The test configures ft_r0_key_lifetime parameter, however ft_params
already contain the r0_key_lifetime. Since both options are accepted by
hostapd and set the same field, one of them gets overwritten.
As the dictionary enumeration order is not guaranteed in python, the
test may sporadically fail.
Fix that by explicitely removing the unneeded parameter.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Python enumerates dictionaries in an arbitrary order, thus the resulting
configuration file will have the parameters shuffled randomly. This may
cause the test to fail when, for example, auth_server_addr is placed
after auth_server_port. Fix this by enforcing some of the fields to be
placed before the others.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This makes it more convenient to run tests with builds that disable
TKIP/WPA(v1) support completely.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is in preparation for a hostapd implementation change on how to
address the unexpected RSNXE Used field value in FTE during FT
reassociation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Verify hostapd behavior during FT protocol processing when a STA entry
is still present in the AP and that association has PMF negotiated.
Signed-off-by: Jouni Malinen <j@w1.fi>
Replace the hardcoded /tmp filenames for generated ACL and BSS
configuration files with proper temporary files from tempfile.mkstemp()
to avoid conflicts with existing files or with parallel uses. Remove ACL
files from the local directory at the end of each test case. BSS files
are currently left behind, but can be cleaned up separately if needed
for non-VM testing (VM testing has those on ramdrive so they get dropped
automatically at the end) and for remote devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
Generate ACL files instead of using files with hardcoded values for the
STA MAC addresses. Send the generated files also to the remote client if
required.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
The RECONNECT command on the station was issued immediately after
wpa_supplicant had processed EAPOL-Key msg 3/4. This could happen before
hostapd has processed EAPOL-Key msg 4/4 and especially with UML
time-travel, this could result in the following FT protocol exchange
going through in a manner that makes the hostapd process EAPOL-Key msg
4/4 from the first association as a postponed EAPOL RX at the beginning
of the second association. Avoid this by waiting hostapd to report
completion of the connection before issuing RECONNECT.
Signed-off-by: Jouni Malinen <j@w1.fi>
This PMKID replacement case is not going to prevent connection after a
change in wpa_insert_pmkid() so remove it.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the wpa_auth_get_seqnum() function might not always be
visible in the backtrace since the compiler may optimize that wrapper
away. Use the i802_get_seqnum() function instead as a trigger for the
get_seqnum operation failure trigger to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This test case was failing if wlantest was able to decrypt the CCMP
protected frames. Fix the tshark filter string to include only the
actually encrypted frames for PN comparison.
Signed-off-by: Jouni Malinen <j@w1.fi>
The AP side may not have had enough time to configure the new TK into
the driver if the connectivity test is started immediately after the
station side event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When going through 4-way handshake, the station side reports
CTRL-EVENT-CONNECTED after having sent out EAPOL-Key msg 4/4. The AP
side reports AP-STA-CONNECT after having completed processing of this
frame. Especially when using UML with time travel, it is possible for
the connectivity test to be started before the AP side has configured
the pairwise TK if the test is triggered based on CTRL-EVENT-CONNECTED
instead of AP-STA-CONNECT.
Add explicit wait for AP-STA-CONNECT in some of these cases to reduce
likelihood of reporting failures for test cases that are actually
behaving as expected. This shows up with "dev1->dev2 unicast data
delivery failed" in the test log.
Do the same before requesting reauthentication from the station side
since that has a similar issue with the EAPOL-Start frame getting
encrypted before the AP is ready for it.
Signed-off-by: Jouni Malinen <j@w1.fi>
No need to duplicate this functionality when all the ap_ft_pmf_*_over_ds
test cases are doing practically the same thing and the
no-specific-cipher-configuration case can be addressed easily with the
same helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
The main step of the test case was accidentally removed when adding the
cipher specific versions.
Fixes: ffcaca68d3 ("tests: FT with different BIP algorithms")
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed in cases the hexlify() output is used to concatenate with
a string or used in string comparisons.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
