Avoid race condition with TX status reporting for the broadcast
Deauthentication frame. This could be delivered after the SET command
for ext_mgmt_frame_handled=1 and as such, could result in an
MGMT-TX-STATUS event that would confuse the next step in the test.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for the externally triggered scan to actually start before issuing
the own scan command to avoid a race condition with UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not leave dev[0] in state where it is waiting for
NL80211_CMD_ASSOCIATE to complete since that might deliver an
ASSOC_TIMED_OUT event to the next test case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case has a race condition between the first and second
initiated DPP exchange. New kernel scheduling with UML time-travel is
making the first exchange complete before the first one can be started.
Making this fully robust would likely need ext_mgmt_frame_handling=1 and
more complex test script, but as an initial workaround, split URI
parsing from dev[2] to happen before dev[1] is started so that only a
single DPP_AUTH_INIT command is needed during the race window.
In addition, detect the race condition and SKIP the test instead of
reporting FAIL.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for hostapd to complete processing before taking the next step in a
test instead of waiting just for wpa_supplicant. This avoids race
conditions with UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
Even though the radio work has started here, kernel might not have
started ROC (i.e., the REMAIN_ON_CHANNEL event has not yet been
received). Wait a bit to increase likelihood of everything being ready
for the following DPP operation.
Signed-off-by: Jouni Malinen <j@w1.fi>
At least with UML time-travel, it is possible for the response frame to
be received before the TX status of the request is delivered. Such a
sequence resulted in run_req_beacon() dropping the response event and
the following step failing due to a missing event. Avoid this by caching
the received response in run_req_beacon() and returning them to the
caller.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait some time before requesting disconnection to allow hostapd to
complete 4-way handshake processing. Wait some time after disconnection
has been completed on the STA before trying to use SAE again with the AP
so that hostapd has a chance to complete disconnection with UML
time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
The underlying driver can reject only specific links in an association
request. In that case we will only ignore the corresponding BSS. Add a
test for this flow by simulating an association failure on the second
link specifically.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Test ML association, automatic link discovery using ML probe requests
and marking BSSs as failed after an ML association failure, if the
corresponding link also rejected the association.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Also check that we can discover BSSs requests using ML probe requests.
Note that this requires a new enough mac80211 which parses the ML probe
request and reports the contained BSSs.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Having the ability to trigger multiple failures in one test can be
useful. Add support to the test infrastructure to do this.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
These were either sending the command to the wrong
hostapd/wpa_supplicant instance or using the wrong command. This
currently causes the wait to just immediately stop, but with future
commits it would start failing.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Future commits change the related code and exception string. Avoiding
using the context is easy here and actually avoids two layers of
nesting.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
IEEE P802.11be/D4.0, 9.4.2.312.2.3 states that the AP MLD ID should only
be included in some ML probe responses. Beacon frames shouldn't include
AP MLD ID.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
With more channels now available in some regulatory domains, some scan
operations can take longer. Give them more time to complete in tests.
For two cases this required adding a timeout parameter to connect(),
which is then passed through.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Test functionality in cases where MBSSID is used with a WPA2-Personal
only BSS as the transmitted BSS and WPA3-Personal BSS as the
nontransmitted BSS.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Otherwise the station or AP might be doing router advertisements,
causing keep alive already without the mechnism that is being tested.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
dpp_config_legacy_gen_two_conf_psk and dpp_config_legacy_gen_two_conf
tried to set a DPP parameter before having verified that CONFIG_DPP was
used in the build.
Signed-off-by: Jouni Malinen <j@w1.fi>
Starting a thread to initiate DPP before starting the responder through
sigma_dut can result in unexpected testing behavior since there may not
be enough time to get the responder enabled before timing out som
initiator actions. Wait a second at the beginning of the initiator
thread in dpp_init_conf() similarly to how this was handled in other
initiator-from-thread cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Wait for stdout/stderr in a more robust manner to avoid blocking the
pipes and kill the sigma_dut process if it fails to terminate cleanly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Responder receives Authentication Request and Config Request in a
sequence and it is possible for the Config Request to be received before
MGMT_RX_PROCESS has been processed for Authentication Request in the
cases where the test script is in the middle of RX processing. This can
result in DPP-AUTH-SUCCESS being delivered only after the MGMT-RX event
for Config Reques which means that wait_auth_success() would lose that
MGMT-RX event.
Avoid this issue by caching the "extra" MGMT-RX event within
wait_auth_success() and having the caller verify if the Config Request
(GAS Initial Request) has already been received before waiting to
receive it.
This makes dpp_gas, dpp_gas_comeback_after_failure, and
dpp_gas_timeout_handling more robust.
Signed-off-by: Jouni Malinen <j@w1.fi>
UML time travel allows the deauthentication event to be processed more
quickly than the delivery of EAP-Success to the client through the test
script, so accept either sequence here.
Signed-off-by: Jouni Malinen <j@w1.fi>
connect_network() tried to make test log more readable with a
dump_monitor() call at the end of the function. However, this could end
up practically dropping an event that arrives more or less immediately
after CTRL-EVENT-CONNECTED. This could happen with UML time travel,
e.g., in suite_b_192_pmksa_caching_roam.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Wait for hostapd connection event before issue HS20_WNM_NOTIF to avoid a
race condition with UML time travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This event may be sent before CTRL-EVENT-CONNECTED, so modify the test
cases to wait directly for TRANSITION-DISABLE by skipping the separate
wait for CTRL-EVENT-CONNECTED.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
It is possible for the sigma_dut process to be scheduled in a manner
that ends up combining the status,RUNNING and status,COMPLETE lines into
a single TCP message. This was supposed to be handled in the
sigma_dut_cmd() implementations, but that design had been broken by code
refactoring that changed the indentation level incorrectly.
Fixes: d68946d510 ("tests: sigma_dut and DPP push button first on Enrollee")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use more specific condition for the allocation failure to allow
wpa_supplicant_trigger_scan() implementation to be modified without
making this test case fail.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Wait for allocation failure using wait_fail_trigger() instead of waiting
for a scan failure event since that failure event will go away with
implementation change.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add SKB tracing (which shows now why/where a frame was dropped
in the stack), and also -T for stack trace at each event.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Give the AP some time to set up stations fully (in the
kernel) so that traffic forwarding will work.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We can't do ANQP when the STA is connected but the AP hasn't fully set
up the STA yet, so wait on the AP side before continuing.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We need to wait for the MGMT-RX event before disabling
ext_mgmt_frame_handling again, otherwise we might be disabling it and
hostapd only receives the deauth frame after we already disable it,
defeating the purpose of the test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
With PMF, we cannot do even deauth unless we wait for the STA to have
fully connected on the AP side, the STA thinking it has isn't sufficient
since it immediately says so after M4. Add wait_sta() before disconnect,
and also before SA_QUERY.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Before querying the PMKSA cache, wait for the STA to have appeared on
the AP side, otherwise scheduling differences may have us asking when
the STA thinks it's connected but the AP hasn't fully processed that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
All processes need to have a bit of time to mark the kernel STAs
authorized, otherwise traffic may fail. Give them some time, and also
use check_connectivity() in connectivity() since it's the same check,
just different arguments.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Due to scheduling changes, we don't always now succeed to reconnect in
exactly 1 second, it might take 1.01. Give it 1.1 for a bit more leeway,
it's not clear why it should be exactly 1 second anyway.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We should always wait_sta() so that we know we can even deauth next,
otherwise the key might not be installed yet by the time we try to
connect to the next AP.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We need to appropriately wait for the STA to connect/disconnect before
continuing with the test, add that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We need to wait for the 4-way handshake to be completed on the GO side,
so the GO will actually have marked the station as authorized and will
forward packets.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Before requesting anything about the specific STA from the AP wait for
it to show up, so that things don't fail if the hostapd process didn't
yet get time to process things.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
We wait for the PASN auth to complete on the wpas side, but there's no
indication of this on the AP side. So if scheduling ordering is bad, we
can ask the AP for the PTKSA cache before it even received the frame
from the kernel and created the PTKSA entry.
To fix this, try this a few times, to see if it becomes available.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clients could connect in a different order depending on
timing differences, don't check for the order here.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
check_beacon_req() will request from hostapd to request a beacon
report from the STA, but that only works if it already knows about
the STA. Due to scheduling issues, it may not know even if wpa_s
reports it has successfully connected, so also wait for the STA to
show up in hostapd before check_beacon_req().
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Since DPP listen is a radio work, it doesn't start immediately and
then we can end up missing whatever happens next in the test. Wait
for the radio work to start before continuing the test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
hostapd now has support for SAE in MLD cases, so there is no need to
maintain this exception that allowed the test case to pass even if the
connection failed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The first MGMT-TX-STATUS event might be for the initial broadcast
Deauthentication frame instead of the SAE Authentication frame. Skip the
first event and try to process TX status for the first Authentication
frame instead.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This extends testing coverage to detect an issue that was fixed in
commit bf9cbb462f ("Fix writing of BIGTK in FT protocol").
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Changing sae_pwe and leaving the modified value for the following test
cases can result in failures.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The last update of the wireless-regdb database to the wireless-regdb.git
version of 2023-02-13 in commit c4034a69fe ("tests: Update regulatory
database to VMs") forgot to update regulatory.db.p7s. Update it as well.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This adds more production-like testing coverage for KDK derivation. Both
SAE and OWE transition mode are covered. The latter has some corner
cases that did not work correctly previously.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
At least some of the previous versions have expired, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
In theory, each device that supports WMM (or the IEEE 802.11 QoS for
that matter) is expected to advertise how many replay counters it
supports and the peer device is supposed to use that information to
restrict the total number of different MSDU priorities (AC/UP) that
might be used. In practice, this is not really done in deployed devices
and instead, it is just assumed that everyone supports the eight
different replay counters so that there is no need to restrict which
MSDU priorities can be used.
hostapd implementation of WMM has advertised support for 16 PTKSA replay
counters from the beginning while wpa_supplicant has not had any code
for setting the supported replay counter fields in RSNE, i.e., has left
the value to 0 which implies that only a single replay counter is
supported. While this does not really result in any real issues with
deployed devices, this is not really correct behavior based on the
current IEEE 802.11 standard and the WMM specification.
Update wpa_supplicant to use similar design to the hostapd RSNE
generation by setting the number of supported PTKSA replay counters to
16 whenever WMM is enabled. For now, this is done based on the
association being for HT/VHT/HE/EHT and also based on the AP supporting
WMM since it is much more likely for the local device to support WMM and
eight replay counters (which can be indicated only with the value that
implies support for 16 counters since there is no separate value for 8).
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When an in interface is added dynamically to hostapd with
HWSimRadio, it's not removed during device reset.
This requires to manually remove it, otherwise subsequent tests may
fail. Better do it during device reset.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
It was apparently possible for the test script to fetch the
PTKSA_CACHE_LIST information from hostapd before the PASN message 3 had
been processed since only the event from wpa_supplicant related to
sending of that frame was explicitly waited for. Add a small wait to try
to avoid this race condition with UML time-travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Some of the test cases can use dpp-ca.py symlink to sigma-dut.git. That
symlink is not in the repository, so ignore it explicitly in git status.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Make sure hostapd has had time to complete 4-way handshake processing
before initiating reauthentication from wpa_supplicant. There is a small
window for race condition here when testing with UML and time travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is a regression test for a NULL pointer dereferencing from commit
d8d2b3a338 ("Implement read-only mode for SSIDs from the additional
config (-I)") .
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to avoid failures caused by previous test cases having
left behind constraints on the allowed groups.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new P2P Service Discovery test to verify the handling of the
SD response frame received by the GO device.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
pyrad's tools.py EncodeOctets() uses a design that tries to
automatically determine when the octetstring is a hex string based on
the binary data starting with "0x". That is not really nice since it
will result in failing one out of 65536 possible random inputs with
"binascii.Error: Non-hexadecimal digit found" when trying to decode an
actual (non-hex) binary string as a hexstring.
Work around this by convering the special cases where the
Message-Authenticator binary value happens to start with b"0x" to a
hexstring.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes the test case a bit more likely to be able to complete with
S1G being enabled in mac80211_hwsim. However, the 15 second P2P protocol
timeout itself can be hit in this type of a case and the test case will
still fail every now and then if all mac80211_hwsim supported channels
are included.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test case could have failed when executed after a test case that
had forced a specific set of SAE groups.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
curses prints were causing parallel-vm.py to terminate if there were too
many VMs to fit into the screen. For now, simply hide any VMs from the
live status if there is not sufficient room for them.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
One of the PBC APs was left running at the end of the tet case with
active PBC. Stop that AP as well before flushing scan information on the
STA.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not sufficiently long for full scan while connected.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If mac80211_hwsim has S1G channels enabled, the 15 second timeout was
not long enough to allow two scan iterations to be completed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
gas_failures was using an invalid preassoc_mac_addr value 1111 to
trigger a failure. That won't work once wpa_supplicant starts validating
the range of the configuration parameter. Use a different mechanism to
force a failure in the actual random MAC address change functionality.
Signed-off-by: Jouni Malinen <j@w1.fi>
sta_dynamic_random_mac_addr and sta_dynamic_random_mac_addr_keep_oui
assumed that the same random MAC address remains in use even though it
set the lifetime to 0 seconds. This might have worked in the past by
accident, but set this properly to configure a longer lifetime.
Signed-off-by: Jouni Malinen <j@w1.fi>
Extend the SAE-EXT-KEY testing to also cover GCMP-256.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add test cases for MBSSID functionality with EMA.
Add helper functions to create the configuration file, start hostapd
instance and client association with the transmitting interface.
he_ap_mbssid_open: 4 VAPs with open security in multiple BSSID
configuration. The first interface transmits beacons and probe responses
which include the multiple BSSID element(s) with remaining profiles.
he_ap_mbssid_same_security: 2 VAPs, all with SAE. In such a case the
Multiple BSSID elements in management frames do not include RSN and RSNE
elements as all non-transmitting profiles have exact same security
configuration as the transmitting interface.
he_ap_mbssid_mixed_security{1,2}: 8 VAPs with mixed security
configurations (SAE, OWE, WPA2-PSK, open). he_ap_mbssid_mixed_security1:
Transmitting interface uses SAE. In this case the non-transmitting
profiles will include non inheritance element (IEEE Std 802.11-2020,
9.4.2.240) wherever the security differs from the transmitting profile.
he_ap_mbssid_mixed_security2: Transmitting profile is open hence no need
for the non inheritance elements. Instead each non-transmitting profile
includes RSN, RSNE if applicable.
he_ap_ema: Enhanced multi-BSS advertisements (EMA) with 8 VAPs all with
SAE configuration.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Add a testing option to delay EAPOL-Key messages 1/4 and 3/4. By setting
delay_eapol_tx=1, the actual EAPOL Tx will occur on the last possible
attempt (wpa_pairwise_update_count) thus all previous attempts will fail
on timeout which is the wanted delay.
In addition, add an hwsim test that uses this testing option to verify
that non protected Robust Action frames are dropped prior to keys
installation in MFP.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add a basic test to verify AP selection algorithm with EHT AP.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The new --gdb option can be used when KERNELDIR (and optionally
MODULEDIR) are set and we therefore run UML. It runs the entire
VM under the debugger, with a script to load the right modules
into gdb so you can debug easily.
This needs CONFIG_GDB_SCRIPTS=y to be used in the kernel build.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Only one of the test cases was doing this, but it's more robust for all
the cases using dynamically started hostapd process to do same.
Signed-off-by: Jouni Malinen <j@w1.fi>
The test checks that when the SSID of a BSS is changed using
SET+RELOAD_BSS, the stations already connected to other BSSes on the
same radio are not disconnected.
It also checks that stations can connect using the new SSID after the
reload.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
The test checks that when reloading the configuration with SIGHUP,
stations that are connected to BSSes whose config_id did not change are
not disconnected. It also checks that for the BSSes that have a
different config_id and SSID, the new SSID is applied correctly.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
To make it easier to write custom hostapd configuration files, add
"iface_params" and "bss_params".
They are both meant to be lists of parameters that the user can supply
to append additional parameters to the configuration file.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Add the support of multiple domains for interworking credentials in
D-Bus API AddCred() using an array of strings.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>