Commit graph

4622 commits

Author SHA1 Message Date
Jouni Malinen
a7fdd58039 tests: Update capability checks to include OpenSSL 3.1 and 3.2
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-02 11:22:24 +02:00
Ilan Peer
50526415cb tests: Test GTK rekey in test_eht_mld_link_removal()
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-11-26 17:01:30 +02:00
Ilan Peer
782d897e3c tests: Verify link removal (MLO)
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-11-26 13:25:57 +02:00
Ilan Peer
2a6d094278 tests: Add validation of number of valid and active links for MLO
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-26 13:03:55 +02:00
Benjamin Berg
a5d5b63d61 tests: Allow specifying multiple failure locations
Having the ability to trigger multiple failures in one test can be
useful. Add support to the test infrastructure to do this.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-11-26 12:56:03 +02:00
Benjamin Berg
85c96b7cf7 tests: Fix some incorrect failure waiting calls
These were either sending the command to the wrong
hostapd/wpa_supplicant instance or using the wrong command. This
currently causes the wait to just immediately stop, but with future
commits it would start failing.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-11-26 11:26:50 +02:00
Benjamin Berg
6f2289b6b4 tests: Avoid exception string matching for failures
Future commits change the related code and exception string. Avoiding
using the context is easy here and actually avoids two layers of
nesting.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-11-26 11:24:00 +02:00
Andrei Otcheretianski
d64ec94140 AP MLD: Don't include AP MLD ID in Beacon frames
IEEE P802.11be/D4.0, 9.4.2.312.2.3 states that the AP MLD ID should only
be included in some ML probe responses. Beacon frames shouldn't include
AP MLD ID.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 18:50:03 +02:00
Johannes Berg
e4f1a48bd2 tests: Give some operations more time
With more channels now available in some regulatory domains, some scan
operations can take longer. Give them more time to complete in tests.

For two cases this required adding a timeout parameter to connect(),
which is then passed through.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-11-24 22:36:58 +02:00
Jouni Malinen
6374bd899c tests: MBSSID beacon protection
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-24 12:55:18 +02:00
Jouni Malinen
9ea6e2695d tests: MBSSID with a single SSID and different AKMs
Test functionality in cases where MBSSID is used with a WPA2-Personal
only BSS as the transmitted BSS and WPA3-Personal BSS as the
nontransmitted BSS.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-23 23:21:18 +02:00
Jouni Malinen
d883b25760 tests: OWE transition mode disabled on STA and AP using transition mode
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-23 20:43:04 +02:00
Benjamin Berg
1bd5e35b87 tests: Disable IPv6 in WNM keep-alive test
Otherwise the station or AP might be doing router advertisements,
causing keep alive already without the mechnism that is being tested.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-11-23 11:30:30 +02:00
Jouni Malinen
73e9261c5e tests: Suite B 192-bit level RSA failing (no CS match)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-22 19:42:06 +02:00
Jouni Malinen
86c0fbb6fb tests: WNM Disassociation Imminent and bssid set
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-11 23:44:04 +02:00
Jouni Malinen
cab5f5fa7a tests: OWE and BSS entries after multiple scans/associations
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-08 14:21:41 +02:00
Jouni Malinen
1af364e3ce tests: AP MLD and GTK rekeying with MLD client connection using two links
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-06 19:56:41 +02:00
Jouni Malinen
effe5bbff7 tests: Fix DPP test case skipping without CONFIG_DPP
dpp_config_legacy_gen_two_conf_psk and dpp_config_legacy_gen_two_conf
tried to set a DPP parameter before having verified that CONFIG_DPP was
used in the build.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-04 18:18:25 +02:00
Jouni Malinen
004f618613 tests: Wait before initiating DPP from thread in sigma_dut testing
Starting a thread to initiate DPP before starting the responder through
sigma_dut can result in unexpected testing behavior since there may not
be enough time to get the responder enabled before timing out som
initiator actions. Wait a second at the beginning of the initiator
thread in dpp_init_conf() similarly to how this was handled in other
initiator-from-thread cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-04 12:41:02 +02:00
Jouni Malinen
cefd959566 tests: Terminate sigma_dut more forcefully if needed
Wait for stdout/stderr in a more robust manner to avoid blocking the
pipes and kill the sigma_dut process if it fails to terminate cleanly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-04 12:31:23 +02:00
Jouni Malinen
8dd272fded tests: Avoid race condition in DPP GAS protocol testing
Responder receives Authentication Request and Config Request in a
sequence and it is possible for the Config Request to be received before
MGMT_RX_PROCESS has been processed for Authentication Request in the
cases where the test script is in the middle of RX processing. This can
result in DPP-AUTH-SUCCESS being delivered only after the MGMT-RX event
for Config Reques which means that wait_auth_success() would lose that
MGMT-RX event.

Avoid this issue by caching the "extra" MGMT-RX event within
wait_auth_success() and having the caller verify if the Config Request
(GAS Initial Request) has already been received before waiting to
receive it.

This makes dpp_gas, dpp_gas_comeback_after_failure, and
dpp_gas_timeout_handling more robust.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-04 11:33:15 +02:00
Jouni Malinen
7e9efc3cdf tests: Handle race condition in eap_proto_md5_server
UML time travel allows the deauthentication event to be processed more
quickly than the delivery of EAP-Success to the client through the test
script, so accept either sequence here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-04 09:53:58 +02:00
Jouni Malinen
69be335a5d tests: Do not dump pending monitor events after connection
connect_network() tried to make test log more readable with a
dump_monitor() call at the end of the function. However, this could end
up practically dropping an event that arrives more or less immediately
after CTRL-EVENT-CONNECTED. This could happen with UML time travel,
e.g., in suite_b_192_pmksa_caching_roam.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-03 22:59:33 +02:00
Jouni Malinen
7fbd391138 tests: ap_hs20_remediation_required_ctrl with UML time travel
Wait for hostapd connection event before issue HS20_WNM_NOTIF to avoid a
race condition with UML time travel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-03 22:28:22 +02:00
Ilan Peer
f321705e31 tests: Add basic test for 802.1X-SHA384 with EAP-PSK
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-11-03 17:08:36 +02:00
Jouni Malinen
dacadc3f68 tests: HE AP on 80 MHz channel and CW change notification
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-03 16:28:13 +02:00
Jouni Malinen
835479b3d6 tests: Mesh BSS on 5 GHz band channel 140
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-03 16:05:03 +02:00
Jouni Malinen
ed4e845576 tests: Work around race condition for TRANSITION-DISABLE processing
This event may be sent before CTRL-EVENT-CONNECTED, so modify the test
cases to wait directly for TRANSITION-DISABLE by skipping the separate
wait for CTRL-EVENT-CONNECTED.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-02 15:57:39 +02:00
Jouni Malinen
4a28e0cb9c tests: Fix sigma_dut interaction with multiple status lines
It is possible for the sigma_dut process to be scheduled in a manner
that ends up combining the status,RUNNING and status,COMPLETE lines into
a single TCP message. This was supposed to be handled in the
sigma_dut_cmd() implementations, but that design had been broken by code
refactoring that changed the indentation level incorrectly.

Fixes: d68946d510 ("tests: sigma_dut and DPP push button first on Enrollee")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-02 15:54:29 +02:00
Jouni Malinen
f851ac2b60 test: Beacon protection and unicast Beacon frame
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-02 15:31:32 +02:00
Jouni Malinen
ddf026b1c6 tests: HE AP MBSSID with mixed security (WPA2-Personal + WPA3-Personal)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-31 16:07:36 +02:00
Jouni Malinen
ccefa6419c tests: rrm_beacon_req_active_scan_fail to allow implementation change
Use more specific condition for the allocation failure to allow
wpa_supplicant_trigger_scan() implementation to be modified without
making this test case fail.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-31 12:01:15 +02:00
Jouni Malinen
909361e28e tests: Redesign bgscan_*_scan_failure to work with implementation change
Wait for allocation failure using wait_fail_trigger() instead of waiting
for a scan failure event since that failure event will go away with
implementation change.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-31 11:57:20 +02:00
Jouni Malinen
77785da667 tests: WPA3/GCMP-256 connection at Suite B 192-bit level and OKC
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-30 19:53:18 +02:00
Jouni Malinen
e933c4e5a3 tests: AP MLD with two links and non-AP MLD sending ML Probe Request
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-10-29 16:07:14 +02:00
Johannes Berg
d01f677c2a tests: hwsim: Add more tracing
Add SKB tracing (which shows now why/where a frame was dropped
in the stack), and also -T for stack trace at each event.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 13:05:13 +03:00
Johannes Berg
d76dbe6c7c tests: ap_mixed_security: Give AP time to set up stations
Give the AP some time to set up stations fully (in the
kernel) so that traffic forwarding will work.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:34:57 +03:00
Johannes Berg
ee74376589 tests: GAS: Wait for STA before ANQP_GET
We can't do ANQP when the STA is connected but the AP hasn't fully set
up the STA yet, so wait on the AP side before continuing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:34:57 +03:00
Johannes Berg
3918c4123f tests: ap_open_poll_sta_no_ack: Fix mgmt-rx race
We need to wait for the MGMT-RX event before disabling
ext_mgmt_frame_handling again, otherwise we might be disabling it and
hostapd only receives the deauth frame after we already disable it,
defeating the purpose of the test.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:34:57 +03:00
Johannes Berg
95325f0969 tests: ap_pmf: Wait for STA appropriately
With PMF, we cannot do even deauth unless we wait for the STA to have
fully connected on the AP side, the STA thinking it has isn't sufficient
since it immediately says so after M4. Add wait_sta() before disconnect,
and also before SA_QUERY.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:34:57 +03:00
Johannes Berg
b3e3e3b0d5 tests: pmksa_cache: Wait for STA on AP side before query
Before querying the PMKSA cache, wait for the STA to have appeared on
the AP side, otherwise scheduling differences may have us asking when
the STA thinks it's connected but the AP hasn't fully processed that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:34:57 +03:00
Johannes Berg
dbcaf927cd tests: ap_tdls: Wait before connectivity checks
All processes need to have a bit of time to mark the kernel STAs
authorized, otherwise traffic may fail. Give them some time, and also
use check_connectivity() in connectivity() since it's the same check,
just different arguments.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:34:57 +03:00
Johannes Berg
f562fd014a tests: Blocked rekey: Give slightly more time
Due to scheduling changes, we don't always now succeed to reconnect in
exactly 1 second, it might take 1.01. Give it 1.1 for a bit more leeway,
it's not clear why it should be exactly 1 second anyway.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:34:57 +03:00
Johannes Berg
01afbeaf9d tests: ap_hs20: Add more wait_sta()
We should always wait_sta() so that we know we can even deauth next,
otherwise the key might not be installed yet by the time we try to
connect to the next AP.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:34:57 +03:00
Johannes Berg
0f896ded9d tests: ap_hs20_connect_no_full_match: Add appropriate waits
We need to appropriately wait for the STA to connect/disconnect before
continuing with the test, add that.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:12:01 +03:00
Johannes Berg
83c5db6c0a tests: autogo_legacy: Wait for 4-way handshake
We need to wait for the 4-way handshake to be completed on the GO side,
so the GO will actually have marked the station as authorized and will
forward packets.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:11:06 +03:00
Johannes Berg
7e558095c7 tests: RRM: Wait for AP STA before requests to AP
Before requesting anything about the specific STA from the AP wait for
it to show up, so that things don't fail if the hostapd process didn't
yet get time to process things.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:10:18 +03:00
Johannes Berg
4f4923bb08 tests: PASN: Try get_ptksa() from AP a few times
We wait for the PASN auth to complete on the wpas side, but there's no
indication of this on the AP side. So if scheduling ordering is bad, we
can ask the AP for the PTKSA cache before it even received the frame
from the kernel and created the PTKSA entry.

To fix this, try this a few times, to see if it becomes available.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:09:26 +03:00
Johannes Berg
376bead963 tests: persistent_go_client_list: Ignore client order
Clients could connect in a different order depending on
timing differences, don't check for the order here.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:08:20 +03:00
Johannes Berg
434d557bc3 tests: FT/RRM: Wait for STA before check_beacon_req()
check_beacon_req() will request from hostapd to request a beacon
report from the STA, but that only works if it already knows about
the STA. Due to scheduling issues, it may not know even if wpa_s
reports it has successfully connected, so also wait for the STA to
show up in hostapd before check_beacon_req().

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:06:59 +03:00
Johannes Berg
257ba3afae tests: Wait for radio work to start after DPP_LISTEN command
Since DPP listen is a radio work, it doesn't start immediately and
then we can end up missing whatever happens next in the test. Wait
for the radio work to start before continuing the test.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-10-28 12:06:29 +03:00
Stefan Schake
1d7ce8e2d7 tests: Multi-AP backhaul to backhaul+fronthaul BSS
Signed-off-by: Stefan Schake <stefan.schake@devolo.de>
2023-10-28 11:51:19 +03:00
Jouni Malinen
aaeeb631e0 tests: More thorough testing of PMF and need for association comeback
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-10-28 11:34:35 +03:00
Jouni Malinen
3d8215affe tests: wpa_supplicant AP with all possible 20 MHz PRI for 80 MHz channel
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-27 13:49:48 +03:00
Jouni Malinen
97b6cc6e58 tests: VHT80 and channel 161
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-26 13:52:54 +03:00
Jouni Malinen
7df76a4dd5 tests: EHT+MLO AP with SAE and transition mode
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-25 14:06:23 +03:00
Jouni Malinen
6affbf1fb0 tests: Remove exception for SAE MLD testing
hostapd now has support for SAE in MLD cases, so there is no need to
maintain this exception that allowed the test case to pass even if the
connection failed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-10-25 13:53:35 +03:00
Jouni Malinen
71b26a7675 tests: Adding EAP-SIM/AKA coverage for ID selection
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-21 11:55:49 +03:00
Jouni Malinen
b46c4b9a91 tests: Beacon protection and reconnection
Regression test case for the issue fixed in the previous commit.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-05 20:38:47 +03:00
Jouni Malinen
07d3c1177b tests: Make sae_proto_hostapd_status_* more robust
The first MGMT-TX-STATUS event might be for the initial broadcast
Deauthentication frame instead of the SAE Authentication frame. Skip the
first event and try to process TX status for the first Authentication
frame instead.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-22 19:46:44 +03:00
Jouni Malinen
f91d10c0e6 tests: Update RSA 3k certificates
The previous ones expired and caused test failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-08-22 17:00:37 +03:00
Jouni Malinen
d606efe054 tests: Beacon rate configuration for 54 Mbps
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-18 21:16:04 +03:00
Jouni Malinen
884125ab7d tests: P2P autonomous GO and clearing of networking information
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-18 20:33:29 +03:00
Jouni Malinen
011775af94 tests: Check for beacon loss when using beacon protection
This extends testing coverage to detect an issue that was fixed in
commit bf9cbb462f ("Fix writing of BIGTK in FT protocol").

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 21:28:14 +03:00
Jouni Malinen
faee8b99e9 tests: Fix eht_mld_sae_legacy_client to restore sae_pwe
Changing sae_pwe and leaving the modified value for the following test
cases can result in failures.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-21 20:17:53 +03:00
Jouni Malinen
b2a1e7fe7a tests: PEAP and TTLS phase2_auth behavior
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-07-17 21:25:06 +03:00
Jouni Malinen
19b6a1513f tests: Additional EHT MLD AP coverage
Verify behavior in SAE/PSK transition mode and PTK rekeying.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-15 17:34:02 +03:00
Andrei Otcheretianski
f5592e2d5e tests: Add basic MLD hwsim tests
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-15 17:34:02 +03:00
Jouni Malinen
829f3cd2b2 tests: Fix the previous update of the regulatory database to VMs
The last update of the wireless-regdb database to the wireless-regdb.git
version of 2023-02-13 in commit c4034a69fe ("tests: Update regulatory
database to VMs") forgot to update regulatory.db.p7s. Update it as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-06 20:11:06 +03:00
Jouni Malinen
95c3f0d1e4 tests: PASN with pasn_noauth=0
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-05-25 22:59:00 +03:00
Jouni Malinen
3e9fe727e5 tests: WPA2-EAP AP with PMF required and EAPOL-Logoff
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-05-04 11:10:16 +03:00
Jouni Malinen
230ca559cb tests: Additional 6 GHz band ACS coverage
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-26 23:10:03 +03:00
Jouni Malinen
c4034a69fe tests: Update regulatory database to VMs
Update the wireless-regdb database to the wireless-regdb.git version of
2023-02-13.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-26 23:10:03 +03:00
Jouni Malinen
a2d4d4c98e tests: HE with ACS on 6 GHz using a 40 MHz channel
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-25 17:31:13 +03:00
Jouni Malinen
566ab39a72 tests: KDK derivation based on Secure LTF capability
This adds more production-like testing coverage for KDK derivation. Both
SAE and OWE transition mode are covered. The latter has some corner
cases that did not work correctly previously.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-25 12:08:12 +03:00
Jouni Malinen
9bad3c975d tests: Update server and user certificates (2023)
At least some of the previous versions have expired, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-04-18 11:40:10 +03:00
Jouni Malinen
07a7bcd7ea WMM: Advertise support for 16 PTKSA replay counters for non-AP STA
In theory, each device that supports WMM (or the IEEE 802.11 QoS for
that matter) is expected to advertise how many replay counters it
supports and the peer device is supposed to use that information to
restrict the total number of different MSDU priorities (AC/UP) that
might be used. In practice, this is not really done in deployed devices
and instead, it is just assumed that everyone supports the eight
different replay counters so that there is no need to restrict which
MSDU priorities can be used.

hostapd implementation of WMM has advertised support for 16 PTKSA replay
counters from the beginning while wpa_supplicant has not had any code
for setting the supported replay counter fields in RSNE, i.e., has left
the value to 0 which implies that only a single replay counter is
supported. While this does not really result in any real issues with
deployed devices, this is not really correct behavior based on the
current IEEE 802.11 standard and the WMM specification.

Update wpa_supplicant to use similar design to the hostapd RSNE
generation by setting the number of supported PTKSA replay counters to
16 whenever WMM is enabled. For now, this is done based on the
association being for HT/VHT/HE/EHT and also based on the AP supporting
WMM since it is much more likely for the local device to support WMM and
eight replay counters (which can be indicated only with the value that
implies support for 16 counters since there is no separate value for 8).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-04-18 11:40:10 +03:00
Jouni Malinen
22c453ae3c tests: Suite B 192-bit RSA with TLS 1.3
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-03-23 00:00:10 +02:00
Avraham Stern
23ddb3ffee tests: Remove dynamically added hostapd interfaces
When an in interface is added dynamically to hostapd with
HWSimRadio, it's not removed during device reset.
This requires to manually remove it, otherwise subsequent tests may
fail. Better do it during device reset.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2023-03-07 23:55:00 +02:00
Andrei Otcheretianski
fa4d7be5bf tests: Clear sae_groups in eht_sae test
Otherwise subsequent tests may fail.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-03-07 23:55:00 +02:00
Jouni Malinen
f0979c4ac9 tests: Fix python3 processing of Popen output reading
Need to decode cmd.stdout.read() output before using it as a string.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 21:34:53 +02:00
Jouni Malinen
f3c4d2db1f tests: DPP Configurator and @CONF-OBJ-SEP@
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 17:08:57 +02:00
Jouni Malinen
596d602de8 tests: P2P persistent group re-invocation (go_bssid) with cfg80211 P2P Device
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-22 14:12:58 +02:00
Jouni Malinen
f710eba172 tests: Make PASN checks for PTKSA_CACHE_LIST a bit more robust
It was apparently possible for the test script to fetch the
PTKSA_CACHE_LIST information from hostapd before the PASN message 3 had
been processed since only the event from wpa_supplicant related to
sending of that frame was explicitly waited for. Add a small wait to try
to avoid this race condition with UML time-travel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 19:46:17 +02:00
Jouni Malinen
6d7a9a890d tests: Country information in hostapd STATUS
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 17:36:28 +02:00
Jouni Malinen
eb6f8dab12 tests: PASN/KDK derivation with FT
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 17:28:15 +02:00
Jouni Malinen
1cde2549ec tests: WPA2-PSK and STA using 4addr mode
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-21 00:12:34 +02:00
Jouni Malinen
217d5e4796 tests: WNM event report
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-20 22:00:16 +02:00
Jouni Malinen
351761e994 tests: Ignore dpp-ca.py in git status
Some of the test cases can use dpp-ca.py symlink to sigma-dut.git. That
symlink is not in the repository, so ignore it explicitly in git status.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-17 16:25:33 +02:00
Jouni Malinen
1bc93b7fe3 tests: Clear SAE groups for dpp_ap_config_sae
This is needed to avoid failures due to previously executed test cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-17 16:20:20 +02:00
Jouni Malinen
9f5f066d27 tests: Clear SAE groups before the HE 6 GHz test cases
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 13:55:36 +02:00
Jouni Malinen
641f2868de tests: FT and VLAN in wpa_psk file
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-14 11:47:25 +02:00
Jouni Malinen
e4d1000cac tests: Verify hostapd STA vlan_id value
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-13 23:22:10 +02:00
Jouni Malinen
eff82f93af tests: Make pmksa_cache_and_cui more robust
Make sure hostapd has had time to complete 4-way handshake processing
before initiating reauthentication from wpa_supplicant. There is a small
window for race condition here when testing with UML and time travel.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 13:11:54 +02:00
Jouni Malinen
2d3afc273d tests: MACsec with EAP-PSK
This verifies use of a shorter than 65 octet EAP Session-Id.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-10 12:41:03 +02:00
Jouni Malinen
047da5fe3a tests: wpa_supplicant config file parsing of an invalid network
This is a regression test for a NULL pointer dereferencing from commit
d8d2b3a338 ("Implement read-only mode for SSIDs from the additional
config (-I)") .

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-01 18:26:35 +02:00
Jouni Malinen
825a545279 tests: Clear sae_groups in radius_sae_password
This is needed to avoid failures caused by previous test cases having
left behind constraints on the allowed groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-31 12:00:18 +02:00
Jouni Malinen
d44a7e38d1 tests: Use nproc for determining how many parallel jobs to use (fuzz)
This was already done in tests/hwsim/build.sh, but the fuzzing
build-test.sh can do same instead of using the hardcoded value 8.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-30 11:21:45 +02:00
Shivani Baranwal
bf931c5f8d tests: P2P Service Discovery initiated from Go device.
Add a new P2P Service Discovery test to verify the handling of the
SD response frame received by the GO device.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
e8706c109e tests: Work around pyrad issues with octet strings that start with "0x"
pyrad's tools.py EncodeOctets() uses a design that tries to
automatically determine when the octetstring is a hex string based on
the binary data starting with "0x". That is not really nice since it
will result in failing one out of 65536 possible random inputs with
"binascii.Error: Non-hexadecimal digit found" when trying to decode an
actual (non-hex) binary string as a hexstring.

Work around this by convering the special cases where the
Message-Authenticator binary value happens to start with b"0x" to a
hexstring.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
85ac165d64 tests: Allow some more time for a scan in discovery_group_client
This makes the test case a bit more likely to be able to complete with
S1G being enabled in mac80211_hwsim. However, the 15 second P2P protocol
timeout itself can be hit in this type of a case and the test case will
still fail every now and then if all mac80211_hwsim supported channels
are included.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
d5b7560de5 tests: Clear sae_groups in pasn_sae_kdk
This test case could have failed when executed after a test case that
had forced a specific set of SAE groups.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
a70a4672d8 tests: Allow more VMs to be used that there are screen lines
curses prints were causing parallel-vm.py to terminate if there were too
many VMs to fit into the screen. For now, simply hide any VMs from the
live status if there is not sufficient room for them.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-25 23:47:33 +02:00
Jouni Malinen
48cb42182f tests: Disable both APs before flushing PBC state
One of the PBC APs was left running at the end of the tet case with
active PBC. Stop that AP as well before flushing scan information on the
STA.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-20 19:06:25 +02:00
Jouni Malinen
ec277b5237 tests: Make ap_roam_open work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 23:06:38 +02:00
Jouni Malinen
415458e2b3 tests: Make wext_pmksa_cache work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 12:40:46 +02:00
Jouni Malinen
19d3e0383f tests: Make ap_wps_iteration_error work with S1G channels
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not long enough to allow two scan iterations to be completed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-16 12:40:41 +02:00
Jouni Malinen
2377d817da tests: DPP QR Code and hostapd as initiator/Configurator (offchannel)
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
6bc9ce67b2 tests: HE on 6 GHz and automatic security settings on STA
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 21:07:56 +02:00
Jouni Malinen
007a43ac59 tests: Per-ESS MAC address and PMKSA caching
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:16 +02:00
Jouni Malinen
823cf218e4 tests: Use different mechanism for failing random MAC address change
gas_failures was using an invalid preassoc_mac_addr value 1111 to
trigger a failure. That won't work once wpa_supplicant starts validating
the range of the configuration parameter. Use a different mechanism to
force a failure in the actual random MAC address change functionality.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:33:02 +02:00
Jouni Malinen
317adf2359 tests: Set address lifetime to be sufficiently large for the test
sta_dynamic_random_mac_addr and sta_dynamic_random_mac_addr_keep_oui
assumed that the same random MAC address remains in use even though it
set the lifetime to 0 seconds. This might have worked in the past by
accident, but set this properly to configure a longer lifetime.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-18 12:24:32 +02:00
Jouni Malinen
3b4a5e58b7 tests: EHT with SAE
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-17 21:07:42 +02:00
Andrei Otcheretianski
694a1c6873 SAE: Make sme_sae_auth() return IE offset
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).

To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:11:16 +02:00
Jouni Malinen
c58178b922 tests: More coverage for D-Bus CreateInterface() parameters
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-12-17 12:11:15 +02:00
Ilan Peer
24b4c3abef tests: Extend SAE-EXT-KEY testing
Extend the SAE-EXT-KEY testing to also cover GCMP-256.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-16 22:37:31 +02:00
Jouni Malinen
6cc0a885c8 tests: require_he=1
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-16 20:31:14 +02:00
Aloka Dixit
96ab7529c1 tests: MBSSID and EMA
Add test cases for MBSSID functionality with EMA.

Add helper functions to create the configuration file, start hostapd
instance and client association with the transmitting interface.

he_ap_mbssid_open: 4 VAPs with open security in multiple BSSID
configuration. The first interface transmits beacons and probe responses
which include the multiple BSSID element(s) with remaining profiles.

he_ap_mbssid_same_security: 2 VAPs, all with SAE. In such a case the
Multiple BSSID elements in management frames do not include RSN and RSNE
elements as all non-transmitting profiles have exact same security
configuration as the transmitting interface.

he_ap_mbssid_mixed_security{1,2}: 8 VAPs with mixed security
configurations (SAE, OWE, WPA2-PSK, open). he_ap_mbssid_mixed_security1:
Transmitting interface uses SAE. In this case the non-transmitting
profiles will include non inheritance element (IEEE Std 802.11-2020,
9.4.2.240) wherever the security differs from the transmitting profile.
he_ap_mbssid_mixed_security2: Transmitting profile is open hence no need
for the non inheritance elements. Instead each non-transmitting profile
includes RSN, RSNE if applicable.

he_ap_ema: Enhanced multi-BSS advertisements (EMA) with 8 VAPs all with
SAE configuration.

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
2022-12-02 23:06:32 +02:00
Daniel Gabay
bb67d5b52b AP: Add testing option to delay EAPOL Tx
Add a testing option to delay EAPOL-Key messages 1/4 and 3/4. By setting
delay_eapol_tx=1, the actual EAPOL Tx will occur on the last possible
attempt (wpa_pairwise_update_count) thus all previous attempts will fail
on timeout which is the wanted delay.

In addition, add an hwsim test that uses this testing option to verify
that non protected Robust Action frames are dropped prior to keys
installation in MFP.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-02 13:07:03 +02:00
Jouni Malinen
12d8b8a91e tests: EAP-TEAP with and without EAP method sequence optimization
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-12-01 17:53:05 +02:00
Andrei Otcheretianski
1b025bda57 tests: Extend EHT estimated throughput testing
Add a basic test to verify AP selection algorithm with EHT AP.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-11-30 20:33:44 +02:00
Jouni Malinen
ed68ac9301 tests: Public key hash information in authentication and AP association
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-29 16:37:54 +02:00
Jouni Malinen
8de2881426 tests: Automatic channel selection for 40 MHz channel (HE)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 23:31:36 +02:00
Jouni Malinen
cd4be06c2b tests: Random MAC address per ESS (mac_addr=3)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 19:10:40 +02:00
Jouni Malinen
ef11556242 tests: DPP Controller/Relay with chirping (duplicate)
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 16:42:21 +02:00
Johannes Berg
48c7e04be6 tests: Add mode for running UML kernel under gdb
The new --gdb option can be used when KERNELDIR (and optionally
MODULEDIR) are set and we therefore run UML. It runs the entire
VM under the debugger, with a script to load the right modules
into gdb so you can debug easily.

This needs CONFIG_GDB_SCRIPTS=y to be used in the kernel build.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2022-11-28 15:43:00 +02:00
Jouni Malinen
74874275dc tests: hostapd behavior with second BSS bridge interface already existing
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-28 11:39:06 +02:00
Jouni Malinen
e174ec7a07 tests: Check hostapd PID file removal in all cases
Only one of the test cases was doing this, but it's more robust for all
the cases using dynamically started hostapd process to do same.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 15:54:26 +02:00
Raphaël Mélotte
e7829e4466 tests: Add ap_reload_bss_only
The test checks that when the SSID of a BSS is changed using
SET+RELOAD_BSS, the stations already connected to other BSSes on the
same radio are not disconnected.

It also checks that stations can connect using the new SSID after the
reload.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:51:08 +02:00
Raphaël Mélotte
1a27b8838a tests: Add ap_config_reload_on_sighup_config_id
The test checks that when reloading the configuration with SIGHUP,
stations that are connected to BSSes whose config_id did not change are
not disconnected. It also checks that for the BSSes that have a
different config_id and SSID, the new SSID is applied correctly.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:44:58 +02:00
Raphaël Mélotte
34e4a17b48 tests: Add iface_params and bss_params to write_hostapd_config()
To make it easier to write custom hostapd configuration files, add
"iface_params" and "bss_params".

They are both meant to be lists of parameters that the user can supply
to append additional parameters to the configuration file.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2022-11-27 15:43:53 +02:00
Jouni Malinen
af97aaa503 tests: Random MAC address with two APs
This verifies locally generated deauthentication determination when the
MAC address changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Damien Dejean
f5ce680ee6 D-Bus: Hotspot 2.0 credentials with multiple domains
Add the support of multiple domains for interworking credentials in
D-Bus API AddCred() using an array of strings.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2022-11-27 14:18:53 +02:00
Jouni Malinen
e5dfce38f7 RSN: Split EAPOL-Key group msg 1/2 processing more completely for WPA(v1)
Separate more of WPA(v1) functionality away from the RSN processing
code path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 14:18:53 +02:00
Jouni Malinen
5ab43c738e RSN: Split WPA(v1) processing of EAPOL-Key frames into a separate function
This is a step in separating RSN and WPA(v1) processing of EAPOL-Key
frames into separate functions. This allows the implementation to be
simplified and potentially allows the validation rules to be made
stricter more easily. This is also a step towards allowing WPA(v1)
functionality to be removed from the build in the future.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-27 08:30:58 +02:00
Damien Dejean
5f89fffb76 tests: New Passpoint Home OI parameters
Move testing to use the new Home OI parameters while maintaining a
couple of tests for the deprecated parameters.

Signed-off-by: Damien Dejean <damiendejean@chromium.org>
2022-11-26 18:59:10 +02:00
Jouni Malinen
bb9099785e tests: WPS PBC provisioning with configured AP and passive scanning
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 18:54:33 +02:00
Jouni Malinen
00bd744ed5 tests: OCV on 2.4 GHz with PMF getting enabled automatically on STA
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 17:21:08 +02:00
Jouni Malinen
7c62bccc6e tests: SAE and preferred AP using wrong password
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-24 12:06:59 +02:00
Jouni Malinen
22a5d615ba tests: HS 2.0 deauthentication imminent with and without URL timing
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-21 22:57:51 +02:00
Glenn Strauss
8e364713ef tests: Check IMSI privacy support using a helper function
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-20 17:23:10 +02:00
Jouni Malinen
bb171f0020 tests: DPP network introduction with PMKSA cleared on AP
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
1e602adabb tests: Add PMKSA cache entry again in dpp_akm_sha*
This is going to be needed once wpa_supplicant starts dropping the PMKSA
cache entry on status code 53 (invalid PMKID) rejection of association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:08:26 +02:00
Jouni Malinen
f49b604555 tests: Fix pasn-init fuzz tester build
Change of the wpas_pasn_start() prototype did not update the fuzzer
tool.

Fixes: 309765eb66 ("PASN: Use separate variables for BSSID and peer address")
Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-19 17:21:45 +02:00
Jouni Malinen
6cb34798f8 tests: SAE-EXT-KEY, H2E, and rejected groups indication
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
252729d902 tests: Random MAC address with PMKSA caching
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
f1f796a39f tests: hostapd dump_msk_file
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-10 21:13:05 +02:00
Jouni Malinen
1e0b7379d6 tests: FT with mobility domain changes
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Jouni Malinen
bbe5f0c1eb FT: Do not try to use FT protocol between mobility domains
wpa_supplicant has support for only a single FT key hierarchy and as
such, cannot use more than a single mobility domain at a time. Do not
allow FT protocol to be started if there is a request to reassociate to
a different BSS within the same ESS if that BSS is in a different
mobility domain. This results in the initial mobility domain association
being used whenever moving to another mobility domain.

While it would be possible to add support for multiple FT key hierachies
and multiple mobility domains in theory, there does not yet seem to be
sufficient justification to add the complexity needed for that due to
limited, if any, deployment of such networks. As such, it is simplest to
just prevent these attempts for now and start with a clean initial
mobility domain association.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 00:54:41 +02:00
Jouni Malinen
0ccb3b6cf2 tests: External password storage for SAE
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-07 14:02:55 +02:00