Responder receives Authentication Request and Config Request in a
sequence and it is possible for the Config Request to be received before
MGMT_RX_PROCESS has been processed for Authentication Request in the
cases where the test script is in the middle of RX processing. This can
result in DPP-AUTH-SUCCESS being delivered only after the MGMT-RX event
for Config Reques which means that wait_auth_success() would lose that
MGMT-RX event.
Avoid this issue by caching the "extra" MGMT-RX event within
wait_auth_success() and having the caller verify if the Config Request
(GAS Initial Request) has already been received before waiting to
receive it.
This makes dpp_gas, dpp_gas_comeback_after_failure, and
dpp_gas_timeout_handling more robust.
Signed-off-by: Jouni Malinen <j@w1.fi>
connect_network() tried to make test log more readable with a
dump_monitor() call at the end of the function. However, this could end
up practically dropping an event that arrives more or less immediately
after CTRL-EVENT-CONNECTED. This could happen with UML time travel,
e.g., in suite_b_192_pmksa_caching_roam.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Since DPP listen is a radio work, it doesn't start immediately and
then we can end up missing whatever happens next in the test. Wait
for the radio work to start before continuing the test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Move testing to use the new Home OI parameters while maintaining a
couple of tests for the deprecated parameters.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
wpa_supplicant has support for only a single FT key hierarchy and as
such, cannot use more than a single mobility domain at a time. Do not
allow FT protocol to be started if there is a request to reassociate to
a different BSS within the same ESS if that BSS is in a different
mobility domain. This results in the initial mobility domain association
being used whenever moving to another mobility domain.
While it would be possible to add support for multiple FT key hierachies
and multiple mobility domains in theory, there does not yet seem to be
sufficient justification to add the complexity needed for that due to
limited, if any, deployment of such networks. As such, it is simplest to
just prevent these attempts for now and start with a clean initial
mobility domain association.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
It looks like some test cases could fail due to timeouts since the 10
second wait may not be sufficient to cover some cases where 6 GHz
channels get scanned. Increase the timeouts to avoid hitting such cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use imsi_privacy_cert as the name of the configuration parameter for the
X.509v3 certificate that contains the RSA public key needed for IMSI
privacy. The only allowed format for this information is a PEM-encoded
X.509 certificate, so the previous name was somewhat confusing.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add RSA public key (in an X.509v3 certificate) and private key for IMSI
privacy. These were generated with
openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes -days 7500 \
-keyout imsi-privacy-key.pem -out imsi-privacy-cert.pem
Test the case where wpa_supplicant side RSA-OAEP operation for IMSI
privacy is done in an external component while the hostapd (EAP server)
processing of the encrypted identity is internal.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This parameter has no impact to TLS client functionality, so these is
not really any point to maintain these test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
A test may want to check multicast connectivity independent of unicast
or check multicast without exercising unicast first. Factor out the
multicast connectivity check code into its own function.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
"finally" handler should not trigger a new exception when trying to
clear state for non-DPP builds. In addition, couple of checks for DPP
capability in the build were missing.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was clearly too easy to get unexpected behavior by accidentially
passing in a string instead of a list of strings to these functions, so
enforce the correct type to notice such issues automatically.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
