allow these test cases to work since
regdb was updated to require DFS for these operating classes in RS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add minimal testing for airtime policy configuration. mac80211_hwsim
does not actually support this functionality, so this is just for
testing coverage of src/ap/airtime_policy.c.
Signed-off-by: Jouni Malinen <j@w1.fi>
Dump pending monitor interface messages between each roaming step to
make the test log easier to understand and hostapd wait for the new
connection more robust by ensuring that the processed event if for the
very last reassociation. It looks like at least ap_ft_vlan_over_ds_many
could fail due to the connectivity check being started before the final
roam had been completed on the AP side even though there was an explicit
hapd2ap.wait_sta() wait before the test.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
APs PMF capabilities can differ. wpa_supplicant should be able to
disable and enable MBO when roaming to and from a misbehaving MBO AP
that doesn't support PMF. Verify that this is indeed happening.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
gcc-10 seems to be inlining eap_eke_prf() and eap_eke_prfplus() which
breaks this test case due to a different backtrace being generated for
triggering the local failures. Point to the functions called by those
instead of these two functions to get this working with both gcc-9 and
gcc-10.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Hide /usr/share/wireshark from hostfs to prevent tshark from loading all
the data from there since that can take significant amount of time and
is not really needed for the test cases. In addition, set HOME to point
to local tmpfs to avoid unnecessary references through hostfs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Even though the STA in this test case does not actually use SAE, it
needs to recognize the "SAE H2E only "BSS membership selector.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to explicitly wait for hostapd to report STA connection before
starting the traffic test to avoid the potential race condition when
testing with UML and time travel mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
These could fail if a scan entry from a previous test case was still
present in the BSS table, e.g., by wpa_supplicant selecting the SSID
from that old entry instead of the new SSID. Try to avoid that by
explicitly flushing the scan results before starting these tests.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to close the WpaSupplicant instance on the extra radio before
returning from this test case since that interface is going to be
removed and WpaSupplicant.__del__() can time out on trying to detach the
monitor connection after that.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make it more difficult to miss issues that were previously only printed
out in /tmp/hwsim-test-logs/*-parallel.log. This covers things like
memory leaks and test script failures or forgotten development time
prints to stdout.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was missing an explicit CAPI ap_reset_default and that
could result in hostapd being left running at the end of the test case.
This could result in issues with following test cases if they used a new
radio interface from HWSimRadio().
Signed-off-by: Jouni Malinen <j@w1.fi>
Raising an exception while the wlan5 interface was remove (i.e., between
wpas.interface_remove() and .interface_add() calls) would result in the
cleanup code failing and generating yet another exception while the
first one was being processed. Work around this by re-adding the wlan5
interface back temporarily if the interface is not available for the
cleanup operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
These commands were being issues to incorrect wpa_supplicant instance
and were missing clearing of the MAC_RAND_SCAN parameter.
Signed-off-by: Jouni Malinen <j@w1.fi>
The iteration of WpaSupplicant instances used incorrect variable and
ended up cleaning up only the wlan5 interface. This left unexpected
setband parameter for wlan0/wlan1/wlan2 which could result in
consecutive test cases failing due to scan not finding the expected
BSSs.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for these test cases to fail if the first scan iteration
did not find the AP since the 10 second timeout was small enough to
terminate the second attempt before fetching the scan results. Increase
this timeout to allow at least two full scan iterations to be completed
before declaring failure.
Signed-off-by: Jouni Malinen <j@w1.fi>
These test cases use hidden SSIDs and left behind a BSS entry with no
SSID. That can cause issues for consecutive test cases where the BSSID
can be used as the key for finding a BSS entry. That could end up
picking the old hidden SSID BSS instead of the one that was meant to be
used in the test case.
Flush the scan cache at the end of the scan-ssid-list test cases to
reduce invalid test failures for the consecutive test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PASN_START command can fail if there is an old BSS entry for the
same BSSID from an earlier test case. Try to avoid this by flushing the
scan results before running these test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The isAlive() function is deprecated in newer versions of Python
so replace it with the is_alive() instead.
Signed-off-by: Oren Givon <oren.givon@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The function wpa_config_get_line() is used by the wpa_supplicant config
file parser to retrieve the next non-comment non-blank line. We'll need
the same kind of functionality to implement the file-based external
password backend, so as a preparatory step this commit extracts the
function into its own standalone file in the utils package.
No functional changes are expected from this commit.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Need to clear sae_groups parameter before using SAE in this test case to
avoid issues if previous test cases have left a specific group
configured.
Signed-off-by: Jouni Malinen <j@w1.fi>
This could fail in theory if running out of memory, so better check for
this explicitly instead of allowing the exchange to continue and fail
later due to checkcode mismatch.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add test cases that check preCAC, which is available for EU regulatory
domain. Also confirm that preCAC is not used for US.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Add option to:
- add a new AP on the same phy that the backhaul-sta uses
- run CSA from the parent
Adding a new AP (backhaul/fronthaul) on the same phy we have for
backhaul-sta is closer to the real repeater implementation.
Add a test case for that and run CSA.
This is a common problem when we have on the same phy:
- connected backhaul STA
- we started fronthaul/backhaul AP
- we receive (from parent) CSA on the STA interface
This is multi_ap_wps_shared_apdev_csa test case, which fails today with
both mac80211_hwsim and ath9k. To avoid always failing test cases,
ignore this failure for now. Full validation can be enabled once the
issue behind this is fixed.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Pass the backhaul parameters as a parameter. This is in preparation for
channel switch test for Multi AP.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This test first configure hostapd with an initial SSID
('test-wpa2-psk-start'). Then a new SSID is configured
('test-wpa2-psk-new') using SET and RELOAD. Next, a station is
associated using WPS, and the test verifies that the new SSID was served
to the station.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
cfg80211 may ignore user hints while there are active COUNTRY_IE hints,
thus at some timings it may ignore the country setting back to world
domain. Fix it by making sure the country is set only after all the
interfaces are stopped. In addition, call a more robust
clear_regdom_dev() function.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Test that if notify_mgmt_frames is enabled and a station connects we do
get AP-MGMT-FRAME-RECEIVED, and that it includes an Authentication
frame.
Also test that if notify_mgmt_frames is disabled, no Management frame is
sent on ctrl_iface when a station connects.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
The P2P group may be originally formed on UNII-3, so disabling UNII-1
and UNII-2 will not result in a channel switch failing the test.
Fix this by setting 44 as a preferred channel.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The test configures ft_r0_key_lifetime parameter, however ft_params
already contain the r0_key_lifetime. Since both options are accepted by
hostapd and set the same field, one of them gets overwritten.
As the dictionary enumeration order is not guaranteed in python, the
test may sporadically fail.
Fix that by explicitely removing the unneeded parameter.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Kernel commit 14486c82612a ("rfkill: add a reason to the HW rfkill
state") added an extra byte to the end of the rfkill events and that
confused the read loop here since python tried to buffer the results
from multiple read() calls into the local buffer that then delivered the
extra octets in consecutive events. Fix this by disabling buffering for
these reads.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Python enumerates dictionaries in an arbitrary order, thus the resulting
configuration file will have the parameters shuffled randomly. This may
cause the test to fail when, for example, auth_server_addr is placed
after auth_server_port. Fix this by enforcing some of the fields to be
placed before the others.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Commit 7b121af26a ("P2P: Delay P2P scan when an external scan is in
progress") added a new argument to p2p_scan_res_handled(), but did not
update this test tool. Fix this by using hardcoded value 0 for the new
delay argument.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Now that wpa_supplicant ignores the unexpected association event in
disconnected-not-trying-to-connect state, this test cases needs to be
modified to avoid incorrect failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The function name for adding frequency lists changed, so this test case
needs a matching change to avoid failures.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was broken in the kernel in mac80211 for a while, until commit
780a8c9efc65 ("mac80211: do not disable HE if HT is missing on 2.4 GHz")
fixed it.
Add a test for wifi generation on 2.4 GHz in addition to the 5 GHz one.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Allow to run local/remote process like:
- ubus listen
- logread -f
- tail -f
- wpa_cli
- hostapd_cli
And next wait for specific event(s).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Sweden now allows channel 149 in the updated wireless-regdb. Choose
Japan for the negative test instead.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Add a test which uses a DFS channel, waits for CAC afterwards successful
mesh join and then triggers a radar event and checks if the mesh comes
up again on the same device.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Update ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg to accept
upcoming change in the parsing validation step that catches the issue.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is in preparation for an implementation change that ends up
contradicting the operations enforced in this test case for mesh coex.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Use typecasting to match the base64_{encode,decode}() function prototype
for signed/unsigned char buffer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Even though these are not part of run-tests, it is simpler to just build
them like all other tests/test-* tools.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
tests/fuzzing/tls-{client,server} replaced this more than a year ago, so
get rid of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
tests/fuzzing/eapol-key-{auth,supp} replaced this more than a year ago,
so get rid of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
tests/fuzzing/eapol-supp replaced this more than a year ago, so get rid
of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
mesh_open_vht_160 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is ZA
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht_80p80 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht20 might fails with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_vht40 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_ht40 might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
wpas_mesh_open_5ghz might fail with this message:
---------------
wlan0: Country code not reset back to 00: is US
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
mesh_secure_ocv_mix_legacy might fail with this message:
---------------
wlan0: Country code not reset back to 00: is AZ
wlan0: Country code cleared back to 00
---------------
This patch fixes the issue.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
If the .config file is already identical, avoid copying it even if -f
was specified; this improves build time if nothing has changed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since the build artifacts are now landing in distinct directories, we
don't need to 'make clean' and save some rebuild time.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).
Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.
Note that due to the use of thin archives, this required
building with absolute paths.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This likely passes today (at least without ASAN), but without the next
commit, it trips up a use-after-free bug, which ASAN can catch.
So consider this a regression test.
Signed-off-by: Brian Norris <briannorris@chromium.org>
The blacklist design will be modified in the following commits and that
would result in this validation step based on the older implementation
starting to fail. Remove this check to avoid such testing failures.
Signed-off-by: Jouni Malinen <j@w1.fi>