It was apparently possible for the test script to fetch the
PTKSA_CACHE_LIST information from hostapd before the PASN message 3 had
been processed since only the event from wpa_supplicant related to
sending of that frame was explicitly waited for. Add a small wait to try
to avoid this race condition with UML time-travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Some of the test cases can use dpp-ca.py symlink to sigma-dut.git. That
symlink is not in the repository, so ignore it explicitly in git status.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Make sure hostapd has had time to complete 4-way handshake processing
before initiating reauthentication from wpa_supplicant. There is a small
window for race condition here when testing with UML and time travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is a regression test for a NULL pointer dereferencing from commit
d8d2b3a338 ("Implement read-only mode for SSIDs from the additional
config (-I)") .
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid failures caused by previous test cases having
left behind constraints on the allowed groups.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This was already done in tests/hwsim/build.sh, but the fuzzing
build-test.sh can do same instead of using the hardcoded value 8.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new P2P Service Discovery test to verify the handling of the
SD response frame received by the GO device.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
pyrad's tools.py EncodeOctets() uses a design that tries to
automatically determine when the octetstring is a hex string based on
the binary data starting with "0x". That is not really nice since it
will result in failing one out of 65536 possible random inputs with
"binascii.Error: Non-hexadecimal digit found" when trying to decode an
actual (non-hex) binary string as a hexstring.
Work around this by convering the special cases where the
Message-Authenticator binary value happens to start with b"0x" to a
hexstring.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes the test case a bit more likely to be able to complete with
S1G being enabled in mac80211_hwsim. However, the 15 second P2P protocol
timeout itself can be hit in this type of a case and the test case will
still fail every now and then if all mac80211_hwsim supported channels
are included.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test case could have failed when executed after a test case that
had forced a specific set of SAE groups.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
curses prints were causing parallel-vm.py to terminate if there were too
many VMs to fit into the screen. For now, simply hide any VMs from the
live status if there is not sufficient room for them.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
One of the PBC APs was left running at the end of the tet case with
active PBC. Stop that AP as well before flushing scan information on the
STA.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not long enough to allow two scan iterations to be completed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
gas_failures was using an invalid preassoc_mac_addr value 1111 to
trigger a failure. That won't work once wpa_supplicant starts validating
the range of the configuration parameter. Use a different mechanism to
force a failure in the actual random MAC address change functionality.
Signed-off-by: Jouni Malinen <j@w1.fi>
sta_dynamic_random_mac_addr and sta_dynamic_random_mac_addr_keep_oui
assumed that the same random MAC address remains in use even though it
set the lifetime to 0 seconds. This might have worked in the past by
accident, but set this properly to configure a longer lifetime.
Signed-off-by: Jouni Malinen <j@w1.fi>
Authentication frames include several fixed body parts (see Table 9-68
(Authentication frame body) and Table 9-69 (Presence of fields and
elements in Authentication frames) in IEEE P802.11-REVme/D2.0).
To be able to parse the IE part, these fields need to be skipped. Since
SAE logic already implements this parsing, change SAE authentication
handling functions to return the offset to the IE part. This preparation
is needed for future MLD patches that need to parse out the ML related
elements in the Authentication frames.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Extend the SAE-EXT-KEY testing to also cover GCMP-256.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add test cases for MBSSID functionality with EMA.
Add helper functions to create the configuration file, start hostapd
instance and client association with the transmitting interface.
he_ap_mbssid_open: 4 VAPs with open security in multiple BSSID
configuration. The first interface transmits beacons and probe responses
which include the multiple BSSID element(s) with remaining profiles.
he_ap_mbssid_same_security: 2 VAPs, all with SAE. In such a case the
Multiple BSSID elements in management frames do not include RSN and RSNE
elements as all non-transmitting profiles have exact same security
configuration as the transmitting interface.
he_ap_mbssid_mixed_security{1,2}: 8 VAPs with mixed security
configurations (SAE, OWE, WPA2-PSK, open). he_ap_mbssid_mixed_security1:
Transmitting interface uses SAE. In this case the non-transmitting
profiles will include non inheritance element (IEEE Std 802.11-2020,
9.4.2.240) wherever the security differs from the transmitting profile.
he_ap_mbssid_mixed_security2: Transmitting profile is open hence no need
for the non inheritance elements. Instead each non-transmitting profile
includes RSN, RSNE if applicable.
he_ap_ema: Enhanced multi-BSS advertisements (EMA) with 8 VAPs all with
SAE configuration.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Add a testing option to delay EAPOL-Key messages 1/4 and 3/4. By setting
delay_eapol_tx=1, the actual EAPOL Tx will occur on the last possible
attempt (wpa_pairwise_update_count) thus all previous attempts will fail
on timeout which is the wanted delay.
In addition, add an hwsim test that uses this testing option to verify
that non protected Robust Action frames are dropped prior to keys
installation in MFP.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add a basic test to verify AP selection algorithm with EHT AP.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The new --gdb option can be used when KERNELDIR (and optionally
MODULEDIR) are set and we therefore run UML. It runs the entire
VM under the debugger, with a script to load the right modules
into gdb so you can debug easily.
This needs CONFIG_GDB_SCRIPTS=y to be used in the kernel build.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Only one of the test cases was doing this, but it's more robust for all
the cases using dynamically started hostapd process to do same.
Signed-off-by: Jouni Malinen <j@w1.fi>
The test checks that when the SSID of a BSS is changed using
SET+RELOAD_BSS, the stations already connected to other BSSes on the
same radio are not disconnected.
It also checks that stations can connect using the new SSID after the
reload.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
The test checks that when reloading the configuration with SIGHUP,
stations that are connected to BSSes whose config_id did not change are
not disconnected. It also checks that for the BSSes that have a
different config_id and SSID, the new SSID is applied correctly.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>