min-seq.py can be used to find a minimal test sequence that can be used
to reproduce test failures. This is meant for being able to process the
recently added "Failure sequence:" entries from parallel-vm.log to
reduce manual work needed to debug commonly failing test case sequences.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid test failures when a previous test case might
have restricted the set of allowed SAE groups.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Flush scan results to avoid unexpected behavior due to scan results
remaining available from previous test cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Flush scan results to avoid unexpected behavior due to scan results
remaining available from previous test cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The test case name ap_ft_pmf_over_ds was used for two different test
cases which resulted in only one of those being used. Fix this by using
unique test case names.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Clear scan cache to avoid issues with old scan results from earlier test
cases. This caused issues like the following test case sequence failing:
rrm_beacon_req_active_ap_channels ap_ft_eap_dis_over_ds
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Clear scan results to avoid issues with get_bss() finding an entry from
an earlier test case when checking for mesh information.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Clear the scan cache on the AP before running this test since the HT40
operation on the 2.4 GHz band might get disallowed based on scan results
from earlier test cases. This was found with the following hwsim test
case sequence failing:
ap_acs_with_fallback_to_20 wpa2_ocv_ap_ht_mismatch
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Flush the scan table explicitly to avoid issues with the ROAM command if
the new AP is not found and an entry from a previous test case is used
instead. This was happening in a number of cases where a SAE test case
was run after sigma_dut_ap_cipher_gcmp_256 which used the second AP
instance and allowed that to show up in the scan results in the next
text case.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
These can fail if the scan results from the previous test case remain,
e.g., when run immediately after scan_bss_limit.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a couple of more channel configuration cases and log the channel
parameters with more details in the test log.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
A number of test cases using 40 MHz or wider channels with the primary
channel 36 were failing when executed after dpp_chirp_ap_5g since that
test case was running an AP on the channel 40 and resulting in need to
swap the primary and the secondary channels in the following test case.
Fix this by clearing the AP scan cache explicitly for such cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Flush the scan cache for all test cases that used get_bss() to check for
particular ANQP information. This was already done for one such case
based on commit dd900637b2 ("tests: Make gas_anqp_extra_elements more
robust"), but other test cases need this as well.
This was showing with frequent errors in test cases sequences like this
one:
dfs_radar_no_ht gas_fragment_with_comeback_delay gas_unknown_adv_proto gas_anqp_venue_url
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid leaving behind a BSS entry with WPS enabled for
the next text case in some cases. In particular, this was causing issues
in the following sequence of test cases:
ap_wps_conf_chan14 ap_wps_cancel ap_wps_pin_request_file
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Now that wpa_supplicant does this internally as a part of the FLUSH
command, there is no need for the test scripts to try to clear the
parameter between test cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test case could fail in some sequences like "sigma_dut_sae
scan_parsing" due to the ignore_old_scan_res parameter accidentally
being left to 1 by the former test case and the simulated scan result
being older than the previous scan trigger. Reduce the age of that scan
entry to make this less likely to happen.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The DPP Enrollee might wait for up to 60 seconds for the configuration,
so use a longer timeout value to be able to cover this negative test
case where the Configurator never sends the response.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This group should not be used with SAE and as such, it could cause
confusing test errors here. Use an acceptable group instead.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
At least for the time being PKEXv2 needs CONFIG_DPP3=y to work in a
testable manner. Couple of the test cases did not cover this correctly
and resulted in failures (instead of skipping the tests) when the
default build configuration was used. Fix that by checking for DPP
version 3.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Before, we could loose some events because of pipe buffering. I saw this
problem when running "ubus listen" or "logread -f" and waiting some
specific events. After disabling buffering this works much better.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
This parameter was added with the commit message indicating the valid
reason code values to be 1-5, but with the implementation allowed only
1. There are five defined reason code values for the Association
Disallowed attribute, so extend the allowed range to cover all those
values.
Fixes: fb9a1c3e28 ("hostapd: Add MBO IE to Beacon, Probe Response, Association Response")
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
Add the "InterworkingSelect" method to the DBus API to trigger an
Interworking scan with ANQP fetches. When a BSS that matches a
configured credential is found, the result is emitted using the signal
"InterworkingAPAdded". Completion of the full InterworkingSelect
operation is indicated with the "InterworkingSelectDone" signal.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
Add "AddCred", "RemoveCred", and "RemoveAllCreds" methods to the D-Bus
API of the network interface to allow the caller to manipulate a set of
Interworking credentials similarly to the way this was enabled through
the control interface.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
CONFIG_DPP3=y can now be used to configure hostapd and wpa_supplicant
builds to include DPP version 3 functionality. This functionality is
still under design and the implementation is experimental and not
suitable to be enabled in production uses before the specification has
been finalized.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When checking DPP capabilities the Brainpool flag was not always set
when needed, leading to run a test with the Brainpool curves not
supported by BoringSSL.
Use a short form for the DER length of EC privateKey with NIST P-521
curve. Indeed BoringSSL returns an error when parsing DER sequence 30 81
50 ... because the length 81 50 could have been encoded as 50 and
according comment in BoringSSL:
ITU-T X.690 section 10.1 (DER length forms) requires encoding the
length with the minimum number of octets.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
As BoringSSL version of i2d_PUBKEY() doesn't respect the
POINT_CONVERSION_COMPRESSED flag redefine a specific
crypto_ec_key_get_subject_public_key() version for BoringSSL based on
dpp_bootstrap_key_der().
The only other user of crypto_ec_key_get_subject_public_key() is SAE-PK
for which the public key should also be formatted using compressed
format.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Move code of dpp_get_pubkey_point() to a crypto library specific
function crypto_ec_key_get_pubkey_point().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Add a common well-known regulatory database to the test VMs during runs
to remove one thing to have correct in the host.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Replaced the word "sanity" with the inclusive word "validity". The
comment in acs_survey_interference_factor() was referring a function
that does not exist, so remove it instead of trying rename the function.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Using __del__ for any kind of cleanup is not a good idea
as it's not guaranteed to be called at any particular time,
it's only called whenever the next garbage collect cycle
kicks in.
Use a context manager instead, which basically removes the
need for the try/finally and fixes the reliance on __del__.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Couple of the PASN test cases did not verify whether the wpa_supplicant
build used in the test included PASN support.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This test case adds a new AP device (wlan0_ap) with iw and removes it in
the end. However, the hostapd interface for this netdev was only added,
but not removed at the end of the test case. This could result in
consecutive test cases getting confused with the extra interface, e.g.,
if running WPS configuration steps that get applied to all enabled
interfaces.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Need to wrap back to 0 when changing value 255 to avoid generating a too
large value to fit an octet field. This was resulting in errors due to a
python exception (likely for about every 256th run).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This limits the EAP-SIM and EAP-AKA tests to 100 test frames to avoid
undesired timeouts in automated fuzz testing. The real world uses are
limited to 50 rounds, so there is not really any point in trying with
thousands of frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases. This contains updates from running
tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Move from RS to PA country code to allow these test cases to work since
regdb was updated to require DFS for these operating classes in RS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add minimal testing for airtime policy configuration. mac80211_hwsim
does not actually support this functionality, so this is just for
testing coverage of src/ap/airtime_policy.c.
Signed-off-by: Jouni Malinen <j@w1.fi>
Dump pending monitor interface messages between each roaming step to
make the test log easier to understand and hostapd wait for the new
connection more robust by ensuring that the processed event if for the
very last reassociation. It looks like at least ap_ft_vlan_over_ds_many
could fail due to the connectivity check being started before the final
roam had been completed on the AP side even though there was an explicit
hapd2ap.wait_sta() wait before the test.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
APs PMF capabilities can differ. wpa_supplicant should be able to
disable and enable MBO when roaming to and from a misbehaving MBO AP
that doesn't support PMF. Verify that this is indeed happening.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
gcc-10 seems to be inlining eap_eke_prf() and eap_eke_prfplus() which
breaks this test case due to a different backtrace being generated for
triggering the local failures. Point to the functions called by those
instead of these two functions to get this working with both gcc-9 and
gcc-10.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Hide /usr/share/wireshark from hostfs to prevent tshark from loading all
the data from there since that can take significant amount of time and
is not really needed for the test cases. In addition, set HOME to point
to local tmpfs to avoid unnecessary references through hostfs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Even though the STA in this test case does not actually use SAE, it
needs to recognize the "SAE H2E only "BSS membership selector.
Signed-off-by: Jouni Malinen <j@w1.fi>
Need to explicitly wait for hostapd to report STA connection before
starting the traffic test to avoid the potential race condition when
testing with UML and time travel mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
These could fail if a scan entry from a previous test case was still
present in the BSS table, e.g., by wpa_supplicant selecting the SSID
from that old entry instead of the new SSID. Try to avoid that by
explicitly flushing the scan results before starting these tests.
Signed-off-by: Jouni Malinen <j@w1.fi>